Consent Record Keeping

  • Updated

How is Consent recorded and stored?

When a user visits your website and submits their consent preferences (e.g., agreeing to specific categories or globally), Osano captures that consent. Each consent action or revocation is recorded and stored in Osano’s database. By default, these records are browser-specific, but they can be configured to apply more broadly using Osano’s API.

For legal compliance, all consent data is encrypted and immutable (see security details below). The consent recording process operates asynchronously to ensure it does not impact your website’s performance.

 

Is the Consent Data Secure?

Yes, consent data is secured at multiple levels:

  • Encryption: Consent data is encrypted both in transit and at rest, ensuring that it remains secure as it moves between systems and when stored.
  • De-identification: Osano de-identifies personal data as part of its storage process. Any IP addresses and user identifiers are hashed using a one-way encryption that ensures the data cannot be altered or accessed without the proper decryption key.
  • Data Storage Locations: Osano stores hashed and de-identified consent data in Amazon Web Services (AWS) regions based on the data’s origin:
    • Consent data collected from EU or UK residents is stored within AWS in Dublin, Ireland, and no personal data is transferred to the U.S.
    • U.S. data is stored in AWS (U.S.) regions.

Because the information is hashed, Osano cannot link the consent record to any personal data without the decryption key, which is only available to the end user.

 

Where Can I Find a Summary of the Consent Information?

You can find consent data and trends within the Osano application:

  • Reports Section: To view consent summaries over time or across different locations, navigate to the "Reports" section under "Cookie Consent." You can filter this data and export reports for deeper analysis. These reports can help identify trends in opt-ins, opt-outs, and regional variations.

  • Consent Data: To retrieve consent records from specific individuals or in response to regulatory requests, use the "Consent Data" section within the "Cookie Consent" configuration settings. By default, this page will appear empty until you search for specific consent records using the appropriate decryption key.

 

How Can I Search for or Decrypt Consent Information?

To access specific consent records, a decryption process is required:

  • Decryption Key: Consent data is encrypted and can only be accessed by providing the correct "key." This key is stored in the end user’s browser under the cookie osano_consentmanager_uuid. The value in this cookie can be used to pull up a specific user’s consent record.

  • Searching for Consent Records: In the "Consent Data" section of the Osano application, you can use the key to search for and recall specific consent records. This allows you to access consent data linked to an individual, ensuring compliance with data subject access requests or similar legal obligations.

Cookie Consent - Consent Search - Results.png