As we rapidly approach the May 25th deadline for enacting the EU’s GDPR law we wanted to provide some guidance and solutions to Affiliates regarding GDPR cookie consent compliance.

I’m sure that many of you have seen similar notices from other networks that you work with and are finding these communications to be complicated, confusing and sometimes contradictory. Our goal in this post is to keep it as simple as possible and to provide some solutions that we’ve tested ourselves.

In a nutshell, the GDPR is a regulation adopted by the EU regarding data protection and privacy of all individuals within the European Union. In this article we will just be focusing on the cookie consent component of the GDPR regulation.

The bottom line is that Affiliates need to comply with this new regulation and we have added verbiage to our network level Affiliate terms and conditions to reflect this. In order to do that, Affiliates will need to notify website visitors and get consent before setting cookies.

If you are not already using a cookie consent tool, here are a couple of third party tools that we’ve done some initial testing on and seem to be good solutions that offer both free and paid versions. If you need help setting up or configuring these tools, please reach out directly to the tool provider.

https://www.civicuk.com/cookie-control/index

https://onetrust.com/pricing/#cookie-compliance (scroll down to the Cookie Consent & Website Scanning section).

Regardless of the cookie consent tool you use, it needs to contain verbiage that notifies visitors that if they continue to navigate your website and click on any external links that they are giving consent for third party cookies to be set unless they change their browser settings to block cookies.

Please note that this blog post should not be taken as legal advice. The intent of this article is to raise awareness of the issue and provide some possible solutions to Affiliates in our network. Please seek the advice of your own legal council before making any final decisions on how to properly comply with the GDPR.

(Visited 460 times, 210 visits today)
  • Mike H.

    Thanks for the reminder. For anyone that uses Quantcast they also offer a free tool called Quantcast Choice to make a GDPR consent solution. Lets help fix the internet for EVERYONE. We applied this to the Mountain Weekly News last week and will continue to test and monitor traffic, page views and bounce rates from the EU.

    • Hey Mike, thanks for the share on the Quantcast Choice tool. Definitely a worthwhile one for affiliates to check into if other tools aren’t meeting their needs.

  • As an add-on, I’ve been making pretty good headway with CookieBot.com. There’s still some integration, mostly javascript, required but easy if you have access to your theme. There are a lot of things I like about this solution, but the best is the number of different types of consent it supports. For example, you don’t need explicit consent at the moment in the EU, just Active Consent. Meaning, you just have to put up a consent dialog that people can ignore and click or scroll past – which is still considered implied, loggable, consent. CookieBot also supports many other nuances as well, depending on the programming talent have. I favor an all or nothing cookie consent approach myself. If users want to block cookies when they want to browse my site, I’ll give them the information required to opt-out or block cookies, but I can’t programmatically turn them off myself, often because the cookie chain is so deep an out of my control.

  • “The bottom line is that Affiliates need to comply with this new regulation and we have added verbiage to our network level Affiliate terms and conditions to reflect this. In order to do that, Affiliates will need to notify website visitors and get consent before setting cookies.”

    Can you post a link to the updated Affiliate Terms and Conditions? I checked but could not see any mention of new Avantlink-specific GDPR requirements or implementation timeframes above and beyond GDPR’s 88 page legal text.

    • Hey Philip. The terms are permanently available here: https://www.avantlink.com/terms (that has also been updated in the blog content, thanks for pointing that out).

      See the Affiliate Cookies and Data Protection section near the bottom of the terms. GDPR isn’t called out specifically as we are, for better or for worse, anticipating that other markets will enact similiar legislation at some point.

      • Thanks for pointing them out. Who is the best person at Avantlink to speak with (by phone) about interpreting these and implementing them. I don’t think a comment form is going to be high enough bandwidth.Thanks.

        • Hi Philip. For specific questions related to interpretation on how GDPR impacts your involvement not just as an affiliate but a website operator as a whole, we highly recommend consulting your own legal advisors. We don’t have in-house legal council that is able to get on the phone and advise affiliates. If you have any technical questions regarding the implementation of one of the tools we listed please contact the tool providers.

          • No big drama. I left some comments last night that other affiliates might find useful, since the tools you reference are pretty so so when you get into the weeds of GDPR implementation. Can you approve them?

          • Hey Phil- thanks for the heads up, didn’t see an email that the comment had come through. That has been approved. Any additional insight is appreciated, so thanks for sharing.

  • I don’t use cookies on my site. Does Avantlink set cookies with either its banners or it javascript? If so, then we need to know how to disable the AvantLink cookie if someone opts out.

    • AvantLink doesn’t set cookies on your website- it’s only when/if someone clicks on your ads (regardless of implementation type) that a cookie is set when they visit the merchant’s website your ad redirects to.