Consent Logs Overview

Consent Logs can be exported as Proof-of-Consent by selecting a date range and clicking "Export". 

Consent logs help you comply with Proof-of-Consent requirements in the GDPR ( Article 7, Recital 42) and other data privacy regulations. These requirements say that if your website collects data on site visitors, including anonymized data for analytics, you are required to maintain a record that proves a site visitor consented to certain processing activities. 

Cookie Compliance export format is based on current work to establish a compliant consent record structure from International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC 27560). 

  • moc (method of collection)
  • jurisdiction
  • sub (data subject ID)
  • consent
  • jti (consent ID)
  • lat (local area time)
  • purpose
  • data_app_id
  • data_session_id
  • data_event_type
  • data_controller_on_behalf
  • data_controller_contact
  • data_controller_company
  • data_controller_address

moc

method of collection (moc) describes how the consent was collected; field value for consent collected via the banner is preset to "web form"; other values like "implicit", "verbal" will be supported in future releases

  • data type = STRING
  • example output = "web form"

jurisdiction

identifies the legal jurisdiction under which the processing of personal data occurs

  • data type = ISO 2-letter Country Code
  • example output = "US"

sub

identifies the subject or site visitor; field value for consent collected via the banner will default to data_session_id; other subject identifiers like "email", "phone" will be supported in future releases

  • data type = STRING
  • example output = "84a125ff-cd97-45de-b1b8-cfa05e58d43c"

consent

describes the type of consent captured; field value for consent collected via the banner is either "Accept" (positive consent) or "Reject" (negative consent)

  • data type = STRING
  • example output = "Accept"

jti

unique identifier for a single consent receipt; field value for consent collected via the banner defaults to a unique string

  • data type = STRING
  • example output = "fc838979-3bee-432f-ad15-86aa05674a0e"

lat

local area time (lat) provides a timestamp of when the consent receipt was created; recorded as number of seconds since 1970-01-01 00:00:00 GMT

  • data type = INTEGER
  • example output = "1608100000000"

exp

expiration (exp) describes the length of time for which this consent receipt is valid; field value for consent expiration can be configured using the Duration parameter

  • data type = INTEGER
  • example output = "30"

purpose

describes the purpose categories for which the subject or site visitor has provided their consent; field value for a negative consent (where consent = "Reject") defaults to null, indicating the site visitor has only consented to essential cookies

  • data type = STRING
  • example output = "Functional,Analytics"

data_app_id

application id (app_id) is used to identify your domain, and the URL where the consent event was recorded

  • data type = STRING
  • example output = "yourdomain.com/page"

data_session_id

session id is used to identify the specific browsing session where the subject or site visitor interacted with the banner to record their consent

  • data type = STRING
  • example output = "84a125ff-cd97-45de-b1b8-cfa05e58d43c"

data_event_type

event type defines what the site visitor is consenting to at a general level; field value for event type defaults to "Cookies" 

  • data type = STRING
  • example output = "Cookies" 


When your website collects data from site visitors, you are known as a data controller. The log file contains fields that identify the person responsible for privacy and compliance practices:

  • If you are a business owner running your own website, then your contact information should populate these fields
  • If you are running a website for a business with a dedicated privacy or compliance team, then contact information for the team lead should populate these fields. 

Data Controller fields can be updated via the Account Page by clicking "Edit Company Information". 

data_controller_on_behalf

used to identify your website or business as the party responsible for controlling the data collected from your site visitors; field value for consent captured via the banner defaults to TRUE, indicating that your website is controlling data on behalf of the site visitor

  • data type = BOOLEAN
  • example output = "TRUE" 

data_controller_contact

name of the individual responsible for privacy and compliance practices

data_controller_company

name of the company

data_controller_address

business address of the company


A note on IAB's Transparency and Consent Framework (TCF 2.0): Recent findings from a leading data protection authority in the EU has found the framework to be non-compliant with the GDPR's principles of fairness, transparency and accountability. While Cookie Compliance will support consent record output that interoperates with the TCF format, our default consent receipt format will evolve to reflect ongoing work of standards bodies like the ISO.

Still need help? Contact Us Contact Us