Back in May 2011 Baycloud Systems introduced the original tool for helping websites comply with Do-Not-Track and the Data Protection and ePrivacy Directives, backed by a cost-effective and exhaustive website auditing service.
Fast track to 2016 and we are now the leading provider to multi-national companies of multi-language and multi-compliance systems, capable of actively managing storage in a secure way, not only to protect website visitors’ personal data but also clearly giving them control over its collection and use.
The Baycloud Consent Platform manages the consent request process, presenting information on usage commitments and user benefits in any language, with a per-site customised user experience and ensuring their choice is continuously available. We ensure that tracking and storage consent policies are properly adhered to, with users' consent capable of being revoked at any time and automatically after a configurable "sunset" period.
We believe that publishers and brands that respect and offer a straightforward choice to their customers will earn their trust and loyalty.
PrivacyShield and GDPR compliance
Consent for storage and tracking can only be understood by people in terms of the web sites they visit. Usually they are not made aware of the many other "third-party" servers involved in delivering content when they access a site. The use of tracking technologies such as persistent UID cookies or browser fingerprinting by these invisible third-parties is one of the major causes of lack of trust online,
Users give or revoke their consent for tracking to the "first-party", the Url they have decided to visit, visible in their browser's location bar. Without a way to communicate particular users' choice to the data controllers of embedded "third-party" websites must stop them from loading, else their visitors have no alternative but to use "AdBlockers" or other privacy enabling add-ons.
Baycloud has been actively involved in the definition of protocols for communicating user choice to the servers of embedded resources in the W3C Do Not Track group. While browsers have started to implement these protocols their widespread availability is not yet there.
Baycloud Consent is a new product that makes it easy for websites to communicate user choice to embedded third-parties, such as social networking widgets, analytics beacons, and advertising providers. The requirements for transparency, notice, choice and access of the recently introduced PrivacyShield Principles and the forthcoming General Data Protection Regulation can now all be met using Baycloud technology.
Control all tracking, not just by "third-parties", or by those on pre-selected lists
Enforce Do Not Track on any website with Bouncer, an add-on for the Chrome desktop browser (other browsers e.g. Firefox, Safari and Edge coming soon).
Bouncer enforces your Do Not Track (DNT) preference sent to not only the websites you visit, but to all "third-parties" elements on those sites. Any other server that receives data from the pages you visit will also receive a DNT signal, and if they do not take account of it Bouncer can stop them tracking you.
Bouncer can tell a site, along with some or all of its third-party elements, that you have agreed to tracking. We call this "whitelisting", and you can do it for a whole site by clicking the Baycloud shield icon inside Bouncer. You can revoke your consent at any time by again clicking the shield icon. You can control what DNT value is sent to individual third-parties by clicking the Do-Not-Track icon alongside each one.
If you visit a site that uses CookieQ or one of our other consent management products, you can revoke or give your consent equally well using Bouncer or with the consent option operated by that site.
If elements pointing to these servers are present on many sites, i.e. are embedded third-parties, then your web activity can be collected often without your knowledge. Bouncer stops this by ensuring persistent cookies containing a UID, either first-party or third-party, are deleted after 2 hours.
Sites you trust may offer you incentives to let them track your activity on some or all sites. It is entirely up to you to accept them or not because the Do Not Track standard, and the way Bouncer enforces it, ensures servers have to explain why they use your personal data for in order to ask you to agree.
If you prefer you can use the blocking toggle to completely block particular third-parties across the web. You can selectively unblock or block individual third-parties in the third-party section.
You can give your consent either on the site, if it supports the standard DNT Consent protocol, or within your browser by clicking Bouncer's DNT icon.
Whereas most Ad Blockers are based on the original AdBlock code, Bouncer has a completly new code base, implementing the full W3C Tracking Protection Working Group protocol. If you wish to test the Do Not Track Consent API there is a test page here. If you switch of the Consent Confirm dialog the test will not stop untill the entire TPWG API test has completed.
Bouncer does not rely on arbitrary lists, which can quickly become out of date. It does not collect your personal data, or send any information about your web activity to anyone. The only information sent to the sites is simply whether or not you have consented to tracking., using the standard DNT header.
|Click the shield icon to whitelist a particular first-party site,|
|Click the gear icon to change Bouncer's Settings.|
|Do Not Track is set and being sent to this server|
|You have given a server your permission and DNT:0 is being sent|
|This server complies with the W3C Tracking standard, + a policy derived from EU Data Protection and e-Privacy law|
|This server complies with the standard W3C Tracking Protection Compliance standard|
|This server complies with the EFF's DNT policy|
|The server replied with Tk header signifying No Tracking|
|The server replied with Tk header signifying a possibly undisclosed non standard mechanism|
|Persistent UID cookies are being placed by this server|
|Bouncer zapped a persistent cookie, so it will last for only 2 hours.|
|Bouncer will block this third-party completely. On a first-party this will block all its embedded third-parties|
The Settings page, accessed by clicking the "gear" icon in the topright corner, lets you change various options. By default Bouncer will ask you to confirm your Do Not Track choice on a site, but if you think this superfluous, switch it off in the Settings page.
