Vendor cookie disclosure
A vendor cookie disclosure is a privacy practice where a website discloses cookies that can be set on an end-user's device that is attributable to a third-party vendor whose technologies are embedded on the site. In this article, we will cover the following:
Legal requirements for vendor cookie disclosure
Note: The following is not to be considered legal advice and organizations should refer to their DPO and legal counsel regarding applicability of and compliance to regulations.
While there is no universal requirement for vendor cookie disclosures, data privacy regulations like General Data Protection Regulation (GDPR) in combination with the ePrivacy Directive generates strong pressure that organization's disclose not only cookies they may set but disclose cookies set by their vendors as well.
However, even within the contexts of data privacy regulations like GDPR there is no set requirements on where vendor cookie disclosures should be surfaced to end-users. Didomi observes some clients including cookies disclosures in their privacy policy while others rely on the consent notice.
IAB vendor cookie disclosures
When a vendor registers with the IAB TCF Global Vendor List (GVL) the vendor may make cookie disclosures. If an IAB vendor is added to a GDPR consent notice, Didomi will automatically add any cookie disclosures the vendor may have made as part of its IAB TCF GVL registration to the vendor layer of the GDPR consent notice.
The vendor cookie disclosures will be added to a GDPR consent notice for any IAB vendor regardless of whether the consent integrates with the IAB TCF or not.
Cookies disclosures as part of IAB TCF GVL registrations are not available for IAB vendors via the Data Manager but your organization can view the cookie disclosures using the consent notice preview feature.
Click Consent notices on the left-hand panel and select your consent notice from the subsequent page.
Click the Preview icon.
Navigate to the vendor layer of your GDPR consent notice and click the + icon inline with an IAB vendor. Next, expand Device storage to view cookie disclosures for the IAB vendor.
Manually add cookie disclosure to vendor
Access Type: Data Manager - Editor
If your organization chooses to surface vendor cookie disclosure via the Didomi consent notice, you can manually add cookie disclosures on a per vendor basis from the Data Manager for any type of vendor (including additional cookie disclosures for IAB vendors).
Click Data Manager in the left-hand panel and select the Vendors tab on the subsequent page.
Navigate to a vendor on the subsequent list and click Edit inline with the vendor name.
Expand the Storage accordion and provide details for each storage item droppped/used by the custom vendor by clicking + Add a new storage.
From the modal, use the Type of storage dropdown menu to select a storage type and fill in the appropriate details in the subsequent fields.
Click Add when finished.
Repeat as necessary for other storage methods used by the custom vendor. Any added storage methods will be listed in the accordion and can be edited or deleted by clicking the appropriate icon inline with the storage method .
Last updated