Cookies are one of the ways of capturing users’ interactions with the site, but users don’t consent to cookies. The consent users grant or deny refers to the use of data you may or may not capture from the user’s visit.
When it comes to your question: a change of customer consent should result in a change in the data you capture and process, not necessarily the number of cookies your page produces. Other words: visitors decide if you can utilize data from your cookies.
Please visit our Help Center’s Privacy section for more information on how to manage users’ privacy.
Hi, thanks a lot for your reply! However I’m not entirely convinced.
In Belgium we need explicit consent for cookies. Only cookies that are deemed necessary for the visitors (not the siteowner) can be placed without explicit consent.
In a recent case, the Belgian DPA issued a €50.000 fine to a Belgian publisher. In the decision, you can read that the DPA inspector just counted the amount of cookies before accepting, after accepting and after changing the consent. See https://www.autoriteprotectiondonnees.be/publications/decision-quant-au-fond-n-85-2022.pdf (articles 154 - 161)
If you approved cookies in consent manager and as a result several tags were launched e.g. from Google Ads for the purpose of remarketing, Piwik PRO (nor any other tool as this is technical limitation) will not be able to delete them (especially http only and third-party cookies).
For analytics you can also use a full cookieless mode (even if consent is given) and this way you won’t have an issue with users who withdrew their consent as no data will be stored on end users device.
If you use the cookieless mode turned on, then neither cookies nor local storage is used for analytics unless visitor gives consent for it.
If you have consent banner turned on, we will use necessary cookies to store consent decision as otherwise you would see the banner every time you refresh the page. We will not set the visitor cookies nor local storage unless the visitor gives the consent for it.
To illustrate, please see the screenshots with the two settings I am referring to:
1. Analytics only with visitor cookies turned off - no cookies/local storage used:
2. Consent manager turned on, but cookies turned off- cookies/local storage used only to store the consent decision. Cookies will be used for visitor tracking only after consent is given by the visitor.
Are there any upates on simplifiying the deletion of cookies if the consent settings were changed by the visitor? Or is there a guide available on how to implement a cleanup script to delete cookies the visitor changed consent for?