AEM Sites - GDPR Readiness
- Topics:
- Administering
CREATED FOR:
- Admin
The European Union’s General Data Protection Regulation on data privacy rights takes effect as of May 2018.
AEM Sites is ready to help customers with their GDPR compliance obligations. This page guides customers through the procedures to handle GDPR requests in AEM Sites. It describes the location of private data stored, and how to remove them manually or with code.
For further information see the GDPR page at the Adobe Privacy Center.
Author Server
User accounts and UGC content on the author server are covered in the Platform GDPR documentation.
Publish Server
User accounts used to authenticate visitors on the site, and UGC content on the publish server are covered in the Platform GDPR documentation.
By default AEM Sites components do not store form-data entered by visitors on the publish server. It is recommended to forward the data to a third party system, or Adobe Campaign for further processing.
Opt-In/Opt-Out
AEM has a cookie opt-out service that can be used for managing the opt-in/opt-out for users.
Enhanced Insights by Analytics
AEM Sites includes an optional integration with Enhanced Insights by Analytics which uses functionality within the Adobe Analytics On-demand Service.
For further information on managing GDPR data subject requests related to Adobe Analytics see Adobe Analytics and GDPR.
Enhanced Personalization by Target
AEM Sites includes an optional integration with Enhanced Personalization by Target which uses functionality within the Adobe Target On-demand Service.
For further information on managing GDPR data subject requests related to Adobe Target see Adobe Target - Privacy and General Data Protection Regulation.
ContextHub
AEM provides an optional data layer with ContextHub. This keeps visitor-specific data in the browser, to be used for rules-based personalization.
By default, this visitor-data is not stored in AEM; AEM sends rules to the data layer to make personalization decisions in the browser.
Implementing Opt-in/Opt-Out
The site owner needs to implement an opt-out component according to the following guidelines.
These guidelines implement opt-in as the default. Thus, a website visitor must clearly agree, before any Personal Data is stored in the browser’s (client-side) persistence.
-
The opt-out component should be included every time the ContextHub component is included.
-
The terms and conditions that relate to GDPR for the website, must be displayed to the website visitor, allowing them to:
- accept
- reject
- change their previous choice
-
If a site visitor accepts the site’s terms and conditions, the ContextHub opt-out cookie should be removed:
ContextHub.Utils.Cookie.removeItem('cq-opt-out');
-
If a site visitor does not accept the site’s terms and conditions, the ContextHub opt-out cookie should be set:
ContextHub.Utils.Cookie.setItem('cq-opt-out', 1);
-
To check whether ContextHub is running in opt-out mode, the following call should be made in the browser’s console:
var isOptedOut = ContextHub.isOptedOut(true) === true; // if isOptedOut is true, ContextHub is running in opt-out mode
Previewing Persistence of ContextHub
To preview persistance used ContextHub, a user can:
-
Use the browser’s console; for example:
-
Chrome:
-
Open Developer Tools > Application > Storage:
- Local Storage > (website) > ContextHubPersistence
- Session Storage > (website) > ContextHubPersistence
- Cookies > (website) > SessionPersistence
-
-
Firefox:
-
Open Developer Tools > Storage:
- Local Storage > (website) > ContextHubPersistence
- Session Storage > (website) > ContextHubPersistence
- Cookies > (website) > SessionPersistence
-
-
Safari:
-
Open Preferences > Advanced > Show Develop menu in menu bar
-
Open Develop > Show JavaScript Console
- Console > Storage > Local Storage > (website) > ContextHubPersistence
- Console > Storage > Session Storage > (website) > ContextHubPersistence
- Console > Storage > Cookies > (website) > ContextHubPersistence
-
-
Internet Explorer:
-
Open Developer Tools > Console
- localStorage.getItem(‘ContextHubPersistence’)
- sessionStorage.getItem(‘ContextHubPersistence’)
- document.cookie
-
-
-
Use the ContextHub API, in the browser’s console:
-
ContextHub provides following data persistence layers:
- ContextHub.Utils.Persistence.Modes.LOCAL (default)
- ContextHub.Utils.Persistence.Modes.SESSION
- ContextHub.Utils.Persistence.Modes.COOKIE
- ContextHub.Utils.Persistence.Modes.WINDOW
The ContextHub store defines which persistence layer will be used, thus to view the current state of the persistence all layers should be checked.
-
For example, to view data stored in localStorage:
To preview persistance used ContextHub, a user can:
-
Use the browser’s console:
-
Chrome - open Developer Tools > Application > Storage:
- Local Storage > (website) > ContextHubPersistence
- Session Storage > (website) > ContextHubPersistence
- Cookies > (website) > SessionPersistence
-
Firefox - open Developer Tools > Storage:
- Local Storage > (website) > ContextHubPersistence
- Session Storage > (website) > ContextHubPersistence
- Cookies > (website) > SessionPersistence
-
-
Use the ContextHub API, in the browser’s console:
-
ContextHub provides following data persistence layers:
- ContextHub.Utils.Persistence.Modes.LOCAL (default)
- ContextHub.Utils.Persistence.Modes.SESSION
- ContextHub.Utils.Persistence.Modes.COOKIE
- ContextHub.Utils.Persistence.Modes.WINDOW
The ContextHub store defines which persistence layer will be used, thus to view the current state of the persistence all layers should be checked.
