Where to Store Proofs of Tracking Consents – Locally or in The Cloud?
One of the major new features in the upcoming WP Full Picture 9.0 is the option to store proofs of tracking consents in the WordPress database. This will be an alternative to our cloud service, ConsentsDB.
Which option will be better for you? Let’s take a look!
What’s the same and what’s different?
First, what remains the same? Whether you save consent data locally or in the cloud, they’ll contain:
- consent information (what the user consented to. consent ID, date, time, timezone)
- privacy-related settings of the tracking tools installed at the time of consent
- copy of the privacy policy
- copy of the texts in the consent banner
Now, let’s dive into the key differences:
- Cloud storage offers stronger legal trust. Unlike consents stored in the cloud, consents stored locally, can be easily modified by the website owner. As a result, proving that they were not tampered with, requires extra effort (more on this below).
- Local storage may require extra documentation. If you keep consents locally, you may be required to show additional documentation during audits. Depending on your local laws, these may be e.g. security policies, data access logs and/or incident response plans.
- Cloud storage offers consents statistics – ConsentsDB gives you easy access to consent statistics. This will not be available with local consents.
Points 2 and 3 are self-explanatory, so let’s tackle the first of these points.
How WP Full Picture makes local consents hard to modify
It does not – it is impossible to prevent website owner to modify consents. Instead…
WP Full Picture makes it really difficult for website owners to prove that modified consents are genuine.
WP Full Picture uses two techniques to ensure that proofs are authentic:
- Chained fingerprints
- Email Backups
Chained fingerprints
Every consent is linked to the previous one with a unique “fingerprint.” If someone modifies consent data, they’d have to regenerate the fingerprints of all the consents that came after it. This makes tampering very tricky.
And although this can be done, it is extremely unlikely, because of…
Email backups
WP Full Picture stores consents locally for limited time (from 6 hours to 1 day). After that, it sends them to the specified email address and deletes them from the database. As a result, consents are then only saved in the email accounts.
Even though it may seem that keeping consents in the email account makes them super easy to modify, the reality is the opposite.
If someone changed the value of a consent from several weeks before, they would not only have to regenerate all the following fingerprints (see previous section) but also re-send the backup emails with the correct dates.
Dates of sending emails cannot be modified unless someone has direct access to the database of the email software, which only happens with self-hosted email software.
How can you prove that the consents saved locally are authentic?
To prove the local consents are genuine:
- Emails with your consent files must be sent to a secure email service that does not read your emails, like Proton Mail
- The date of the consent that was sent in the email attachment must be older by not more than 24 hours before the email was sent
- There can’t be any broken fingerprints in the chain of consents
We will post a video with detailed instructions once we release WP Full Picture 9.0.
So…should you keep consents locally or in the cloud?
It depends on what you need.
Using cloud database for storing consents is definitely an easier and safer option.
You do not need to worry about privacy audits, obtaining the required documentation and you get the consent statistics. Plus, it is very cheap, with prices starting at €9.99 / year for storing 36500 consents, (around 100 / day).
On the other hand, storing consents locally is a viable option if you prefer to keep all the data in-house and have the required documentation.
