Until now, we thought it would be best to be as flexible and transparent as possible to manage issues thrown by our compliance monitor. The customer should have the power to manage everything to its detail. For that to accomplish, we collected, e.g. all cookies from a website, and its child pages, and aggregated them in a way that you can see on which pages a cookie popped up.
That meant, the same cookie on different pages was treated as a separate issue!
On a positive note, we could argue that a cookie might be allowed on a subpage, but not on the landing page of a website. And this cookie issue could have been acknowledged for the subpage, but stays open for the landing page until fixed.
This resulted in a massive number of issues, which deterred most people from tackling these in the first place.
The solution to manageability
We were looking to lower down the number of issues, without getting intransparent or loosing information. For that to accomplish we decided to count a cookie only by its name, but not by the sum of occurrences on different pages. But we also keep the information about the different pages where we found the cookie, to provide additonal hints where it could have been set in the web application.
The end result was great. From the large number of issues we go down to about 10% of them. Which makes it a lot more arguable to work with and in the end no important information was left behind.
In this article we took especially cookie issues as example, because they caused most of the troubles and lot of discussion with customers. But we roll out this aggregation not only for cookies but for all categories where it is not necessary to keep a count on every single occurrence, but on the occurrence at all.
I hope you liked this article and it was helping getting a little behind the scenes.