Saving user consents in WP Full Picture

At the moment WP Full Picture does not save user’s consents. This will soon change, but before this happens, it is important that you know our stance on this subject.

Why WP Full Picture does not save users consents (yet)

In some countries, website owners should collect proofs that their visitors consented (or not) to using their data for specific purposes. Courts can ask them for these proofs in case there is a chance they have been using the data in a way that users did not consent for.

Unfortunately, these laws do not specify how this consent should be proved.

As a result, companies store consents along with the IPs of their users devices as the identifiers of proofs.

But, this method is not reliable, and it is very unlikely that consents “signed” with an IP address would be considered as proofs in court.

This is because:

  1. IPs change
  2. A user can give different consents on different devices
  3. A user can lend their device to someone else, who can consent to something they wouldn’t like

In our view, at the moment, the only reliable method of “signing” consents is using a person’s digital certificate that is respected in their country. This is unfortunately undoable due to the fact that there are 195 countries in the world and not all of them issue such certificates.

That is why, we have not been saving user consents.

Why and how will WP Full Picture store consents in the future?

We decided that even though we can’t reliably prove that a visitor consented, we can save data that may prove that the tracking was set correctly. And this would prove that the user data must have been obtained with their permission.

We are in the process of building a cloud solution that would save users consents on our servers in France. The consents will be saved with:

  • The IP address of the device
  • Additional identifier of the device that would not change, like the IP address
  • The date and time of the consent
  • The exact consents that the user gave
  • The exact copy of the settings of WP Full Picture plugin, that would prove that it was not set in an illegal way
  • The copy of privacy policy current at the time of making the consent
  • The copy of the texts in the consent banner