In a short period of time, the Consumentenbond was confronted with more and more cookie and compliance questions.
- “Are cookies placed prior to the consent banner?
- “Are the cookies that belong to a consent type actually set only when this consent type has been given?”
- “What cookies are actually placed on our pages?”
- “What is the lifetime, provider, function and category of these cookies?”
To answer these questions, we helped the Consumentenbond by setting up a structural process in cookie and compliance monitoring1The cookie scanner enables companies to find out what cookies are being used on their website in the first place. And with that, compliancy risks (= are cookies set according to the AVG) can be mapped out.. With the help of our unique and self-developed cookie scanner, the Consumentenbond has regained control of their cookies across all domains of their website.
In August 2020 we started collecting all input for the cookie scanner on all consumer domains. The goal was to have a cookie scanner setup in place before the end of 2020, which would deliver a complete list of cookies with all associated information in an automated way every six months.
Using the available sitemaps2The sitemap can be compared to a legend of the website.url and is mentioned in the sitemap. With this complete list of page addresses, the cookie scanner knows where and which pages to scan. we defined the pages the cookie scanner needed to visit. This way we mapped all subdomains, iframes, customer journey’s and scenarios. Then we implemented and mimicked these in the cookie scanner.
Via the reports generated by the cookie scanner, it was quickly clear to the Consumentenbond which cookies were used for the 8 different consent types31 Do not agree (no YouTube cookies, no advertising cookies, no optimisation cookies)
2. Agree (YouTube cookies, Advertising cookies, Optimisation cookies)
3. YouTube only (yes, YouTube cookies, no Advertising cookies, no Optimisation cookies)
4. Advertising only (no YouTube cookies, yes Advertising cookies, no Optimisation cookies)
5. Optimisation only (no YouTube cookies, no Advertising cookies, but Optimisation cookies)
6. Combination 1 (yes YouTube cookies, yes Advertising cookies, no Optimisation cookies)
7. Combination 2 (YouTube cookies, no Advertising cookies, but Optimalisation cookies)
8. Combination 3 (no YouTube cookies, yes Ad cookies, yes Optimisation cookies. In addition, it provided insight into which cookies were used per (sub)domain and per iframe. All found cookies were supplemented with the following metrics: provider, name, category, domain, path, lifetime and description.
With this complete list of insights, a number of recommendations and follow-up steps were formulated. Examples of this were:
- Talking to certain partners about the cookies they use. This will enable them to set the cookies correctly with regard to consent
- Adjusting the cookie categorisation and load rules4Load rules are actually the triggers when a cookie is being placed. That can be when you visit the homepage, for example, but also when you have completed an order for a product. In other words; according to which rules does a cookie load? of a number of cookies
- Internally searching for a number of unknown very specific cookies
A GDPR compliant future
About the Consumentenbond
The Consumentenbond is the leading consumer organisation in the Netherlands. It is an independent membership organisation with about 400,000 members, who are represented by a member council. Its mission is to build, together with consumers, good functioning, safe and fair markets, where-in consumers can easily find what they are looking for and get what they’re entitled to. Consumers use the Consumentenbond for test results of products, legal advice, comparisons of services and collective initiatives.