Osano Stance
Due to our interpretation of intrusive browser behavior, when a user revokes affirmative consent, Osano does not retroactively remove previously set cookies from the user's browser.
It is highly recommended that a website should include information in its privacy policy or cookie policy as to how such cookies may be deleted and believes that all other websites should include these instructions in their privacy or cookie policies as a general best practice.
Functional Explanation
Whenever a user revokes consent for a specific class of tracker, the Osano script will intercept future executions (such as cookie sets, script executions, etc.) of that tracker, and will block or allow such executions based on the user's previously given consent settings. However, the Osano script does not retroactively remove cookies that were set prior to the revocation, even if those cookies would no longer be permissible under the user's current consent status.
Osano’s JavaScript operates within the browser's given execution context (e.g., tab, iframe, etc.), and as such, its ability to manage cookies is limited to those within its scope. For instance, cookies set by iframes or via HTTP headers (also known as server cookies) may be outside of the Osano script's control. An example of this would be cookies set by a YouTube iframe under the “.youtube.com” domain, which would not be accessible to the Osano script.
Once a user sets their consent preferences, Osano’s JavaScript will block any 3rd party JavaScript code that has been categorized as “not consented to” from executing. This means that, while cookies previously set by such scripts may still exist on the user’s browser, they will no longer be accessible or usable by any blocked script. Essentially, even though the cookie is present in the browser, it cannot facilitate communication with the vendor's servers without the associated JavaScript being executed.
It is important to note that although cookies store data on the client’s browser and can be sent to the server with every request, JavaScript or another client-side script is required to read or write cookie data and to initiate active communication with the server. If the associated JavaScript is blocked, these operations cannot occur.
Nevertheless, cookies may still be transmitted to the server in the HTTP request header, as this is a standard browser behavior. This only happens when the browser requests a resource from the domain that set the cookie. However, without the execution of the relevant JavaScript, no additional data processing or collection can be initiated by the blocked script.
In summary, while the mere presence of a cookie in the browser allows for passive transmission during resource requests, active data interactions with the vendor’s servers require the execution of JavaScript. Blocking the script effectively prevents any further dynamic interaction that the script would otherwise have facilitated.
Related to