DEV Community

Cover image for A Custom Consent Management approach for GDPR compliance
Mike Sanders
Mike Sanders

Posted on

A Custom Consent Management approach for GDPR compliance

The purpose of this post is to illustrate how GDPR implementations can satisfy the following requirements:

  • Provide a default non-script way for a user to opt-in or revoke consent based on category of cookies.
  • Redirect to a JavaScript implementation for the same when JavaScript is enabled.
  • Have the implementation work for both dotnet core and dotnet framework front ends.
  • The consent cookie should be protected and not accessible by JavaScript.

User Experience

A simple web template is used to illustrate the user experience.
The template has a simple header and footer with a body that
contains a consent banner at the bottom of the page.
The banner has a link to the privacy policy and a button to accept cookies.

Simple web template

After clicking the accept button, the user is redirected to a page
that shows that the consent has been accepted.

Consent acceptance

The user can manage consent by cookie category by clicking a link in the footer.

Manage cookies link

The Manage Cookies link defaults to a simple non-JavaScript UI. By default any unnecessary categories are not selected, using an Opt-In strategy.

Simple cookie categories user interface

If the user selects the marketing category, then the ads will be
shown on the pages. The user can deselect marketing cookies and
the ads will be removed from the pages.

Enable site ads

Solution architecture

The code for the solution is located on GitHub.

The solution is illustrated in this diagram. The dotted lines with arrows denote dependency.

solution architecture

The central project to fulfill implementation for both dotnet core and dotnet framework clients is WebUtils.Standard, which is coded with .NET Standard 2.0. This library contains the service client for the Consent Service. That service along with the domain project
are coded with dotnet core 8.

Another item to note are the facades created around HTTP Context, Request, and Response objects. I passed in these facades to the WebUtils.Standard so that both .NET Framework and dotnet core clients
can use that library. The implementations for the facades are in the
WebUtils.Frmwk and WebUtils.Core libraries respectively.

In addition to the non-Javascript user interface, I have began a VueJS implementation of opting into cookie categories that exists in the Web.Core project. This implementation is only a starting point.

For the database, I chose Mysql/MariaDB as the implementation. That can be easily swapped out.

Test Coverage

There is a little room for improvement for test coverage, but not too bad for now.

Wrap up

I hope you enjoy this small template project and the code is something you can learn something from.

Top comments (0)