EU Cookie Consent & GDPR Compliance

Avatar
Metro Publisher Support Squad
Follow
NOTE: The main bits of information for you to extract from this help articles would be that you

a) need to choose a Cookie consent popup provider or something like MailChimp's GDPR compliance forms and embed the code you receive in your HTML Header, and

b) that it makes sense to link to the privacy policies of third party services such as those Google and Facebook etc. offer, depending on the integrations you use or additional third party code you manually embedded on your site. Here is Google's help article explaining that, for example: Google User Consent Policy Help

 

Regardless of target audience, domain registrar location, and hosting services, websites are accessible from anywhere on the globe by fundamental design of the world wide web. This means that unless you restrict viewing from specific countries, you might be infringing on data privacy laws if you collect personal information from those viewers.

Therefore, it is important that you provide a cookie consent option that appears whenever readers land on one of your pages. You need to find a cookie consent popup provider from a third party provider and embed it on your site.

 

NOTE: In Metro Publisher, there is a field specifically for compliance code to ensure that these scripts load before any other scripts on your site. You will find it under Settings > General when logged in as Admin. Paste the script into the field space labeled line 1. For general information on how to embed 3rd party scripts (widgets) and other code on your site, please visit this document: Embedding 3rd Party JavaScript or HTML.

metro-publisher-data-protection-compliance-script.png

 

EU Cookie Consent Compliance

A document from the European Commission's Information Providers Guide outlining the requirements for a website's Cookie consent compliance from a legal perspective is located here: EU Cookie Legislation. This document also explains which cookies do NOT need to be referenced.

Here are some third-party providers offering GDPR compliant consent forms:

2GDPR Cookies Audit Tool

MailChimp - Collect Consent with GDPR Forms

UserCentrics Website Consent Management

CookieBot by UserCentrics *

* CookieBot has an autoblocking mode, which will prevent all images on your site from loading if readers deny the cookies. Please make sure you select "manual" for the data-blockingmode attribute. So instead of this: data-blockingmode="auto", the code you get should have this: data-blockingmode="manual".

The final script will then look like this, with your specific ID number in the data-cbid part:

<script 
      id="Cookiebot"
      src="https://consent.cookiebot.com/uc.js"
      data-cbid="00000000-0000-0000-0000-000000000000"
      type="text/javascript"
      data-blockingmode="manual"
    ></script>

Osano (formerly Silktide) Consent Manager

ShareThis GPDR Compliance Tool

Admiral CMP

We strongly suggest you implement such a functionality particularly to inform users of the use of Cookie's on your site and thereby comply with current legislation.

 

NOTE: Google has introduced its own new rules. Please visit this document for more information: New Google consent management requirements for serving ads in the EEA and UK (for publishers). Google's list of "Google Approved CMPs" is located here.

 

Also, please include reference to the following items in the footer of your sites:

  1. use of Cookies throughout the site
  2. your Privacy Policy
  3. use of products that use tracking such as Google DFP, Google Analytics, etc.

The Google Help Site on Cookie Consent is located here: https://www.cookiechoices.org/

We also recommend linking to the data policies of Facebook and other social media sites active on your site, e.g. Twitter and Pinterest.

 

General Data Protection Regulation (GDPR) Compliance

The EU General Data Protection Regulation comes into effect on May 25, 2018 and gives users more control over their personal data. User consent is now explicitly required when collecting personal information.

The reform applies to any website across the globe accessible to visitors from the European Union.

This means that you will need to adjust your privacy policy and your contracts with advertising partners, analytics services, and any other third-party services collecting data (e.g. newsletter sign-up forms) to ensure the data collection complies with the new standards.

The following links provide easy-to-understand explanations of the GDPR as it applies to you as a website owner.

What is personal data

User rights to their personal data

Information that must be provided to users for GDPR compliance

 

 NOTE: The user information gathered on the User-submitted Events Form constitutes personal information. You must change the default text on that form to reflect the GDPR and clearly state that users may contact you at any time and request their data be deleted.

In order to fully delete personal information submitted by users on the User-submitted Events Form, the event that was submitted by that user must also be deleted. We recommend you add that information to the default text.

Please be sure to also adjust the default text for Comments via Admin > Settings > Default Texts for GDPR compliance, since you are collecting the entered names and email-addresses. Readers must be able to contact you and request their comments be deleted at any time!

 

Google and the GDPR

Since most of our clients rely on Google Analytics and ad serving, we have listed some links to information from Google itself on the GDPR here:

Google privacy protection laws compliance info site

Google EU User Consent Policy (the updated version for GDPR is currently on their staging page)

Cookie Choices (Google Help Site on Cookie Consent, including some comments on GDPR; Cookie consent is NOT the the same as GDPR)

Google also has a new beta tool to assist customers with GDPR compliance for DoubleClick for Publishers (DfP) and AdSense: Google's Funding Choices for User Consent

Specific information for some Google products may be found on these pages:

Google Ad Manager - Comply with EU user consent policy

AdSense - Comply with EU user consent policy

Accelerated Mobile Pages - Consent Component

 

Tips

An extensive list of information and resources on the GDPR is provided by the Ireland Data Commissioner here: GDPR & You - DPC Ireland

The popular newsletter provider MailChimp published a helpful overview article regarding the GDPR: MailChimp Blog - About the GDPR.

MailChimp also offers GDPR consent forms: Collect Consent with MailChimp GDPR Forms

As mentioned above for Cookie Consent compliance, we recommend you link to third-party privacy policies for the services you use, such as Google DfP.

Google's privacy policy may be found here, for example: Google Privacy & Terms for Advertising

 

Data Collection by Metro Publisher

For system administration and security purpose (e.g. protection from DoS attacks), Metro Publisher temporarily logs the IP addresses of all visitors to our clients' websites. The IP addresses are automatically deleted after a predetermined amount of time in accordance with system administration best practice.

IP address collection for system administration purposes is permitted under Article 6. of the GDPR. Metro Publisher does not collect any personal information from visitors to our clients' websites.

Have more questions? Submit a request

Comments

Powered by Zendesk