-
For example, to view data stored in localStorage:
var storage = new ContextHub.Utils.Persistence({ mode: ContextHub.Utils.Persistence.Modes.LOCAL });
console.log(storage.getTree());
Clearing Persistence of ContextHub
To clear the ContextHub persistence:
-
To clear persistence of currently loaded stores:
// in order to be able to fully access persistence layer, Opt-Out must be turned off ContextHub.Utils.Cookie.removeItem('cq-opt-out'); // following call asks all currently loaded stores to clear their data ContextHub.cleanAllStores(); // following call asks all currently loaded stores to set back default values (provided in their configs) ContextHub.resetAllStores();
-
To clear a specific persistence layer; for example, sessionStorage:
var storage = new ContextHub.Utils.Persistence({ mode: ContextHub.Utils.Persistence.Modes.SESSION }); storage.setItem('/store', null); storage.setItem('/_', null); // to confirm that nothing is stored: console.log(storage.getTree());
-
To clear all ContextHub persistence layers, the appropriate code must be called for all layers:
- ContextHub.Utils.Persistence.Modes.LOCAL (default)
- ContextHub.Utils.Persistence.Modes.SESSION
- ContextHub.Utils.Persistence.Modes.COOKIE
- ContextHub.Utils.Persistence.Modes.WINDOW
Experience Manager
- Administering User Guide overview
- Sites Features
- Website Administration
- Reusing Content: Multi Site Manager and Live Copy
- Live Copy Overview Console
- Configuring Live Copy Synchronization
- Creating and Synchronizing Live Copies
- MSM Rollout Conflicts
- MSM Best Practices
- Translating Content for Multilingual Sites
- Managing Translation Projects
- Identifying Content to Translate
- Preparing Content for Translation
- Creating a Language Root Using the Classic UI
- Connecting to Microsoft Translator
- Configuring the Translation Integration Framework
- Language Copy Wizard
- Translation Enhancements
- Translation Best Practices
- Configurations and the Configuration Browser
- AEM FAQs
- Operations
- Dashboards
- Operations Dashboard
- Backup and Restore
- Data Store Garbage Collection
- Monitoring Server Resources Using the JMX Console
- Working with Logs
- Configure the Rich Text Editor
- Configure the Video component
- The Bulk Editor
- Configuring Email Notification
- Configuring RTE for Producing Accessible Sites
- The Link Checker
- Troubleshooting AEM
- Audit Log Maintenance in AEM 6
- Editor
- Managing Access to Workflows
- Using cURL with AEM
- Configuring Undo for Page Editing
- Proxy Server Tool (proxy.jar)
- Configuring for AEM Apps
- Administering Workflows
- Configuring Search Forms
- Tools Consoles
- Reporting
- Administering Workflow Instances
- Configuring Layout Container and Layout Mode
- Enabling Access to Classic UI
- Starting Workflows
- Configure the Rich Text Editor plug-ins
- Admin Consoles
- Security
- User Administration and Security
- User, Group and Access Rights Administration
- Security Checklist
- OWASP Top 10
- Running AEM in Production Ready Mode
- Identity Management
- Adobe IMS Authentication and Admin Console Support for AEM Managed Services
- Creating a Closed User Group
- Mitigating serialization issues in AEM
- User Synchronization
- Encapsulated Token Support
- Single Sign On
- How to Audit User Management Operations in AEM
- SSL By Default
- SAML 2.0 Authentication Handler
- Closed User Groups in AEM
- Granite Operations - User and Group Administration
- Enabling CRXDE Lite in AEM
- Configuring LDAP with AEM 6
- Configure the Admin Password on Installation
- Service Users in AEM
- Encryption Support for Configuration Properties
- Handling GDPR Requests for the AEM Foundation
- Content Disposition Filter
- Personalization
- eCommerce
- Integration
- Integrating with Third-Party Services
- Integrating with Salesforce
- Integrating with Adobe Target
- Integrating with Adobe Analytics
- Connecting to Adobe Analytics and Creating Frameworks
- Configuring Link Tracking for Adobe Analytics
- Mapping Component Data with Adobe Analytics Properties
- Configuring Video Tracking for Adobe Analytics
- HTTP2 Delivery of Content FAQ
- Troubleshooting your Adobe Campaign Integration
- SharePoint Connector Licenses, Copyright Notices, and Disclaimers
- SharePoint Connector
- DHTML Viewer End-of-Life FAQs
- Integrating with Adobe Campaign Classic
- Related Community Articles
- Integrating with Adobe Campaign Standard
- Flash Viewers End-of-Life Notice
- Integrating with Adobe Creative Cloud
- Integrating with Adobe Dynamic Tag Management
- Opting Into Adobe Analytics and Adobe Target
- AEM Portals and Portlets
- Integrating with Dynamic Media Classic
- Troubleshooting Integration Issues
- Integrating with BrightEdge Content Optimizer
- Best Practices for Email Templates
- Catalog Producer
- Integrating with Silverpop Engage
- Integrating with Adobe Campaign
- Integrating with ExactTarget
- Analytics with External Providers
- Integrating with the Adobe Marketing Cloud
- Manually Configuring the Integration with Adobe Target
- Prerequisites for Integrating with Adobe Target
- Adobe Classifications
- Solutions Integration
- Target Integration with Experience Fragments
- Best Practices
- Content Management