Advice from a legal expert on functional cookies that allow the messaging service to work
This is memorandum written by our Privacy Lawyer on the GDPR impact of cookies (local storage) used by the Web1on1 webwidget. It stipulates that both components are functional cookies, therefore fall outside of consent.
1. Background
To serve the visitors of Web1on1 client’s websites, a Webwidget (messaging pop-up) is displayed on a client’s website. For it to function well, the widget needs two software components, the Sunshine Conversations widget and the Web1on1 Wrapper. Below is an analysis of the GDPR compliance of both functionalities.
2. Sunshine Conversations widget
The Sunshine Conversations (hereafter Sunshine) widget is stored locally in a User’s browser. A “User” refers to an end-user of a Web1on1 client’s platform or a customer of a client’s business. The following are all examples of Users:
-
A visitor to a Web1on1 client’s website
-
The holder of an SMS number
-
A user of a Web1on1 client’s mobile app
-
A member of the public on Facebook Messenger / WhatsApp
When a new User, or a returning User who has cleared the cookie and local storage history, visits a Web1on1 client’s platform, they will be anonymous by default. Anonymous Users will be assigned a user-ID.
Assigning a user an ID allows Sunshine to optimize User experience in two ways:
-
It avoids conversations to break while switching webpages during chat;
-
It remembers returning visitors to facilitate a conversation history / context.
A user-ID is a string that can have any desired value, but must be unique within the application. Sunshine assigns individual user-IDs that are structured as follows (by way of example): XXXXb782298146afb2fee637XXXXX. A user-ID allows a Web1on1 client’s system to easily map a User to a user record.
User-IDs are stored permanently in the browser of a User. They do not have an automatic expiry date and remain in the local storage of the User’s browser until deleted. User-IDs are strictly necessary to offer Users the best experience in the Web1on1 widget.
This means that the Sunshine widget is a functional feature and is necessary to ensure proper functioning of a website, which falls outside the scope of the consent requirements under the GDPR.
3. Web1on1 widget - wrapper
Web1on1 has created additional functionality to the Sunshine widget (the “Wrapper”). The Wrapper is stored locally in the browser of a User for a period of 30 minutes, after which it will be flushed automatically.
The wrapper cookie is used for user experience optimization and is therefore a functional cookie.
It enables to auto-invite a User after either of the following:
-
A set period of time (e.g. 30 seconds); or
-
After the User has visited a certain amount of pages.
To enable sub 2 above, the wrapper assigns an anonymous user-ID which allows tracking pages during the session to time the auto-invite message.
Without the Wrapper, a customer would, when visiting a client’s website, promptly be invited to chat. This is generally considered intrusive or pushy. Most people prefer to browse a little on their own, before being asked if they need help. This is what the Wrapper ensures.
This means that the Wrapper is a functional feature and is necessary to ensure proper functioning of a website, which falls outside the scope of the consent requirements under the GDPR.
3 Conclusion
Both Sunshine and Wrapper offer features which are considered functional. This means they are necessary to ensure proper functioning of a website. Functional cookies fall outside the scope of the consent requirements under the GDPR.
Helena Verhagen
Co-founder & Privacy Lawyer