feat: cookie declaration#20
Open
leeHensman wants to merge 4 commits into
Open
Conversation
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
This PR expands the GDPR standard and assessment playbook to explicitly cover cookies, third-party scripts, and other tracking technologies, including declaration and consent-gating requirements aligned with ePrivacy/PECR.
Changes:
- Adds a new “Cookies & Tracking Technologies” section to the GDPR standard, including categories, gating rules, and a JSON declaration example.
- Updates the GDPR assessment playbook to include cookie/tracking evaluation criteria.
- Updates agent/context indexes to surface the new cookie/tracking guidance via keywords.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
| standards/gdpr.md | Introduces detailed cookie/tracking declaration + gating requirements and adds new non-negotiables/checklist items. |
| playbooks/assess/gdpr.md | Adds cookie/tracking coverage to the GDPR assessment scope and evaluation table. |
| core/AGENTS.md | Updates GDPR summary to mention cookie declaration. |
| core/.context/index.md | Adds cookie/tracking keywords to improve discoverability of GDPR guidance. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Add canonical Category ID column matching the JSON enum - Base consent exemption on strictly-necessary test, not absence of personal data - Clarify JSON declaration covers all tracking technologies, rename array to entries
- Separate device fingerprinting from client-side storage bullet - Document JSON schema field formats (providerType/providerName, canonical expiry) - Rename remaining 'JSON cookie declaration' to 'JSON tracking declaration'
- Use 'persistent' for non-expiring storage instead of misleading P0D - Tighten consent-withdrawal storage-clearing for third-party/HttpOnly cases - Require declaring all storage keys, not only personal-data/tracking ones - Rename 'cookie declaration' to 'cookies & tracking declaration' in core index
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Enhance GDPR compliance documentation with cookie declaration requirements