Enhancement: Proof of Consent Log

[techpressrocks]

Hi!

From the official GDPR site (https://gdpr.eu/cookies/) on "Cookie Compliance":

"To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must: ... Document and store consent received from users."

You have already implemented a debug log. Do you have plans do add a consent log in the future? I've heard of problems by at least one site owner who couldn't properly prove that a user gave cookie consent. According to the GDPR website this is a requirement by the existing ePrivacy Directive (most likely its successor ePrivacy Regulation - EPR - as well).

I really like your plugin so far!

[over-engineer]

Hey, @techpressrocks!

That’s a great feature request — thanks for taking the time to suggest that.

This was implemented in 1.2.0, which was just released on the Plugin Directory 🎉

A short summary of the implementation:

• The plugin creates a custom table ({prefix}_pressidium_cookie_consents) in the WordPress database to store the consent records
• A consent record is inserted into the database when the user consents to cookies. We store the following data:
  • id — a UUID representing this specific consent
  • consent_date — the exact date and time of the consent
  • url — the URL the user was on when they consented
  • geo_location — the country code of the user (this is based on the MM_COUNTRY_CODE, GEOIP_COUNTRY_CODE, HTTP_CF_IPCOUNTRY, and/or HTTP_X_COUNTRY_CODE headers, if any is available)
  • ip_address — the anonymized IPv4 or IPv6 address of the user (this utilizes the wp_privacy_anonymize_ip() WordPress function)
  • user_agent — the User-Agent of the user
  • necessary_consent — whether the user consented to necessary cookies (1 accepted / 0 rejected)
  • analytics_consent — whether the user consented to analytics cookies (1 accepted / 0 rejected)
  • targeting_consent — whether the user consented to targeting cookies (1 accepted / 0 rejected)
  • created_at — the timestamp of the database entry creation
  • updated_at — the timestamp of the databsae entry latest update
• A consent record in the database is updated when the user alters/revokes their consent
• Consents recording can be toggled on and off via the “Record consents” settings under the “General” tab of the plugin settings
• This version adds a “Consent Records” tab, displaying a (paginated) table of the consent records
• There is an “Export CSV” button to export all consent records to a CSV file
• There is a “Clear Records” button to permanently remove all consent records (i.e. truncate the table)
• When the plugin is uninstalled, the custom table gets dropped

Note that the wiki has been updated to include any information related to the “Consent Records” feature. For more information, refer to https://github.com/pressidium/pressidium-cookie-consent/wiki/Configuration#consent-records.

---

From the official GDPR site (https://gdpr.eu/cookies/)

Just a note on that, while GDPR.EU seems like a great resource for GDPR-related topics, it’s not an official EU Commission or Government resource.

GDPR.EU is a website operated by Proton Technologies AG, which is co-funded by Project REP-791727-1 of the Horizon 2020 Framework Programme of the European Union. This is not an official EU Commission or Government resource. The europa.eu webpage concerning GDPR can be found here.

Source: GDPR.EU (emphasis mine)