EU Cookie Consent Compliance
A document from the European Commission's Information Providers Guide outlining the requirements for a website's Cookie consent compliance from a legal perspective is located here: EU Cookie Legislation. This document also explains which cookies do NOT need to be referenced.
We currently suggest you implement a functionality such as the 2GDPR Cookies Audit Tool or Osano's Cookie Consent Plugin to inform users of the use of Cookie's on your site and thereby comply with current legislation.
Also, please include reference to the following items in the footer of your sites:
- use of products that use tracking such as Google DFP, Google Analytics, etc.
The Google Help Site on Cookie Consent is located here: https://www.cookiechoices.org/
We also recommend linking to the data policies of Facebook and other social media sites active on your site, e.g. Twitter and Pinterest.
General Data Protection Regulation (GDPR) Compliance
The EU General Data Protection Regulation comes into effect on May 25, 2018 and gives users more control over their personal data. User consent is now explicitly required when collecting personal information.
The reform applies to any website across the globe accessible to visitors from the European Union.
The following links provide easy-to-understand explanations of the GDPR as it applies to you as a website owner.
User rights to their personal data
Information that must be provided to users for GDPR compliance
NOTE: The user information gathered on the User-submitted Events Form constitutes personal information. You must change the default text on that form to reflect the GDPR and clearly state that users may contact you at any time and request their data be deleted.
In order to fully delete personal information submitted by users on the User-submitted Events Form, the event that was submitted by that user must also be deleted. We recommend you add that information to the default text.
Please be sure to also adjust the default text for Comments via Admin > Settings > Default Texts for GDPR compliance, since you are collecting the entered names and email-addresses. Readers must be able to contact you and request their comments be deleted at any time!
Google and the GDPR
Since most of our clients rely on Google Analytics and ad serving, we have listed some links to information from Google itself on the GDPR here:
Google privacy protection laws compliance info site
Google EU User Consent Policy (the updated version for GDPR is currently on their staging page)
Cookie Choices (Google Help Site on Cookie Consent, including some comments on GDPR; Cookie consent is NOT the the same as GDPR)
Google also has a new beta tool to assist customers with GDPR compliance for DoubleClick for Publishers (DfP) and AdSense: Google's Funding Choices for User Consent
Specific information for some Google products may be found on these pages:
DfP - Comply with EU user consent policy
AdSense - Comply with EU user consent policy
Accelerated Mobile Pages - Consent Component
Here are some third-party providers who offer GDPR compliant forms to the respective data processing:
MailChimp - Collect Consent with GDPR Forms
UserCentrics Website Consent Management
Osano (formerly Silktide) Consent Manager
ShareThis GPDR Compliance Tool
An extensive list of information and resources on the GDPR is provided by the Ireland Data Commissioner here: GDPR & You - DPC Ireland
The popular newsletter provider MailChimp recently published a helpful overview article regarding the GDPR: MailChimp Blog - About the GDPR.
MailChimp also offers GDPR consent forms: Collect Consent with MailChimp GDPR Forms
As mentioned above for Cookie Consent compliance, we recommend you link to third-party privacy policies for the services you use, such as Google DfP.
Data Collection by Metro Publisher
For system administration and security purpose (e.g. protection from DoS attacks), Metro Publisher temporarily logs the IP addresses of all visitors to our clients' websites. The IP addresses are encrypted and automatically deleted after a predetermined amount of time in accordance with system administration best practice.
IP address collection for system administration purposes is permitted under Article 6. of the GDPR. Metro Publisher does not collect any personal information from visitors to our clients' websites.