Website Privacy Widget Guide

Guide to Concord's Website Privacy Widget: what it is, how it works, and further details on configuration options, implementing cookie consent options and advanced consent types.

Understanding the Value of the Privacy Widget

Concord's Consent and Compliance solution includes an easy to configure and implement website add-in that adds features typically required by regulation. It adds features typically required for various regulations without the need to build and maintain such features for each website.

It also is designed to bring transparency on data use and build trust with the people that visit websites. If people can see a list of what they have agreed to, what data they may be sharing with a brand and have options to update that data and/or change privacy settings, people are more likely to trust the brands and websites that include such features.

For example, under California's Consumer Privacy Act (CCPA) regulation organizations that qualify, even ones that do business in the state but are based outside of California, are required to give people the option to request a full copy of their data. These features are sometimes referred to as digital subject access requests or simply data access requests (DSAR's or DAR's).

Building unique features that satisfy the CCPA requirements could be costly, are prone to breaking over time, and may be time consuming and expensive to actually resolve customer requests.

Having Concord add these features into a website add-in that can be implemented with a single line of code takes out the guesswork and promotes a more responsible people-come-first data collection practice. Everyone wins with Concord.

How it Works

Site generally have a “Privacy Policy” link in their footer or header. Rather than maintaining the various privacy disclosures and additional compliance features as a series of website forms, pages and popups, Concord provides a line of code to add the widget to the page when it loads.

The user experience will popup when invoked and the decision on how it is invoked is up to the website designer but typically it is a button or link that causes the widget to display.

Otherwise, the widget is working in the background, collecting a consent history for the person browsing and is available for her/him to view at any time in the future as well.

Brands can ask for additional data (like adding an email address to a mailing list) and this will add another consent event so that if the person browsing wishes to see her privacy history or make changes, it’s already been captured and can be viewed in the widget on demand.

Features in the Widget

Fig. Website Privacy Widget Explained


Configuring the Privacy Widget for Privacy Features

One section of the privacy user experience includes a list of all disclosures that the website is either required to or wants to post related to the privacy policy, site terms of use, optional data use disclosures, or optional breakout of disclosures of additional rights under various regulations like CCPA, GDPR and others.

Projects

The key to configuring the website widget is understanding Concord’s “Project” settings. Administrators can create new projects in the admin UI. Each project will have various settings some of which are required (at least one disclosure) while others are optional (style customizations).

Projects are typically created one for each website that has a different style, functional design, and/or may have its own policies and disclosures. For example, a large company may have multiple brands, each with their own websites.

Domains

For website projects, at least one domain name must be added to the project definition. Organizations can also choose to use the same privacy widget for all sites by listing more than one domain. The choice is up to each organization but note that functionally, a project has a unique line of javascript code to add to a website that matches the correct elements that are unique.

Unique to each project:

  • domain names where the widget will be added
  • disclosures, text and links to policies
  • registered consent events  
  • style options

If any of those requirements need to be different for a widget on one of the website domains, a new project should be created.

Fig. Adding Privacy Policy and other Disclosures

Registering Consent Types

Each widget will also contain the history of consent that a person has agreed to by using the site or services from the brand. Even consent for offline events can be listed in a person’s consent history.

Default Consent Type: Implicit

Most sites state in their privacy policy that use of the site constitutes an acceptance of the basic terms laid out in the privacy policy. As noted previously, each project must have at least one disclosure (link or text or both). This is typically the website (or app, etc.) privacy policy.

When a person visits a site for the first time or uses a new browser to visit the site, the person is only listed as having the default consent history: the acceptance of the basic privacy policy.

When the widget loads as part of the website html rendering in their browser, Concord captures this basic consent automatically. Because the person didn’t necessarily click on an “Accept” button (though they optionally can of course) this consent event says it was “implicit” meaning that it was part of the disclosed policy and terms of using the website.

Additional Consent Types and Cookie Consent

Additional disclosures, clickthrough agreements, data sharing consent, as well as cookie consent options can be added to projects as well.

If you are using the Concord Cookie Consent widget as well, the consent privacy settings that people may toggle on/off will also be displayed and captured in the history. The default behavior is to accept all cookie and capture the consent but this can be changed by the person using the website as well.

Personalizing the Widget

The privacy widget can be styled to match an organizations preferred colors and logo.

The widget will also include the links to the website privacy policy and any other disclosures that some websites provide such as additional information on how data is collected or specific accommodations for CCPA, GDPR or other regulations.

Fig. Title and Naming

Fig. Upload Logo

Fig. Setting Primary Color to Match Website

Adding the Privacy Widget to a Website

Each customized widget has a unique javascript code for adding it to a website.

Note that more than one widget can be created by using the "Projects" feature. Typically websites or applications that have different policies or settings will be in different projects.

More information on creating Projects can be found here.

Fig. Javascript Include Code to Configured Widget