• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

GDPR: Log cookie consent?

Joined
Jun 4, 2018
Messages
2 (0.10/day)
Likes
0
#1
Hello, I'm in doubt about the GDPR requirement to log cookie consent.

Given a normal webpage (no login) how to keep track who consents with cookies and who withdraws it? I believe you will only have the IP to log? But in turn, the IP is personal data... how should this be done?

Thanks!

ShadowHunter
 
Joined
Nov 20, 2013
Messages
2,801 (1.67/day)
Likes
2,871
Location
Kiev, Ukraine
System Name Evil Midget
Processor i3-6100
Motherboard MSI B150I PRO AC
Cooling Noctua NH-L9i
Memory 2x8GB Kinkston HyperX DDR4-2133 CL14
Video Card(s) ASUS GTX950 MINI
Storage Samsung XP941, Sandisk X400 512GB
Display(s) Samsung U24E590D (4K/UHD)
Case LianLi Q11B
Audio Device(s) Int.
Power Supply SeaSonic 450W 80+ GOLD
Mouse Logitech G5
Keyboard Zalman K500 modded
Software Windows 10
Benchmark Scores Can fit into a backpack =)
#2
You simply store it client-side in cookies.
Looks like this:
gdpr.PNG
 
Joined
Jun 4, 2018
Messages
2 (0.10/day)
Likes
0
#3
Hi silentbogo,

Thanks for your feedback.

When it is stored client side how can you proof that consent was given when a dispute is made? My understanding is that you are required to log it yourself? Or do I misunderstand this requirement?

Cheers,

ShadowHunter
 
Joined
Nov 20, 2013
Messages
2,801 (1.67/day)
Likes
2,871
Location
Kiev, Ukraine
System Name Evil Midget
Processor i3-6100
Motherboard MSI B150I PRO AC
Cooling Noctua NH-L9i
Memory 2x8GB Kinkston HyperX DDR4-2133 CL14
Video Card(s) ASUS GTX950 MINI
Storage Samsung XP941, Sandisk X400 512GB
Display(s) Samsung U24E590D (4K/UHD)
Case LianLi Q11B
Audio Device(s) Int.
Power Supply SeaSonic 450W 80+ GOLD
Mouse Logitech G5
Keyboard Zalman K500 modded
Software Windows 10
Benchmark Scores Can fit into a backpack =)
#4
When it is stored client side how can you proof that consent was given when a dispute is made? My understanding is that you are required to log it yourself? Or do I misunderstand this requirement?
It's basically up to the website owner to figure out how to log this. Here on TPU we have an identifier in cookies and most likely on servers, some sites only store a date of consent while the rest is logged server-side.

EU GDPR has no clear guidelines. Basically all they say is "you need to minimize the amount of sensitive info stored server-side and you need to let your users know that you are using cookies and that some of their info is stored on servers". They only say "what", but not "how" so in my opinion it's a total mess and it's absolutely pointless.

For more info you might wanna visit this website:
https://gdpr-info.eu/
All they have to say about consent logging is in Chapter 2 Article 7 (stupid to the point of laughable).
 
Joined
Dec 6, 2016
Messages
529 (0.94/day)
Likes
585
#5
Hello, I'm in doubt about the GDPR requirement to log cookie consent.

Given a normal webpage (no login) how to keep track who consents with cookies and who withdraws it? I believe you will only have the IP to log? But in turn, the IP is personal data... how should this be done?

Thanks!

ShadowHunter

You can use the same anonymization method that Google Analytics uses:

When a customer of Analytics requests IP address anonymization, Analytics anonymizes the address as soon as technically feasible at the earliest possible stage of the collection network. The IP anonymization feature in Analytics sets the last octet of IPv4 user IP addresses and the last 80 bits of IPv6 addresses to zeros in memory shortly after being sent to the Analytics Collection Network. The full IP address is never written to disk in this case.
Don't forget to include a timestamp of consent.
 
Top