GDPR - Are you adding a cookie opt-out link to your Privacy Policy? | Community
Skip to main content
A
AlexisHughes
Level 3
April 22, 2018
Question

GDPR - Are you adding a cookie opt-out link to your Privacy Policy?

  • April 22, 2018
  • 3 replies
  • 7785 views

I found this tip in GDPR preparation discussions as an action item we should take to ensure cookie compliance (in addition to setting up a cookie preferences center on our site/Marketo landing pages):

Add a link to your company Privacy Policy page enabling customers to opt out from Marketo tracking. Link should be "customer page"?marketo_opt_out=true. When they click, Marketo places a "mkto_opt_out" cookie on the browser and their activity is no longer tracked online.

1) Can this be any page URL - i.e. fourseasons.com/meetings_and_events/?marketo_opt_out=true?

2) Are you also taking this step? Our legal dept. most likely will not want to customize our global Privacy Policy this way for one tool for one department.

3 replies

SanfordWhiteman
SanfordWhiteman
Level 10
April 22, 2018

This feature can be useful, but it doesn't give the full-spectrum privacy protection that you're promising to end users.

When you add this param to a URL -- and yes, it can be any page -- Munchkin will set a "no-cookie cookie" and not perform any future tracking in that browser.  But if you've told the user that by clicking that link, "they won't be tracked," this isn't true, because the moment they click a tracked link on another device, you will be tracking them again.

To cover all these bases it's more important to persist those privacy settings to the lead record and make sure to honor them everywhere (not sending them tracked links, not loading Munchkin once you know who they are).  Stopping Munchkin from loading is pretty simple with or without the marketo_opt_out; it's making sure to honor the user preferences everywhere that's complex.

IMO, it's very important to fulfill the commitment that you make when somebody opts out, to the fullest extent technically possible. A false/incomplete opt-out can be more pernicious than not offering the option at all.

A
Anonymous
April 23, 2018

I've seen this on a Marketo page (http://developers.marketo.com/javascript-api/lead-tracking/#opt_out​ ):

Not sure how advance this will come into effect of the GDPR however, hoping soon!

SanfordWhiteman
SanfordWhiteman
Level 10
April 23, 2018

This is what Alexsi is referring to above, and it already functions if you use the Munchkin beta embed code.

However, it doesn't suffice for GDPR, as I explained above, because you will still be tracking people who you know, and who specifically disallowed tracking when they're on another device. You have to do more work than this to comply with people's wishes.

Amy_Goldfine
Amy_Goldfine
Level 9
April 23, 2018

We're using a cookie consent manager (TrustArc) to handle this.

Amy GoldfineMarketo Champion & Adobe Community Advisor
Dan_Stevens_
Dan_Stevens_
Level 10
April 23, 2018

Amy - even the cookie consent tools (like TrustArc and OneTrust) manage this at the cookie/browser level - not user level.  Basically what Sandy is saying is that it's going to be quite difficult to set/meet the expectations of users when they opt-in/out of cookies since the majority of the tools are setting this at the device/browser level.

Terms & ConditionsAccessibility statement

Loading footer...