Bad Behavior sets a single session cookie named “bb2_screener_”. This cookie, which expires at the end of the user’s browser session, records the user’s IP address and time of their most recent visit to your site. The cookie is sent directly from your site, and not by a third party.
Bad Behavior uses this cookie to determine whether a request is a spammer who is rotating through different IP addresses. It is therefore used to maintain the security of your web site.
This cookie is solely used for the security of your web site and is not used for marketing purposes. For the purpose of site security, you may choose to share logs of user requests containing this cookie with a third party (me). If you share these records with me, I use them for the purpose of improving Bad Behavior’s detection of spam, and for no other purpose, I maintain them in encrypted storage, and I delete the records within 90 days.
Currently Bad Behavior has no means to determine whether your users have given consent to receive cookies. Since it is used solely to maintain the security of your site from malicious activity, you may be able to argue that it is exempt from the consent requirement, but since this requirement is new and untested in the courts, it’s not clear whether this will work. It’s also unclear at this time how to integrate such a requirement into Bad Behavior and all of the various possible platforms on which it can run.
If you feel you need any additional information in order to comply with these bizarre new requirements, just contact me and I’ll get you the information you need.
P.S. Bad Behavior is still in need of your support. If you haven’t donated recently, or at all, please consider doing so.