Validated by: Jari Ala-Varvi — CIPP/E certified Data Protection Officer @ Opsec

Last updated: March 3, 2021

Data privacy and the consent banner

Volument doesn’t collect any personally identifiable information so you can avoid “cookie banners” in most countries and provide your visitors a better first-time user experience.

Europe

According to the laws of Europe, analytical software cannot read device information without permission. So depending on the country of the visitor you must display either of the following:

Consent banner
Notice only

The European laws apply to all analytics software, regardless of the use of cookies or similar technologies. However, since personal information is not collected, the more intrusive GDPR or CCPA banners are not required.

Outside Europe

Volument does not collect any personal information so it is compatible with CCPA, GDPR, PERCe. This means that you don't need to display any cookie banners in most locations, such as

  • USA
  • Australia
  • South America
  • Russia
  • Asia

Leaving out the cookie banner results in a better user experience, fewer bounces, and more conversions.

The “Do not track” preference

Volument respects the “Do not track” user option available in web browsers. When enabled, Volument does not send any device information to our servers.

Privacy FAQ

What data is tracked by Volument.

Look for the details from our privacy policy.

Isn't localStorage bad for privacy?

Volument uses localStorage to track visitors’ historical behavior, but since we don't store any identifiers in there, we are not violating GDPR or CCPA.

However, because we are accessing the URL and referrer information for non-essential purposes, you must display a consent banner for European visitors.

How do you fetch visitors’ geo-location?

Volument implements a custom geo-location service that use the awesome GeoLite database from MaxMind. It is based on the visitors’ IP-address.

But using IP addresses is bad for privacy, right?

According to GDPR, all logic that goes to displaying the cookie banner for European visitors is considered essential to the service. This is why it's possible to use the IP address for obtaining visitors’ geo-location. And since Volument does not store the IP address anywhere, the system is compatible with the privacy laws.

How is this different from Google Analytics?

Google Analytics uses an identifying cookie, _ga, to identify and track people. This requires you to display a more intrusive GDPR-style banner for all visitors regardless of their location on the globe.

Why most websites are breaking the law?

It's a mix of the following:

  1. They hate cookie banners. They've learned to hate those offensive dialogs around the web.
  2. They don't care. Privacy is considered irrelevant and boring. Nobody else seems to care either, so why bother. The penalties are only for the big and evil, right?
  3. They think they're safe. They've done their due diligence without consulting the law experts. A typical scenario is to apply the local privacy law, such as the CCPA for everyone, including the visitors from Europe.

Why I don't need the banner with __?

Some privacy-friendly analytics like Plausible, Simple Analytics, and Fathom claim that “no banner is needed”. That's not true. You definitely need a banner with all analytics software, regardless of their policy for cookies.

Volument is equally privacy-friendly but makes a legal correction with the consent banners. If you choose not to display a banner, you are taking a legal risk. No matter what analytics software you use.

Albania: Article 123(6) of Law No. 9918 (as amended) of 19 May 2008 on Electronic Communications in the Republic of Albania

Austria: Section 20 of Law 20/2014, of 16 October, regulating electronic contracting and operators who carry out their economic activity in a digital space

Belgium: Article 129 of Law of 13 June 2005 on Electronic Communications

Croatia: Article 100(4) of the Electronic Communications Act implementing the Directive on Privacy and Electronic Communications

Cyprus: Article 99 of the Electronic Communications and Postal Services Regulations Act 2004 (Law 112 (I)/2004) (as amended)

Denmark: Executive Order No. 1148 of 9 December 2011 on Information and Consent Required in Case of Storing or Accessing Information in End-User Terminal Equipment

France: Article 82 of the Act No. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties (as amended)

Gibraltar: Regulations 5(1) and (2) of Communications (Personal Data and Privacy) Regulations 2006

Greece: Article 4(5) of the Law 3471/2006 on the Protection of Personal Data and Privacy in the Electronic Telecommunications Sector and Amendment of Law 2472/1997

Ireland: Article 5(3), (4), and (5) of the S.I. No. 336/2011 - European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011

Italy: Article 122 of the Personal Data Protection Code, Legislative Decree No. 196/2003

Latvia: Section 7.1 of the Law on Information Society Services of 4 November 2004

Lithuania: Article 61 of the Law on Electronic Communications of 15 April 2004, No. IX-2135

Monaco: Article 14-2 of Act No. 1.165 on the Protection of Personal Data (23 December 1993)

Montenegro: Article 172 of the Law on Electronic Communications 40/2013

Norway: Section 2-7b of the Electronic Communications Act

Portugal: Articles 5, 14, and 15 of Law No. 46/2012 of 29 August 2012

Republic of Macedonia: Article 168(5) of the Law on Electronic Communications 2018

Slovakia: Section 55 of the Act No. 351/2011 Coll. on Electronic Communications

Turkey: Article 10 of the Law on Protection of Personal Data No. 6698

UK: Section 6 of the Privacy and Electronic Communications (EC Directive) Regulations 2003

Which laws are good with the notice only?

Andorra: Section 20(2), Law 20/2014 of the Electronic Communications Law

Bulgaria: Section 4a(2) of the Electronic Commerce Act

Czech Republic: Article 89(3) of the Electronic Communications Act

Estonia: Electronic Communications Act 102, Moments 1 and 3

Finland: Laki sähköisen viestinnän palveluista ja Traficom

Germany: Telemedia Act of 2007. Moment 15 §3

Guernsey: Implementation of Privacy Directive,(Guernsey) Ordinance, 2004. Section 4, moments 1 and 2

Hungary: Article 155(4) of Act C of 2003 on Electronic Communications

Kosovo: Law No. 04/L-109 on Electronic Communications

Liechtenstein: Law of 17 March 2006 on Electronic Communications Act and Data Protection Act (DSG) of 4 October 2018

Luxembourg: Act of 30 May 2005 and Articles 88-2 and 88-4 of the Code of Criminal Procedure, Moments 4 and 2

Malta: Processing of Personal Data Regulations of 2003.

Netherlands: Article 11.7a, Telecommunications Act, 1998

Poland: Article 173, 174, 209, and 210 of the Telecommunications Act 2004

Romania: Article 4(5) of Law No. 506/2004 on the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector

San Marino: Article 111 of Law No. 171 of 21 December 2018, Protection of Natural Persons concerning the Processing of Personal Data

Serbia: Article 126 of the Law on Electronic Communications 2014 (Official Gazette of the Republic of Serbia, No. 62/2014)

Slovenia: Article 157 of the Electronic Communications Act 2012

Spain: Article 22(2) of Law No. 34/2002, of 11 July 2002, on Information Society Services and Electronic Commerce

Sweden: Section 18 of Chapter 6 of the Electronic Communications Act (2003*:389)

Switzerland: Articles 45c and 53 of the Telecommunications Act 1997

{"desc":"Volument doesn’t collect any personally identifiable information so you can avoid \"cookie banners\" in most countries and provide your visitors a better first-time user experience.","title":"Data privacy and the consent banner","url":"/learn/data-privacy","key":"data-privacy","created":"2020-10-07T09:45:40.000Z","modified":"2021-06-23T18:51:46.249Z","createdISO":"2020-10-07","modifiedISO":"2021-06-23"}