CookieHub helps you make your web site GDPR compliant using various methods designed to comply with the requirements related to storage and processing of personal information.

Cookies can contain or refer to personal information

The EU General Data Protection Regulation (GDPR) states in recital 30 that when cookies can be used to identify a person or person's device, it's considered personal data:

Natural persons may be associated with online identifiers [...] such as internet protocol addresses, cookie identifiers or other identifiers [...] This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

This applies to many web services which are used to collect data and analyze user behavior and display targeted ads.

Consent is required

As stated in recital 32, a consent should be given to process any personal data:

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her [...] This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. [...]

How does CookieHub help me meet the requirements?
When the CookieHub cookie consent solution is implemented on your web site, it will seek the user's consent to specified cookie categories.

Inactivity is not consent

The consent should be clear and inactivity is not considered consent meaning that you cannot assume the user agrees to be tracked by using the web site as explained in recital 32:

[...] Silence, pre-ticked boxes or inactivity should not therefore constitute consent. [...]

Recital 42 also supports recital 32 that inactivity is not considered consent:

Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment.

How does CookieHub help me meet the requirements?
CookieHub is by default configured to allow the user to opt-in and won't load any third party tracking services until user has allowed certain categories (when implemented correctly).

Users need to be informed and have options

In recital 32 it's also stated that the user must be able to consent only to certain activities if cookies are used for multiple purposes:

Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

How does CookieHub help me meet the requirements?
CookieHub allows you to customize cookie categories that can be allowed or disallowed on your web site. You can configure which category each third party tracking service falls into and allow your users to take informed decisions.

You must be able to demonstrate the user's consent

Recital 42 states that you must be able to demonstrate the user's consent:

Where processing is based on the data subject's consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation[...]

How does CookieHub help me meet the requirements?
When the Consent Log feature is enabled, user consents are tracked. You can download the consent log which contains unique token that can be matched to the token stored in the users browser to see which cookie categories were allowed.

Cookie declaration is mandatory

Recital 42 also states that a cookie declaration in clear and plain language should be present:

In accordance with Council Directive 93/13/EEC a declaration of consent preformulated by the controller should be provided in an intelligible and easily accessible form, using clear and plain language and it should not contain unfair terms. For consent to be informed, the data subject should be aware at least of the identity of the controller and the purposes of the processing for which the personal data are intended.

How does CookieHub help me meet the requirements?
CookieHub scans your web site for cookies and automatically categorizes each cookie. Users will be able to see a list of cookies in use along with purpose of each cookie before consenting. Additionally, you can provide a link to your cookie policy page where you can provide detailed information about how personal data is handled.

Users must be able to withdraw consent

In article 7, section 3 it's stated that the user must be able to easily withdraw consent at any time:

The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.

How does CookieHub help me meet the requirements?
When CookieHub is implemented to your site, users can always click the settings icon in the lower left or right side of the browser to change cookie settings.