GDPR and Episerver: Storing consent context in submitted form data
GDPR requires that you can prove when, how and in what context you got the user's consent to process their personal data. Here's a quick and auditable way to store those details in Episerver Forms.
I previously blogged about how you should unbundle consent in your signup forms. Building on that, we need a way to store all the consent conditions in our form submissions.
The signup form in my previous post was basically composed of a few Text fields, a Multiple Choice field, and a Submit button:
However, for GDPR, this form still has flaws.
"Why?!", I hear you ask. "The submitted form data will show they ticked the checkbox for the newsletter opt-in. That must be proof enough!"
Unfortunately, no. Form layout and texts can change over time in ways that are hard to audit, which contradicts the requirements of GDPR:
"Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data." Article 7(1)
and also this clarification from the recitals:
(...) safeguards should ensure that the data subject is aware of the fact that and the extent to which consent is given." - Recital 42
Changing the opt-in text invalidates previously gathered consent
Imagine the editor changes the checkbox from the first iteration (top) to the second iteration (bottom):
The opt-in consent has suddenly been extended to include special offers (which are quite different from newsletters) and the addition of SMS as a communications channel. See the difference? Here's the submitted form data for the two iterations of the form:
It's impossible to tell which users consented to what iteration of the form. In effect, this invalidates all the consent you gathered using any iteration of the form.
Fixing the form with a Hidden Predefined Value
Since forms can change over time, data submissions must include a permanent record of what the user consented to.
For this, we add an extra field - the Hidden Predefined Value field. We configure this field to include the exact text that appears on the consent checkbox:
With this setup, the submitted form data will look like this:
If we change the checkbox text in the future, we update the Hidden Predefined Value field with the new text. That way, old submissions will still retain the old text, and new submissions will be stored with the new text. With this approach, we have effectively stored the consent context for all iterations of the form.