Maximizing Compliance and Insights with AesirX - The Integrated Consent and Analytics Solution

In November 2023, the European Data Protection Board (EDPB) adopted Guidelines 2/2023, clarifying the technical scope of Article 5(3) of the ePrivacy Directive. 

These guidelines highlight the need to obtain explicit and informed consent before storing or accessing information on a user's device. For businesses operating in the European Union, adapting to these changes is essential for ensuring compliance and customer trust.

AesirX offers a unique solution as the only open source platform providing integrated consent management and first-party analytics. This article explores how businesses can use AesirX to ensure compliance and gain valuable insights.

Understanding EDPB Guidelines 2/2023

The EDPB Guidelines 2/2023 break down Article 5(3) of the ePrivacy Directive [1], explaining the rules for getting informed consent for various tech solutions:

• URL and Pixel Tracking: Consent must be obtained before tracking users through URLs or pixel tags. 

AesirX First-Party Foundation enables informed and explicit consent before any tracking occurs. 

• Local Processing: Local storage mechanisms, like cookies or other web storage, require explicit consent. 

AesirX First-Party Foundation facilitates this by presenting users with explicit information and informed consent options. 

• Tracking Based on IP Only: Even when tracking is based solely on IP addresses, consent is required. 

AesirX First-Party Foundation enables that all tracking activities are consented to, aligning with these guidelines.

Why is Integrated Consent and Analytics Needed?

Managing consent and analytics separately can lead to data discrepancies, user experience issues, and increased risk of regulatory fines. A unified platform like AesirX offers several advantages for businesses:

Seamless User Experience: Users benefit from a smooth process, from consent management to data collection. This seamless experience enhances trust and user satisfaction which can lead to higher retention rates.

Better Data Accuracy: AesirX’s first-party analytics directly collects data from user interactions on your website, bypassing third-party trackers. This approach ensures more accurate data without compromising user privacy.

Enhanced Compliance: An integrated consent and analytics platform simplifies compliance with GDPR and ePrivacy guidelines, reducing the risk of fines and legal issues by centralizing data collection and processing, ensuring consistent application of consent rules and easier compliance tracking.

Features of AesirX’s Unified Consent and Analytics Platform

AesirX combines effective consent management with powerful first-party analytics, offering a comprehensive solution for businesses:

• Consent Management: AesirX ensures compliance with GDPR [2] and ePrivacy guidelines by obtaining explicit and informed consent from users before any data is stored or accessed. This includes customizable consent banners that are user-friendly and compliant. AesirX also offers a flexible conditional consent model that respects user choices while allowing essential functions like payment processing. Users can opt-in for specific features without giving blanket consent.
• First-Party Analytics: AesirX collects data from user interactions on your website with user consent. Users are informed that their data will be used for analytics by default, complying with GDPR and ePrivacy standards. By avoiding third-party trackers, AesirX ensures data accuracy and respects privacy.
• User Transparency: The AesirX platform provides clear information about data collection practices, enabling users to manage their consent preferences easily, including the option to withdraw consent at any time.

AesirX’s user consent model - choosing one of three options

How the AesirX Consent Model Works

AesirX’s consent model provides three options to website visitors, all aligning with GDPR’s strict consent requirements:

1. Reject

   • Nothing is collected.
   • Nothing is loaded.
   • Only page views and rejections are registered without relation to the visitor.
   • Users may see a notice to activate consent for features that are disabled without consent.

2. Consent

   • Informed information is provided so that users give explicit consent.
   • Consent and tracking are activated.
   • First-party tracking data is loaded only after consent is given. 
   • Third-party tracking data is loaded only after consent is given.
   • All consented data is collected.

3. Decentralized Consent

Advanced consent management through decentralized technologies and via the AesirX dApp, giving users greater control and aligning with GDPR and ePrivacy Directive principles.

• Wallet:

  • Informed information is provided so that users give explicit consent. 
  • Decentralized wallets are loaded.
  • Consent and tracking are activated.
  • First-party tracking data is loaded only after consent is given.
  • Third-party tracking data is loaded only after consent is given.
  • All consented data is collected.
  • Users can revoke on-site.

• Wallet + Shield of Privacy:

  • Decentralized wallets are loaded.
  • Consent and tracking are activated.
  • First-party tracking data is loaded only after consent is given.
  • Third-party tracking data is loaded only after consent is given.
  • All consented data is collected.
  • Users can revoke on-site or from AesirX dApp.
  • Users can earn rewards from digital marketing.

