Forget About Me - BloomReach Experience - Open Source CMS

This article covers a Hippo CMS version 11. There's an updated version available that covers our most recent release.

19-10-2017

Forget About Me

This feature is available since Hippo CMS 11.2.3.

This page describes how you can implement the GDPR required Forget About Me feature.

Prerequisite

This document assumes you have added the Public Relevance REST API. This documents assumes that you have added the API below /gdpr but as explained in Public Relevance REST API, the exact URL you can choose yourself.

Forget About Me

Once you have the Public Relevance REST API enabled, a visitor can be forgotten the DELETE HTTP request:

/gdpr/visitorinfo
The /gdpr part thus depends on how you added the REST api

To be GDPR compliant, most likely you want to add some button or link to your website through which the DELETE request is triggered. 

If you also want to delete (reset) the Consent Cookie, you can invoke the DELETE HTTP request:

/gdpr/visitorinfo/consentCookie

Alternative Forget About Me

Instead of invoking the above REST endpoints, you can also implement the Forget About Me functionality by a Javascript execution deleting the cookie:

_visitor

Likewise, you can also delete the Consent Cookie in this way, however the exact cookie you need to delete is domain-specific and configured by the property targeting:consentCookieName, see Configure Relevance Tracking Cookie Policy.

Validating the Forget About Me works correctly

After you have implemented the button or link via which a visitor can invoke the Forget About Me request, you can validate its correct working as follows:

First click through some pages on the website. Then check the Personal Data as explained at Serve Personal Data. Validate that you get served your Personal Data. After invoking the Forget About Me request, requesting the Personal Data again should return

{   
  "visitor":null,   
  "requestLogEntries":null 
}

Note that if you did not implement the Consent Cookie nor did remove the Consent Cookie as described above, that after invoking Forget About Me, again a new profile will be build up. If you do not want this, make sure that when you invoke the Forget About Me, you also set the Consent Cookie to not allowed tracking.

 

Did you find this page helpful?
How could this documentation serve you better?
On this page
    Did you find this page helpful?
    How could this documentation serve you better?