acceptance rate tracking

[futureweb]

Hey there, currently there is no way to measure acceptance rate with Klaro!

How often is the Consent Dialog ignored? How often declined? How often accepted, ... Some of our Customers requested those Numbers. Some Stats on those Numbers would also help tweak the Layout of the Dialog shown. (make it bigger for less ignorance, ...)

What would be needed to be able to track those Numbers?

• Callback on "Consent Dialog shown"
• Callback on "Accept"
• Callback on "Decline"
• anything else?

Within Callback available:

• x/xx cookies accepted?
• maybe Arr with Cookies accepted / declined?
• anon Fingerprint of the User
• anything else?

What do you think? thx, bye from Austria Andreas

[adewes]

This is on our roadmap, though it might not be part of the open-source / free offering (as it requires a backend infrastructure).

BTW if you use the cookie consent store and have control you can already do this by analyzing the consent data in the cookie from your backend / web server.

[adewes]

Hey @futureweb, we have acceptance rate tracking now (demo: https://kiprotect.com/klaro/demo)! Since it's a feature that requires a backend API it's only available in the hosted version for now (except if you want to build your own backend, which is possible of course).

If you want to try it please sign up for an account at https://app.kiprotect.com/signup?kip-app=klaro. You can use the code unlimited-klaro-community in the "Subscription" step of the setup process, that gives you access to a free community plan which doesn't require payment details. And pssst, please don't tell anyone :wink:

[futureweb]

Hey @adewes , sounds great, can't wait to test it out! ;-) Already signed-up on https://app.kiprotect.com/signup?kip-app=klaro - but didn't get any Mail yet? :-/

Also are the Docs already updated with the Callbacks available? I would like to see if I can manage to integrate the Tracking into our MATOMO Server (JS - Event Tracking), so one would have all Stats, including Acceptance Rate Tracking within one System ... would make Sense to have those Data right next to other Stats of the Page ... Unique Users, Page Impressions, ... ;-)

[adewes]

Hey @futureweb, I just approved your signup! We're still in the testing phase so we onboard people slowly, as the backend functionality is still a bit rough around the edges. This week we'll deploy a better setup wizard, service / cookie scanning and a first service template database to make the configuration easier.

The IDE that's part of the app will be part of the OS version as well btw (in fact it's already in the codebase), just need some time to properly integrate that, as the OS version will store configs locally and ask you to download them instead of persisting them in the backend.

If you have any feedback already, please let me know!

[futureweb]

@adewes - any idea when you get the time to update the Docs with the needed information for Acceptance Rate Tracking with the OS Version? Would really love to try integrate it with out centralized Matomo Instance ... ;-) Would just need to Info what Callbacks are when fired - than I can push those Info into Matomo as Events ... :)

[adewes]

I'll prioritize this @futureweb, lots of things on the release plan right now and only few hands to build them unfortunately.

Btw if you want to support Klaro development us you can do so now by purchasing a license, the statistics are included in all plans, then you won't have to set them up by hand :laughing: We recently changed the pricing to make it more affordable as well, the startup plan is just 19 € / month (https://kiprotect.com/klaro/prices) and includes 5 privacy managers that can include multiple configurations each and which you can deploy on as many domains as you'd like.

If you want to explore the event statistics you can have a look at #59, there I show an example of how to use the new callback functions.

[saitho]

Does the user also have to consent to that tracking? :laughing:

No seriously: does embedding external scripts comply with GDPR? I mean the browser sends a HTTP request to request the resources and sends the IP address, which – theoretically – could be used to track the user across multiple websites. That's why we try to make sure even external resources are only loaded when consent is given. ;)

[adewes]

It's a valid point. We don't set any cookies and don't do any tracking (obviously), we just collect anonymous statistics about the number of times a given privacy manager was requested and how many user granted or declined consent. We're in the process of implementing differential privacy for these statistics, so that they're verifiable anonymous.

We also store consent records in our infrastructure to allow the website owner to prove that consent was given. This is a tricky subject though and after some deliberation (https://kiprotect.com/blog/documenting-user-consent-according-to-gdpr) we decided to also implement a way to store this consent directly on the client (for anonymous users), so that everything can be kept in the visitors' browser. We'll still offer a way to cryptographically sign consent records via our API before storing them, which provides some additional assurance of validity.

From a GDPR perspective we're a data processor that you (the controller) hires to comply with the GDPR, so it's compliant to use our service. By law we are not allowed to collect or process any type of personal data that is not directly required to fulfill our duty as a data processor in the context of the contract we have with you. We also don't set any cookie-based identifiers in the users' browser.

Tracking a user across multiple websites would require cross-site cookies (i.e. for that our API would need to request the users' browser to set a cookie for api.kiprotect.com in the response it receives from the API request). We don't do that and we think it's not compliant (some consent providers use such cookies to provide cross-site consent, but it's a dubious practice), fortunately many browser vendors will strongly restrict this type of cookies in the near future as they are mostly used for (unlawful) tracking.

So you can also self-host Klaro and e.g. implement your own way to download and synchronize the config that you generate in the web UI, using only the server-side functionality that makes sense to you (e.g. scanning, graphical configuration management, audit logging, consent records, ...). This can be better from a performance point of view as well, as no extra TLS negotiation needs to be made.

[astruzh]

Hi! Were can I found the information or example how to collect and save the data in my database hosten together with a website? In Germany I have to log this information: IP, timestamp, consent setup

This is necessary to prove later which IP address has allowed a service.

[adewes]

Hi @astruzh! Currently we only provide the log functionality as a commercial feature. You can use the event hooks to build your own storage solution by capturing events from the consent manager and sending them to a backend. Please not that it's not necessary to store IP addresses in general. You should store consent records in a way that robustly links them to the processing activities that they govern, this does not necessarily imply storing them in a backend (see our blog post for more information about that).