Document how Consent is stored for legal usage

Created on 8 October 2024, 3 months ago

Problem/Motivation

GDPR and other local regulation like Quebec Law 25 require that the website store the consent of the user for potential legal reasons. In case a user get served cookies although they consent otherwise. Or in the case where a company received consent but the user complain.

Steps to reproduce

I looked at the interface and "documentation"
Maybe I missed something?

Proposed resolution

We need to clearly describe in documentation how the consent is stored and recommendation on how to store consents.

Feature request
Status

Active

Version

2.0

Component

Documentation

Created by

🇨🇦Canada mastap

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @mastap
  • 🇦🇹Austria hudri Austria

    There is no documentation because this simply does not exist. The module is just a "cookie banner", it only does the technical handling of injecting after consent. It does not document or store which users have given consent or when they have given consent.

    AFAIK this is also not a requirement of the GDPR. This is something you might want to have to protect yourself in case of GDPR lawsuits, but AFAIK formally not a legal requirement of the GDPR (I'm no lawyer tough, so no guarantees here!)

    And IMHO this module should not even do this, because then the module itself stores personalized data again, which opens a whole new can of worms. If you need this level of safety, a commercial CMP might be better suited for your case.

  • 🇨🇦Canada mastap

    Thank you for the clarification, I appreciate your input.

    You’re right that it’s not a formal requirement under GDPR to store consent in every case, but rather a protective measure some organizations take to avoid legal complications.

    My confusion stemmed from the module’s name, “Cookies Consent Management.” I assumed that the “consent management” part of the name implied it would manage, store or log user consent, as managing consent usually involves tracking when and how it’s given. I understand now that this module is primarily focused on the technical handling of cookies, not consent.

    I was also hoping to learn if other plugins within this ecosystem might offer this consent storage functionality, as it would be useful to have a full solution for managing consent without needing to resort to a commercial CMP.

    As a side note, from a legal perspective, storing user consent is indeed part of obtaining the user’s consent—allowing the website to record this consent. When someone sign an contact protecting personnal info, there is a need to keep a safe copy of the contract.

    Thanks again for your insights, and hopefully, this conversation will help others looking for similar functionality.

Production build 0.71.5 2024