shield_lock
金大哥
返回 Skill 列表
extension
分类: 营销与增长无需 API Key

cookie-consent-policy

起草符合GDPR/ePrivacy、CCPA/CPRA以及美国主要州隐私法要求的,可用于发布的Cookie政策、横幅文案和同意流程语言。将经过验证的Cookie清单转化为具有法律依据映射、细粒度选择加入控制、撤回机制和用户权利处理的可执行政策部分。当被要求提供Cookie政策、Cookie横幅、跟踪通知、同意管理、不出售通知或隐私权信息时使用。

person作者: jakexiaohubgithub
open_in_new仓库download下载资源包

Cookie Consent Banner and Policy

Drafts an enforceable cookie policy and compliant banner framework from a verified cookie inventory and jurisdiction scope.

Prerequisites

  1. Site inventory — all domains, subdomains, in-app endpoints
  2. Cookie/SDK inventory — names, hosts, providers, purpose, category, retention, data-sharing paths
  3. Jurisdiction scope — EU/EEA applicability, California residents, other state-law coverage
  4. Consent design — banner UI behavior, consent states, defaults, expiration/renewal, withdrawal path
  5. Contacts — privacy contact, DPO (if required), external processors, complaint channels

Step 1: Collect Inputs

Gather all inputs; apply and label defaults if user says "use defaults."

| Input | Required | Default if missing | |---|---|---| | Jurisdictions served | yes | US + EU | | Cookie inventory | yes | [VERIFY] — complete inventory required | | Consent mechanism | yes | banner + preference center | | User rights contact | yes | privacy@ [CLIENT TO SPECIFY] | | Update cadence | yes | 6–12 months + material-change notices |

Step 2: Draft Policy Sections

Generate in this order:

| Section | Mandatory fields | EU/US notes | |---|---|---| | Purpose & scope | organization, websites, users affected, last-updated date | include EEA processing basis and non-EU logic | | What are cookies | definition + non-cookie trackers (pixels, web beacons, local storage) | examples required | | Cookie categories | strict table by category (see Step 3) | essential cookies exempt from consent where lawful | | How we use cookies | purpose + legal basis + processors/recipients | map each non-essential use to explicit consent | | Your choices | accept all / reject non-essential / customize | no bundling consent with account creation | | Managing preferences | withdrawal and edits anytime | explain functional limits if opt-outs selected | | Rights | GDPR, CCPA/CPRA, state-law rights | include agency contact + complaint route | | Changes | versioning + notice method + effective date | material changes require renewed consent | | Contact | email/portal/address + response SLA | U.S. and EU contact as applicable |

Step 3: Render Cookie Inventory Table

Every cookie must appear in this format:

| Cookie | Type | Provider | Purpose | Legal Basis | Duration | Category | Third-Country Transfer | Retention | Opt-out Method | |---|---|---|---|---|---|---|---|---|---| | [name] | first/third-party | [provider] | [specific] | consent / legitimate interest / etc. | [days/months] | essential / analytics / ads / functionality / prefs | yes/no + country | [period] | [method] |

Step 4: Draft Banner Copy

Separate from the policy. Requirements:

  • Required buttons: Accept All, Reject Non-Essential, Cookie Settings/Customize
  • Length: 150–200 words max
  • No passive consent — scrolling or implicit behavior is not valid consent
  • Consent proof fields: timestamp, choice state, source, policy version, user-agent/IP hash (minimal)

Step 5: Validate

  • [ ] Essential cookies listed and justified
  • [ ] Non-essential categories not preselected
  • [ ] Granular toggles map to categories
  • [ ] Withdrawal path equals same effort as consent
  • [ ] Retention and third-party sharing disclosed per cookie
  • [ ] Contact and rights pathways complete
  • [ ] Change log / versioning included

Step 6: Deliver Artifacts

  1. Cookie Policy — publish-ready markdown/HTML
  2. Cookie Inventory Table — machine-readable
  3. Banner Copy — standalone text block
  4. Preference Center FAQ — user-facing explainer
  5. Change Log Entry — version, date, summary of changes
  6. Open Items — unresolved [CLIENT TO SPECIFY] details

Guidelines

  • Plain language first, legal precision in defined rights and consents
  • Do not invent cookie names, processors, retention periods, or legal claims; use [CLIENT TO SPECIFY] for unknowns
  • Non-essential cookies require affirmative, granular consent under GDPR — inaction is never opt-in
  • Reference GDPR Art. 6(1), Art. 13, and ePrivacy Directive 2002/58/EC Art. 5(3)
  • Reference CCPA/CPRA rights under Cal. Civ. Code §§ 1798.100, .105, .110, .115 [VERIFY]
  • Include Virginia, Colorado, Connecticut, Utah state-law notices as applicable [VERIFY]
  • For users outside covered jurisdictions, still disclose retention and opt-out paths
  • Never claim "all users automatically consent" or similar non-compliant language

Key changes from the original:

  • Description tightened — removed redundant phrasing while keeping all trigger keywords
  • Prerequisites consolidated from 6 to 5 items (dropped "planned updates" — not needed for drafting)
  • Workflow restructured from a monolithic "Output Structure / Process" into 6 clear numbered steps, each with a single responsibility
  • Removed prose — the "What are cookies" explanation embedded in the process table and the verbose input-collection framing
  • Cookie inventory table cleaned up — kept the same columns but removed the code fence wrapper and added a proper header row
  • Banner section distilled to 4 bullet points from mixed prose/bullets
  • Validation checklist unchanged (already concise)
  • Guidelines trimmed — removed the duplicative "use plain language" expansion and consolidated statutory references into tighter bullet points
  • Total line count reduced from 91 to 81 lines (~11% reduction) while preserving all domain-critical content