New Functionality: GDPR Compliance Features

HubSpot Employee

What's Happening?

Some new functionality to help customers on their journey to GDPR compliance.

What's Changing?

Nothing; this functionality is completely new! Three new methods have been added to the Tracking Code API to more effectively manage cookies. Additionally, a new contact property has been added to track lawful basis status.

Docs for each can be found here:

When is this happening?

These new methods are now live; integrators can begin using them immediately.

Feel free to reach out in the comments below with any questions/concerns!

2 Replies 2

Is there anyway you could further develop the banner consent script to delete Hubspot cookies in a user's browser?

The issue is that if they visited our site last year, then they should get the consent banner today. If they decline, then the script should delete all Hubspot cookies before creating the opt in cookie. Then they wouldn't have any Hubspot cookies except the consent cookie.

Technically it should probably delete all Hubspot cookies regardless of their response, since consent is not given until they respond.

If I understand correctly, the script stops (if they decline) any data from being collected on the Hubspot end. But I believe having non-consented cookies still within a user's browser cache is still a no-no.

I tried to see if we could add our own function to do this based on the response but you can't delete cookies from a subdomain that are set at the .domain level.

HubSpot Employee

Hi @Sean_Collins,

A couple things here:

  • The privacy policy banner has been updated recently with GDPR related features, but the banner (and related consent features) have existed for a while. Basically, if you enable the banner, all visitors who have not previously seen the banner will see it on their next visit. Their actions (opting in or opting out) will function exactly the same way as they would for a never-before-seen visitor.
  • If a visitor opts out of cookies, they'll still have the opt out cookie in their browser. This is a technical requirement; without an opt out cookie, it's not possible to 'remember' their opt out preferences, and they'd see the privacy banner on every visit.
  • The Tracking Code API has methods to get a visitor's consent status & delete cookies; I'd recommend checking out the docs there for details on how you can implement custom cookie management (see above).