Server-side tracking protection and consent platform
The CookieQ platform lets publishers offer informed consent for their cookies and third-parties, giving their increasingly privacy aware customers full control over their web activity data. Rather than an irritating "cookie consent" popup that annoys customers by giving them no real choice, CookieQ uses the latest HTML5 APIs to actively manage cookies and embedded third-parties and gives sites the ability to comply unequivocally with the e-privacy directive. CookieQ is the only e-Privacy tool that can control the cookies on your site automatically, and can ensure that no unknown scripts can be delivered to visitors. If properly implemented this will eliminate malware delivery from downstream embedded frames, for example from remnant online advertisments.
Consent is not limited to single host domains but can be allocated on a per data controller basis across any number of web domains, so that once explicit consent has been given to a set of domains there is no need to ask again. Sites have the ability to limit the duration of any consent given to an arbitrary period and allow users to revoke their consent at any time.
With CookieQ, AdSense or other sites that wish to actually implement the legal requirement for no tracking cookies without prior consent can now do so.
CookieQ offers a complete set of features that address all the problems that arise when true ePrivacy solutions are implemented. Compliant implementations exist for all EU Member States including all interpretations of consent using the latest CNIL, ICO, CBP and Article 29 Working Party guidance.
Web publishers can build trust by only using tracking or collecting user-identifying data when consent has been given, for example as part of the log-in process. CookieQ can be configured to automatically remove first-party cookies, specified third-parties and other storage on all the domains where consent has not been given or it has been revoked, and can show a consent icon to users to give them the ability to change their settings at any time. Consent can be optionally registered for arbitrary categories of cookies, such as "functional" or "analytics", and can, if required, be applied to individual cookies and third-parties. Because user consent can be applied across multiple domains there is no need to bombard users with pointless repeated requests
We have been active members of the W3C Tracking Protection Working Group since 2012 and have supported the Do Not Track standard so that the default consent status can be amended depending on the state of the DNT header, for example by assuming "explicit consent" is required when DNT is set. For browsers that support it, such as Microsoft's Internet Explorer 11, the DNT Consent API is used to signal explicit consent to your embedded 3rd party content servers, again across multiple domains.
CookieQ does not use unique identifiers or UIDs to remember which sites your users have given consent to as the data needed to do this is held entirely within the browser and is not communicated to anyone. When a user has given consent this fact can be communicated to your sites' servers using a short-lived cross-domain "signalling cookie", though there is an option to refrain from using even this non identifying cookie.
If you are a CookieQ customer you can login.
CookieQ, and our new product Baycloud Consent, let websites offer people choice over tracking and the collection of their personal data.
When you are opted-out, first-party storage, e.g. cookies, other than those deemed to be "strictly necessary to fulfil a purpose requested by the user" are deleted. CookieQ and Baycloud Consent also enable the blocking of third-parties that do not respect Do Not Track.
If your browser supports the Do Not Track API, or you use a browser extension like Baycloud Bouncer, CookieQ will use that to register whether you have consented or not.
The details about the cookie or tracking consent you have given at websites that use CookieQ are stored solely and entirely in your browser, using a standard web facility called "local storage".
If you have not given your consent at websites you will not see a table of them below, but the record will be similar to the picture on the right.
If you have given consent to websites using CookieQ you will see the record of them below.
If there are more websites than can fit on a single page you can use the "Prev" (Previous) or "next" buttons to navigate to different pages.
Below are the websites where you have given or revoked your consent for tracking cookies, via CookieQ or Baycloud Consent. Some websites imply your consent when you use them, but you can always revoke your consent by clicking the green icon. If the consent receipt was for a set of websites belonging to the same company then your consent will be revoked for all of them.
The Web Standard for User Control
The W3C's Do Not Track protocol is a standardised way to let website visitors give or revoke their consent for tracking, and for servers to signal their identity and their purposes for online personal data processing (if any).
If a user has not given their consent to be tracked, or in some circumstances have not taken up their right to object to it, then not only is there is a legal duty to respect their choice, but publishers may be able to stop content on their sites, such as advertisements, being arbitrarily blocked by the increasingly common use of ad-blockers or other forms of tracking protection.
The General Data Protection Regulation will replace laws based on the Data Protection Directive in May 2018. This emphasises the importance of consent as a legal basis for processing personal data, including via the use of online identifiers such as persistent UID cookies, and calls for the use of "automated means" to express the user's right to object. Even if the UK leaves the EU UK companies will in all likelihood still have to abide by it. The EU Commission has recently proposed a replacement for the ePrivacy Directive (the 2017 ePrivacy Regulation) which not only requires companies to respect users' terminal settings (e.g. DNT) but also requires browsers to protect users' data from being accessed by third-parties, unless consent has been given.
Baycloud Systems has been a long standing and leading supporter of the Do Not Track process, having taken an active role defining the standards in the W3C's Tracking Protection Working Group. The technical description of the standard, the Tracking Preference Expression document is somewhat difficult to read so we have written a guide to implementation. Some sites, browsers and browser extensions already support the standard.
The W3C Tracking Protection Working Group has recently had its charter renewed for another year with the focus being “to demonstrate the viability of TPE to address the requirements for managing cookie and tracking consent that satisfies the requirements of EU privacy legislation".
CookieQ has always allowed sites to take the Do Not Track general preference into account, and has since 2013 supported the Consent API to transparently register user consent to third-party content. Our new product Baycloud Consent further extends this support for any web ecosystem company aiming to properly comply with the forthcoming ePrivacy Regulation and the GDPR.
The chart below shows the percentage of web requests with DNT set sent from browsers to a set of thousands of consumer brand sites every day since January 2013.