Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Problem/Motivation
GPDR says that companies collecting data must store a proof of each consent.
It was not clear until recently if this applied to online tracking. However, the French CNIL recently confirmed that "companies using trackers must be able to provide, at any time, proof of valid consent from the user".
tarteaucitron can't do that by itself because it does not have anywhere to store this information (and the main dev said they don't want to store proof of consent).
However, the tacjs module could store this proof in the database.
Proposed resolution
tarteaucitron triggers an event when a service is loaded. We could use this event to send an AJAX request to a controller that will store the proof in the database.
According to our DPO, storing this information would be enough:
- Timestamp
- UID
- IP address
- Services allowed
Remaining tasks
If you agree with this feature request, I can work on a patch implementing this.
User interface changes
I think this would need to be disabled by default and we would add a setting to enable it.
| Comment | File | Size | Author |
|---|---|---|---|
| #5 | interdiff_4-5.txt | 11.43 KB | boulaffasae |
| #5 | 3179107-5.patch | 6.77 KB | boulaffasae |
| #4 | 3179107-4.patch | 5.96 KB | amina ihfa |
Comments
Comment #2
boulaffasae commentedHi prudloff,
Yes. It will be amazing to add a Proof of consent feature :)
Do we need to add a new Tab to display the stored informations ?
For informations. There will be a new 5.x version soon :)
Comment #3
amina ihfa commentedComment #4
amina ihfa commentedIssue updated :
- created a tacjslog table in the database
- created a Controller to insert log
- created an admin view to overview log
Comment #5
boulaffasae commentedHi amina,
Thank you for the patch, i added a
storefunction to send XMLHttpRequest to your Controller :)Comment #7
boulaffasae commented