How AesirX Decentralized Consent Works

AesirX’s decentralized consent mechanism lets users control their data securely and transparently, ensuring GDPR and ePrivacy compliance. Loading wallet technology supports decentralized consent for effective cross-platform management.

The Shield of Privacy Pseudonymization Layer

• Pseudonymization

  • User Data: The user's email, social media account, or wallet address is masked through the Shield of Privacy.
  • Anonymized Interaction: Allows users to interact with websites and e-commerce platforms without revealing their actual identity, protecting their privacy.

• Decentralized Data Ownership

  • Control: Users retain control over their data, ensuring that their interactions are based on decentralized ownership rather than centralized databases.
  • Privacy: The pseudonymization layer ensures that users' personal information is not directly accessible by websites or businesses, enhancing privacy.

• SoP ID and Domain Name Relation

  • Registration: The Shield of Privacy (SoP) ID is registered in relation to the domain name and the license.
  • Legal Audit Trail: This ensures that when a user provides decentralized consent, it is securely registered and linked to the specific domain, creating a transparent legal audit trail upon consent activation by business owners.

Consent Process Through Wallet Signing Request

• User Action

  • Click on Decentralized Consent: The user clicks on the “decentralized consent” option on the website.

• Wallet Interaction

  • Signing Request: A signing request is generated and sent to the user’s wallet. This request contains details about the user's consent.
  • Opt-In for Specific Actions: Note that users can opt-in for specific site functionalities on a case-by-case basis. For example, enabling the payment processor only when they proceed to make a payment.
  • User Review and Sign: The user reviews the consent details and signs the request in their wallet, providing explicit and informed consent.

• Consent Activation

  • Legal Audit Trail: Once the user signs the request, the consent is recorded through the signing request in the wallet.
  • Decentralized Subscription Model:
    • The business owner can then activate the consent which is recorded on the blockchain, creating an immutable and transparent audit trail. 
    • The business then gets access to the decentralized subscription data model, collecting first-party data only from the specific sites where the user has given consent.

User Control and Revocation

• Revoking Consent

  • Specific Site: Users can revoke their consent directly on the particular site where they had previously granted it using the same wallet they gave consent with.
  • AesirX Decentralized Application:
    • Consent Dashboard: Users can access the AesirX decentralized application to see a comprehensive list of all decentralized consents they have granted across various sites.
    • Wallet Requests and Registered Consents: The application combines the wallet requests with the registered consents through the Shield of Privacy, providing a clear and manageable overview, based on decentralized data.
    • Opt-Out Mechanism: Users can opt-out in a granular way, selecting which specific third-party services they do not consent to, even after initially opting in. This provides greater control and flexibility, enhancing user trust and compliance.

• Managing Consents

  • Revoke or Update: Users can revoke or update their consents at any time, ensuring continuous control over their data and how it’s used.

AesirX’s user consent model - decentralized consent options

Implementing AesirX Consent Analytics Tool on Your Website

Seamlessly integrate strong consent management and first-party analytics with AesirX.

Step-by-Step Guide

1. Sign Up and Get an AesirX Analytics License:

   • Visit the AesirX Sign-Up Page to create an account.
   • Fill in the information, select First-Party Analytics, and complete the registration process.
   • Upon registration confirmation, receive your license ID via email, needed for configuring AesirX Analytics.

2. Integrate AesirX Analytics:

   • Custom development: Follow AesirX instructions to embed the analytics code in your website's HTML.

• WordPress or other CMS: Download and install the AesirX Analytics plugin/module from GitHub. Activate and configure settings for server setup, user consent options, and data collection preferences. For more information, see our implementation guides and support.

3. Configure Consent Management:

   • Website owners must set up consent banners and provide clear, accurate information for explicit, informed consent, configuring settings based on first- or third-party data collection.
   • Once set up, customize the consent banners in the dashboard.
   • Choose from two consent mode templates to match your policies and brand.
   • Ensure consent banners clearly explain data collection practices and let users manage their consent preferences.

Adjust consent mode templates during analytics consent setup. [Instructions].

How AesirX can support your eCommerce business

Technical Compliance Details

AesirX's platform gives users control over their data, ensuring compliance with GDPR and the ePrivacy Directive while maintaining transparency and trust.

