CookieYes‘ consent logging helps you to keep track of users’ consent and record them. You can use this feature if your data protection authority or the users ask you to demonstrate cookie consent for your website. In this article, we will discuss the user information CookieYes’ cookie consent log stores and how you can use it as proof of consent.
Do I need cookie consent?
For non-necessary cookies, your website must first inform the users about it and gain the user consent to store them on their devices.
What does the law say about logging and demonstrating consent?
Article 7(1) of the General Data Protection Regulation (GDPR) states that:
Where the processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to the processing of his or her personal data.
If a website processes the personal data of the EU users, it must be able to show that these people have consented to it. In the case of cookies, the website must keep records to prove that its users have given their consent to store the cookies on their devices.
The EDPB guidelines on consent explain in detail how controllers can maintain the record to demonstrate consent:
Controllers are free to develop methods to comply with this provision in a way that is fitting in their daily operations. At the same time, the duty to demonstrate that valid consent has been obtained by a controller, should not in itself lead to excessive amounts of additional data processing.
That means a website can develop its own ways to keep a record of consent obtained. However, it cannot collect more user data than necessary to keep such a record of consent.
It does not propose a standard mechanism to demonstrate consent. However, it suggests that:
For instance, the controller may keep a record of consent statements received, so he can show how consent was obtained, when consent was obtained and the information provided to the data subject at the time shall be demonstrable.
That is, a website can record the consent statements (status) of the users, how and when it obtained the consent, and what information did it provide to the users at the time of asking for consent. These details will help a website to show that they have obtained informed consent and their consent workflow meets the criteria for valid consent.
The UK’s independent data protection authority, Information Commissioner’s Officer (ICO), proposes the following details to keep a record of consent:
- Who consented: name or other identifiers (e.g. IP address, session ID)
- When they consented: time and date of receiving the consent
- What they were told at the time: information provided or category for which the users gave their consent
- How they consented: record or timestamp of how the users registered their consent
- Whether they have withdrawn consent: and when
How can CookieYes help me to log and demonstrate cookie consent?
CookieYes has always strived to give its customers the best and most reliable cookie management service. Our cookie consent solution ensures that your website follows the required practice for cookie compliance with privacy laws like the GDPR, ePrivacy Directive, and CCPA. That is why we keep including features that align with the requirements of these privacy laws. CookieYes’ consent logging feature is an example of that.
Using CookieYes, you can keep a log of the user consent registered via CookieYes cookie consent notice or banner. When enabled, it records the users’ IP address (in anonymized form), country, consent status (with what cookie category they consented to), and time and date of consent.
To enable the consent log, go to Site Settings in CookieYes settings.
When you check the CookieYes dashboard or the Consent Log section, you will see that CookieYes starts to log the user consent as your website receives them.
You can download the cookie consent log in CSV format to demonstrate proof of consent. Click Export as CSV to download the consent log.
On the dashboard, you will see the Recent Logs and a pie chart that displays the Consent Ratio for a quick analysis.
What user information does CookieYes collect and store in the consent log?
When a user records their consent via a website that uses the CookieYes cookie consent banner, CookieYes uses a cookie named cookieyesID on your website. This cookie identifies the unique visitors related to the cookie consent. It is a necessary type of cookie that does not track or store the personal data of the users.
CookieYes stores the following user information in the consent log:
- The anonymized IP address of the users who visit your website and interact with the cookie consent banner. It is not possible to identify a person using an anonymized IP address.
- The country of the user.
- The consent status of the user — “accepted,” “rejected,” or “partially accepted”. It includes details about what category of cookies the user gave their consent to load.
- The time and date when your website received the consent.
CookieYes stores all this information under a unique consent ID assigned to the user.
When you download the consent log, you will see that there is a column for consent ID. Against that, all the details mentioned above are recorded as shown.
Does CookieYes store personally identifiable information in the consent log?
No. As you can see, the IP addresses are masked and cannot be used to identify a person. As already mentioned, CookieYes stores the users’ consent details under a consent ID. This consent ID is unique to each user until they clear or remove cookieyesID. Then, it will generate a different value or consent ID for them the next time they visit your website. Unless the users share their ID, you can’t identify them from the log.
How can I use the CookieYes consent log to demonstrate cookie consent?
If the data protection authority asks for proof of consent, you can easily demonstrate it using the CookieYes consent log. In case they ask for proof of consent of a specific user, you can ask the user for the consent ID.
If they use Google Chrome, they can find out their ID from the developer console of the browser. They have to right-click your website and click Inspect (or press Ctrl + Shift + I). It will open the console. Go to Application and select your website URL from the Cookies drop-down list on the left sidebar. You will see the list of cookies that your website uses. From there, search for “cookieyesID.” You will see the details of the cookies. The “value” of cookieyesID is the consent ID of the user.
For Mozilla Firefox and Safari, the users need to follow the same steps. The only difference is instead of Application on the console they must select Storage.
You can ask your users to share this ID, using which you can identify and demonstrate their consent.
What happens when the users change their consent?
When the users change their consent, another log of them under the same ID assigned earlier will be created. This helps you to identify their different consent statuses. If they remove or clear cookieyesID from their browsers, the next time they visit your website, they will get a new ID.
Sign up for free and make your website cookie compliant.
If you have any queries or need assistance from us, please feel free to contact our support. We will be happy to guide you through it.