EU Cookie Consent & GDPR Compliance

Follow

EU Cookie Consent Compliance

A document from the European Commission's Information Providers Guide outlining the requirements for a website's Cookie consent compliance from a legal perspective is located here: EU Cookie Legislation. This document also explains which cookies do NOT need to be referenced.

We currently suggest you implement a functionality such as Silktide's Cookie Consent Plugin to inform users of the use of Cookie's on your site and thereby comply with current legislation.

Also, please include reference to the following items in the footer of your sites:

  1. use of Cookies throughout the site
  2. your Privacy Policy
  3. use of products that use tracking such as Google DFP, Google Analytics, etc.

The Google Help Site on Cookie Consent is located here: https://www.cookiechoices.org/

We also recommend linking to the data policies of Facebook and other social media sites active on your site, e.g. Twitter and Pinterest.

 

General Data Protection Regulation (GDPR) Compliance

The EU General Data Protection Regulation comes into effect on May 25, 2018 and gives users more control over their personal data. User consent is now explicitly required when collecting personal information.

The reform applies to any website across the globe accessible to visitors from the European Union.

This means that you will need to adjust your privacy policy and your contracts with advertising partners, analytics services, and any other third-party services collecting data (e.g. newsletter sign-up forms) to ensure the data collection complies with the new standards.

The following links provide easy-to-understand explanations of the GDPR as it applies to you as a website owner.

What is personal data

User rights to their personal data

Information that must be provided to users for GDPR compliance

 

 NOTE: The user information gathered on the User-submitted Events Form constitutes personal information. You must change the default text on that form to reflect the GDPR and clearly state that users may contact you at any time and request their data be deleted.

In order to fully delete personal information submitted by users on the User-submitted Events Form, the event that was submitted by that user must also be deleted. We recommend you add that information to the default text.

Please be sure to also adjust the default text for Comments via Admin > Settings > Default Texts for GDPR compliance, since you are collecting the entered names and email-addresses. Readers must be able to contact you and request their comments be deleted at any time!

 

Google and the GDPR

Since most of our clients rely on Google Analytics and ad serving, we have listed some links to information from Google itself on the GDPR here:

Google privacy protection laws compliance info site

Google EU User Consent Policy (the updated version for GDPR is currently on their staging page)

Cookie Choices (Google Help Site on Cookie Consent, including some comments on GDPR; Cookie consent is NOT the the same as GDPR)

Google also has a new beta tool to assist customers with GDPR compliance for DoubleClick for Publishers (DfP) and AdSense: Google's Funding Choices for User Consent

Specific information for some Google products may be found on these pages:

DfP - Comply with EU user consent policy

AdSense - Comply with EU user consent policy

Accelerated Mobile Pages - Consent Component

Tips

An extensive list of information and resources on the GDPR is provided by the Ireland Data Commissioner here: GDPR & You - DPC Ireland

The popular newsletter provider MailChimp recently published a helpful overview article regarding the GDPR: MailChimp Blog - About the GDPR.

MailChimp also offers GDPR consent forms: Collect Consent with MailChimp GDPR Forms

As mentioned above for Cookie Consent compliance, we recommend you link to third-party privacy policies for the services you use, such as Google DfP.

Google's privacy policy may be found here, for example: Google Privacy & Terms for Advertising

 

Data Collection by Metro Publisher

For system administration and security purpose (e.g. protection from DoS attacks), Metro Publisher temporarily logs the IP addresses of all visitors to our clients' websites. The IP addresses are encrypted and automatically deleted after a predetermined amount of time in accordance with system administration best practice.

IP address collection for system administration purposes is permitted under Article 6. of the GDPR. Metro Publisher does not collect any personal information from visitors to our clients' websites.

 

Sample Privacy Policy

We have attached a sample of a GDPR compliant privacy policy that you may edit and use on your site to this article. This copyright-free document is kindly provided by this source.

Have more questions? Submit a request

Comments

Powered by Zendesk