Cookie Consent & GDPR Compliance Support

5 Minute read

Reading Time: 5 minute

Note: This is an Early Access feature. If you are interested in gaining access to the feature, please reach out to your CSM. Additionally, to fully leverage this feature, you will need access to the Ceros SDK.

As a Ceros user, you may be wondering if the content you are creating in the platform is GDPR compliant. Or, you may be wondering, what even is GDPR Compliance? In this article, we’ll take a look at how GDPR Compliance and Cookie Consent are defined, and how this relates to the content you’re creating in Ceros.

First things first: What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law that centers around data protection and privacy in the European Union and the European Economic Area. It is the toughest privacy and security law in the world. While the legislation was drafted and passed by the EU, its obligations apply to organizations anywhere, so long as they target or collect data related to people in the EU. It also addresses the transfer of personal data outside the EU and European Economic Area (EEA). 

GDPR requires businesses operating in the European Union (EU) to give consumers control and choice over the personal data that is collected and used, and in most cases, must ask for their explicit consent before data collection happens.

Source: GDPR.EU. Note: this is not an official EU Commission or Government resource.

Cookie Compliance

To be GDPR compliant, websites must adhere to specific rules regarding certain types of cookies and how they are stored. They must also allow users to decline or consent to websites storing cookies that are used to track them (for analytics, advertising, and other purposes). Cookies are an important tool that can give businesses a great deal of insight into their users’ online activity.

In order to comply with the regulations governing cookies under GDPR, websites must:

  1. Receive users’ consent before you use any cookies except strictly necessary cookies.
  2. Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
  3. Document and store consent received from users.
  4. Allow users to access your service even if they refuse to allow the use of certain cookies
  5. Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

How does this affect my Ceros experiences?

By default, Ceros Experiences are not GDPR compliant, because they include analytics tracking cookies without asking the user for consent. However, you may enable a feature on individual experiences that will disable these cookies when a user opens the experience (more on this below). From there, you will be able to implement your own banner and use our SDK, which will give the user the ability to accept or decline the analytics tracking cookies.

If the “Require User Consent” option is enabled, all analytics will still be collected, but the IP address will be anonymized so that it does not included the last octet of the IP address.

What data is still collected, but anonymized?

For Ceros Analytics, the only Personal Identifiable Information (PII) we collect is the user’s IP address. This allows some geolocation information to be gathered, without potentially identifying the user. Additionally, any user who has opted out of tracking cookies will appear as a unique user on every visit. This is all that is required in order to meet basic requirements for compliance. 

For Google Analytics, we will use consent mode when the “Require User Consent” option is enabled. This will set the “analytics_storage” option to “denied”. You can read more on how consent mode works here. We also set “anonimize_ip” to “true”, which you can read more about here.  

Enabling GDPR Cookie Compliance for a Ceros Experience

Once your CSM has activated Cookie Compliance for your account, you will have the ability to apply Cookie Compliance settings at an experience level. 

Once enabled, you’ll see a Cookie Compliance tab in your Settings panel. Here, you’ll have the ability to check “Require User Consent”. This setting disables analytics cookies and ensures that some analytics data will not be tracked until user consent is granted.

With the “Require User Consent” setting enabled, Ceros Analytics and Google Analytics (if you use it) will still collect some anonymized statistics, but any information that would personally identify a user will not be collected. Additionally, users will not be tracked across visits, and will appear as a unique visitor every time.

Compliance settings work in both standalone and embedded Ceros experiences. If you’re using a third party Consent Management Platform, read on to the CMP section for more information. 

Using a Consent Management Platform (CMP)

Consent Management Platforms (CMPs) are necessary to build compliant cookie consent banners on your website. 

These platforms are a gateway to a business’s website or native app. This means they are typically the first experience that visitors will have with your business. CMPs store proof-of-consent and preference choices, handle visitors who request to alter data the website collects, and can provide additional transparency into a site’s data collection and usage practices.

By following the below instructions, you’ll connect your CMP with Ceros and ensure that the code is placed first in the head of the experience, which will ensure that Analytics comes after the CMP code. 

How to set up your CMP in Ceros:

  1. Login to Ceros and open the experience you’d like to make compliant 
  2. In your Settings panel, click on the Cookie Compliance tab
  3. Check the “Require User Consent” checkbox
  4. Check the “Integrate with a CMP” checkbox
  5. Once the text field appears, enter the Custom CMP HTML code. This code should be provided to you by your CMP, it is the same code that allows you to add your CMP to any other webpage.
  6. This code block will be added to the HTML source code of your Ceros experience at the top of the <head> tag. 

Note: Ceros is not responsible for custom scripting or coding (JavaScript, HTML, etc) that affects the availability or functionality of your Ceros experience as outlined in the Ceros SLA.

You will also need to add code that will use our SDK to control the analytics cookies when a user makes a selection using your CMP. You may need a Javascript developer to implement this code for you.

Here is some example code when using the SDK with the OneTrust CMP. Other CMP implementations will be different. In this example, the OneTrust-specific code is the OptanonWrapper function; the applyConsent function can be used with any CMP to apply the user’s consent selection. This code should come after any code provided by your CMP.

<script>
function applyConsent(hasConsent) {
 // If require isn't available, try again in a moment.
 // This can happen when this code is included before the Require.js script.
 if (typeof require === 'undefined') {
   return setTimeout(function() {
     applyConsent(hasConsent);
   }, 10);
 }

 // Configure Require.js to require the SDK
 require.config({
   paths: {
     CerosSDK: "//sdk.ceros.com/standalone-player-sdk-v5.min"
   }
 });

 // Use the SDK to find the experience and set the user consent selection.
 require(['CerosSDK'], function(CerosSDK) {
   CerosSDK.findExperience().done(function(experience) {
     // Apply the consent selection to the experience.
     experience.setUserConsentForAnalytics(hasConsent);
   });
 });
}

// Run it once to kick off the SDK loading
applyConsent(false);

/**
* OneTrust-specific code
* Function that runs any time there is a change to consent via OneTrust
*/
function OptanonWrapper() {
 var hasConsent = OnetrustActiveGroups.indexOf('C0004') !== -1;
 applyConsent(hasConsent);
}
</script>

There are many ways to implement cookie consent and use our SDK to manage the consent of your users. You can find more information about various use cases here:


Was this helpful?

You already voted!
2 out of 3 people found this helpful