Sitecore compliance with GDPR- Part III

In  my previous blogs about General Data Protection Regulation (EU GDPR) –  Sitecore compliance with GDPR- Part III – I wrote about compliance at large. Then in Sitecore compliance with GDPR- Part II  a closer look how should be done in Sitecore. This time, I would like to go a little bit deeper – prevent Sitecore from tracking visitor action in session.

Sitecore uses SC_ANALYTICS_GLOBAL_COOKIE cookie for tracking anonymous users. Base on GDRP guidelines, this should be not be assumed consent.

The solution I am proposing is to:

  1. Show to visitor a popup with cookies consent (with different level of acceptance)
  2. Write a cookie with visitors’ choice related to Sitecore Analytics tracking (if possible base on his answer)
  3. Prevent Initialization of Sitecore Tracker (he is responsible for creating the SC_ANALYTICS_GLOBAL_COOKIE cookie)

How to achieve that ?

  1. Create a consent popup that will create a cookie with right value , if visitor allow Sitecore  Analytics tracking
  2. Modify startAnalytics pipeline by adding a custom processor

Modified StartAnalytcis pipeline

public class AbortStartAnalyticsPipeline
{
public virtual void Process(PipelineArgs args)
{
  Assert.ArgumentNotNull((object)args, "args");
  if(IsVisitorConsentCookieExist())
  {
    //do nothing, automatically analytics cookie is generated
    Sitecore.Diagnostics.Log.Audit("Visitor consented", this);
  }
  else
  {
    args.AbortPipeline();
    Sitecore.Diagnostics.Log.Audit(" Aborted Analytics", this);
    DeleteAnalyticsCookie();
  }

}

public bool IsVisitorConsentCookieExist()
{
//your implementation
}

private void DeleteAnalyticsCookie()
{

   HttpCookie analyticsCookie =       HttpContext.Current.Request.Cookies["SC_ANALYTICS_GLOBAL_COOKIE"];
  if (analyticsCookie != null && !string.IsNullOrEmpty(analyticsCookie.Value))
  {
      HttpContext.Current.Response.Cookies.Remove("SC_ANALYTICS_GLOBAL_COOKIE");
      analyticsCookie.Expires = DateTime.Now.AddDays(-10);
      analyticsCookie.Value = null;
      HttpContext.Current.Response.SetCookie(analyticsCookie);
  }
 }
}

 

 

The price for that ? We can not access any information that we usually getting from the tracker like geolocalisation, but is it the whole point to not being tracked ?

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s