• Consent Mechanisms:

  • AesirX ensures explicit and informed consent, complying with GDPR. Users are informed about data collection and provide consent before any data is processed. They can reject, consent, or opt for decentralized consent, with clear communication about each option. 
  • The decentralized mechanism allows users to manage consent securely across platforms, with the ability to revoke consent anytime through the AesirX dApp or the original site.

• Data Processing Activities:

  • AesirX ensures all personal data collection, storage, and sharing activities are lawful and transparent, aligned with user consent. The pseudonymization layer (Shield of Privacy) masks identifiable information, allowing users to interact with websites without revealing their identities, enhancing privacy. 
  • All data, whether through standard or decentralized consent, is processed according to GDPR principles, ensuring responsible and secure handling.

• Tracker and Beacon Compliance:

  • Website owners must configure their sites to load third-party trackers and beacons only after obtaining user consent. AesirX provides tools and guidance to facilitate this process, helping site owners implement compliance measures.
  • For decentralized consent, tracking activities are managed through a secure wallet signing process, ensuring all tracking is consented to and transparent. Users are presented with clear options to accept or reject these tracking technologies, with their preferences respected and documented.

Benefits of First-Party Data

AesirX’s platform uses first-party data for accurate insights, ensuring privacy compliance and building user trust. Our commitment to excellence and market-leading capabilities set us apart.

• Privacy and Accuracy

First-party data from user interactions ensures higher accuracy and better privacy. AesirX bypasses third-party trackers, gathering precise data while keeping information confidential.

• Data Minimization

AesirX's first-party solutions align with GDPR by reducing unnecessary data collection, focusing only on relevant user data. This minimizes data breach risks and enhances security.

• User Trust

Using first-party data shows a commitment to user privacy. AesirX’s transparent practices and user-centric consent mechanisms build trust and loyalty among customers.

The competitive landscape

Driving Success with AesirX: Integrated Consent and Analytics

AesirX’s integrated consent and analytics solution helps businesses comply with GDPR and ePrivacy guidelines while gaining valuable insights from first-party data.

In Summary: Why Choose AesirX?

1. Seamless Compliance: Meet GDPR and ePrivacy standards effortlessly, reducing the risk of fines and legal issues.
2. Enhanced User Trust: Transparent data practices and effective consent management build trust, leading to higher user satisfaction and retention.
3. Accurate Insights: Gain precise, actionable insights from first-party data, empowering your business to make informed, data-driven decisions.

Explore AesirX’s Suite of Digital Privacy Solutions

AesirX goes beyond basic compliance. Our comprehensive suite of solutions includes:

• AesirX Analytics: First-party analytics that respects user privacy.
• AesirX Business Intelligence: Smart decision-making with real-time data.
• AesirX Shield of Privacy: Decentralized consent and identity protection.
• AesirX First-Party Server: Secure data storage and control.
• AesirX Single Sign On: Simplifies & secures user access.

By adopting AesirX's solutions, your business not only complies with regulations but also sets a high standard for privacy and trust. Our tools integrate seamlessly into your existing infrastructure, ensuring a smooth and efficient transition.

Take the First Step Towards a Privacy-Focused Future

Explore AesirX’s digital privacy solutions today to strengthen your compliance efforts and build user trust. Conduct a free privacy scan with AesirX Privacy Scanner to assess your current compliance status and take the first step towards a privacy-focused future.

Visit our website to learn more about how AesirX can help your business thrive in a privacy-conscious world. Make the change, protect your users, and drive success with AesirX.

---

Sources:

1. European Data Protection Board website - Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive https://www.edpb.europa.eu/our-work-tools/documents/public-consultations/2023/guidelines-22023-technical-scope-art-53-eprivacy_en
2. GDPR - https://eur-lex.europa.eu/eli/reg/2016/679/oj 
3. AesirX Documentation Hub - https://aesirx.io/documentation 
4. AesirX GitHub Repository - https://github.com/aesirxio 
5. Understanding the Distinction: How ePrivacy Directive Trumps GDPR for Website Compliance - https://www.linkedin.com/pulse/understanding-distinction-how-eprivacy-directive-gdpr-christiansen-9dwbc/
6. GDPR and ePrivacy Directive Compliance: A Guide for Website Owners - https://aesirx.io/blog/aesirx/gdpr-and-eprivacy-directive-compliance-a-guide-for-website-owners