Deleting cookies after user changes consent

Consider this: a user enters my site and approves all cookies. A few moments later he changes his mind and changes his selection. He now approves only the most basic cookies.

Will Piwik Pro delete the first set of cookies? When I test this out on my site, the total number of cookies does not drop.

Thanks

HI @katanka
Cookies are one of the ways of capturing users’ interactions with the site, but users don’t consent to cookies. The consent users grant or deny refers to the use of data you may or may not capture from the user’s visit.
When it comes to your question: a change of customer consent should result in a change in the data you capture and process, not necessarily the number of cookies your page produces. Other words: visitors decide if you can utilize data from your cookies.
Please visit our Help Center’s Privacy section for more information on how to manage users’ privacy.
Tymek

Hi, thanks a lot for your reply! However I’m not entirely convinced.
In Belgium we need explicit consent for cookies. Only cookies that are deemed necessary for the visitors (not the siteowner) can be placed without explicit consent.
In a recent case, the Belgian DPA issued a €50.000 fine to a Belgian publisher. In the decision, you can read that the DPA inspector just counted the amount of cookies before accepting, after accepting and after changing the consent. See https://www.autoriteprotectiondonnees.be/publications/decision-quant-au-fond-n-85-2022.pdf (articles 154 - 161)
Best regards.

HI @katanka ,
Thanks for the background. Let me consult to be sure of the answer you need. I’ll get back to you when I have the full picture.
Tymek

If you approved cookies in consent manager and as a result several tags were launched e.g. from Google Ads for the purpose of remarketing, Piwik PRO (nor any other tool as this is technical limitation) will not be able to delete them (especially http only and third-party cookies).

You can set a tag that will run and check the consents given (and if withdrawn) delete certain cookies that can be accessed from JavaScript (but you won’t be able to deal with http only and third party cookies this way). We will submit a feature request to our product team to see if this can be a bit simplified for the end users.

For analytics you can also use a full cookieless mode (even if consent is given) and this way you won’t have an issue with users who withdrew their consent as no data will be stored on end users device.