Forget About Me
This page describes how you can implement the GDPR required Forget About Me feature.
Prerequisite
This document assumes you have added the Public Relevance REST API. This documents assumes that you have added the API below /gdpr but as explained in Public Relevance REST API, the exact URL you can choose yourself.
Forget About Me
Once you have the Public Relevance REST API enabled, a visitor can be forgotten the DELETE HTTP request:
/gdpr/visitorinfo
To be GDPR compliant, most likely you want to add some button or link to your website through which the DELETE request is triggered.
If you also want to delete (reset) the Consent Cookie, you can invoke the DELETE HTTP request:
/gdpr/visitorinfo/consentCookie
Alternative Forget About Me
Instead of invoking the above REST endpoints, you can also implement the Forget About Me functionality by a Javascript execution deleting the cookie:
_visitor
Likewise, you can also delete the Consent Cookie in this way, however the exact cookie you need to delete is domain-specific and configured by the property targeting:consentCookieName, see Configure Relevance Tracking Cookie Policy.
Validating the Forget About Me works correctly
After you have implemented the button or link via which a visitor can invoke the Forget About Me request, you can validate its correct working as follows:
First click through some pages on the website. Then check the Personal Data as explained at Serve Personal Data. Validate that you get served your Personal Data. After invoking the Forget About Me request, requesting the Personal Data again should return
{ "visitor":null, "requestLogEntries":null }
Note that if you did not implement the Consent Cookie nor did remove the Consent Cookie as described above, that after invoking Forget About Me, again a new profile will be build up. If you do not want this, make sure that when you invoke the Forget About Me, you also set the Consent Cookie to not allowed tracking.