We are all familiar with the dialogs for "cookie settings" that you encounter everywhere on the web and which are usually the very first point of contact between the provider and user of a website. But it's not just about the cookies that are stored in your browser. The topic has a much broader scope in terms of data protection: the bigger issue is called consent management.
What is often annoying for users in practice, however, has an important purpose: the General Data Protection Regulation (GDPR) is about nothing less than preserving the privacy of users. According to the GDPR, anyone operating a website must take measures to ensure that personal data may only be collected, processed or even passed on to third parties with the express consent of the user.
A typical consent management dialog: visitors to a website can use it to agree or decline the use of certain services and the processing of personal data.
Since personal data also includes the IP addresses of users, strictly speaking no external resources (images, video, fonts, functional libraries, etc.) may be loaded from other servers by a website - unless the user has given their consent. This is because simply loading an external file results in the transfer of the user's IP address (i.e. personal data) to third parties.
Obligations according to GDPR
As a website provider, you must:
- explain in your privacy policy which external services you want to use (Google Analytics, YouTube,...) and how they collect and process which user data
- provide a statement on the use of cookies: which cookies are set and how long are they valid?
- provide a cookie / consent management dialog
- obtain consent for the use of external services and cookies
- provide a simple and accessible opt-out option
Just informing users that cookies are used when using your website is not enough! Users of your website must actively agree (opt-in) so that you and any external services may store and process personal data.
Solutions for your consent management
In order to integrate analytics, videos etc. on your website in compliance with GDPR, we can implement the following solutions for you:
- a lightweight combination of consent management dialog and a tag manager - such as the Consent Management Dialog with us (Tojio // Digital Agency)
- the successive collection of consent when using certain services [more on this shortly]
- a deep integration with Drupal modules, that store and process personal data [more on this shortly]