""" Cookie-Knowledge Erweiterung — Adobe, Meta erweitert, Microsoft, LinkedIn, TikTok, Salesforce/HubSpot/Marketo, Hotjar/Mouseflow/FullStory, Live-Chat, Cloudflare/Akamai, Payment, CMP-eigene Cookies, EU-Analytics. Hinweis zu Rechten: Eintraege enthalten ausschliesslich Identitaetsfelder (Cookie-Name, Anbieter, Sitzland) + EIGENE Knappformulierungen + Verweise auf oeffentliche EuGH-/CNIL-/EDPB-Quellen. KEINE 1:1-Kopien aus OneTrust, Cookiepedia oder Vendor-eigenen Beschreibungstexten. Quellen-Pointer: IAB TCF v2.2 Vendor List, CNIL Cookies & Trackers Guidelines 2024, EDPB Guidelines 2/2023, EuGH-Rechtsprechung (Schrems II, Planet49), DSK-Orientierungshilfen 2021/2024. """ from __future__ import annotations from compliance.services.cookie_knowledge_db import CookieKnowledge _ADOBE_BASE = { "vendor": "Adobe Inc.", "vendor_country": "US", "schrems_ii_status": "Drittlandtransfer US. Mit DPF (2023) wieder " "zulaessig; EU-Datenresidenz-Option in Adobe " "Experience Platform verfuegbar.", "eugh_rulings": [ "EuGH C-311/18 (Schrems II)", "EDPB Recommendations 01/2020 — Supplementary Measures", ], } _META_BASE = { "vendor": "Meta Platforms Ireland Ltd.", "vendor_country": "IE", "schrems_ii_status": "Verarbeitung in IE + US-Transfer. DPC Ireland " "Bussgeld 2023 (€1,2 Mrd) wegen unzureichender " "Schutzmassnahmen — DPF deckt seit 2023.", "eugh_rulings": [ "EuGH C-311/18 (Schrems II)", "DPC Ireland 2023 — Meta 1,2 Mrd. EUR", ], } _MICROSOFT_BASE = { "vendor": "Microsoft Corp.", "vendor_country": "US", "schrems_ii_status": "DPF-zertifiziert; EU Data Boundary fuer Azure/365 " "seit 2024 verfuegbar.", "eugh_rulings": ["EuGH C-311/18 (Schrems II)"], } _LINKEDIN_BASE = { "vendor": "LinkedIn Ireland Unlimited Co.", "vendor_country": "IE", "schrems_ii_status": "Microsoft-Konzern, EU-Hauptsitz IE, Transfer US.", "eugh_rulings": ["EuGH C-311/18 (Schrems II)"], } KB_EXT: dict[str, CookieKnowledge] = { # --- Adobe Experience Cloud -------------------------------------- # AMCV_, s_cc, s_sq leben in Base-KB. "demdex": { **_ADOBE_BASE, "vendor": "Adobe Inc. (Audience Manager)", "exact_purpose": "Adobe Audience Manager DMP — Cross-Site-Profil " "fuer Zielgruppen-Segmentierung.", "data_collected": ["dpuuid", "segments"], "ip_relevant": True, "tcf_purpose_ids": [4, 9, 10], "typical_lifetime": "180 Tage", "reid_risk": "high", "technical_necessity": "none", }, # --- Meta erweitert ----------------------------------------------- # fr, _fbc leben in Base-KB. "datr": { **_META_BASE, "exact_purpose": "Facebook Browser-Identifier — Anti-Abuse/Bot-Schutz.", "data_collected": ["browser_fingerprint_id"], "ip_relevant": True, "typical_lifetime": "2 Jahre", "reid_risk": "high", "technical_necessity": "partial", "notes": "Wird auch ohne Consent gesetzt; Meta argumentiert " "Sicherheit. Trotzdem von DSK 2024 kritisch bewertet.", }, # --- Microsoft / Bing --------------------------------------------- # MUID lebt in Base-KB. "MSCC": { **_MICROSOFT_BASE, "exact_purpose": "Microsoft Site Consent — Consent-Status-Speicherung " "fuer Microsoft-eigene Properties.", "data_collected": ["consent_string"], "typical_lifetime": "1 Jahr", "reid_risk": "low", "technical_necessity": "full", "notes": "Strictly necessary nach §25(2) TDDDG.", }, "ai_session": { **_MICROSOFT_BASE, "vendor": "Microsoft Corp. (Application Insights)", "exact_purpose": "Azure Application Insights — Session-Tracking fuer " "Telemetry.", "data_collected": ["session_id"], "typical_lifetime": "30 Minuten", "reid_risk": "medium", "technical_necessity": "partial", }, # --- LinkedIn ------------------------------------------------------ "li_at": { **_LINKEDIN_BASE, "exact_purpose": "LinkedIn-Authentifizierung — Login-Session.", "data_collected": ["auth_token"], "typical_lifetime": "1 Jahr", "reid_risk": "high", "technical_necessity": "full", "notes": "Nur fuer eingeloggte Nutzer; auf externer Site = " "Insight Tag (siehe li_sugr).", }, "li_sugr": { **_LINKEDIN_BASE, "exact_purpose": "LinkedIn Insight Tag — Browser-ID fuer " "Conversion-Tracking + Werbe-Targeting.", "data_collected": ["browser_id"], "ip_relevant": True, "tcf_purpose_ids": [7, 9, 10], "typical_lifetime": "90 Tage", "reid_risk": "high", "technical_necessity": "none", }, # bcookie, lidc leben in Base-KB. # --- TikTok -------------------------------------------------------- "_ttp": { "vendor": "TikTok Pte. Ltd.", "vendor_country": "SG/CN", "exact_purpose": "TikTok Pixel — User-ID fuer Conversion-Tracking + " "Werbeoptimierung.", "data_collected": ["pixel_id", "browser_id"], "ip_relevant": True, "tcf_purpose_ids": [7, 9, 10], "typical_lifetime": "13 Monate", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": "Drittlandtransfer in Drittstaaten ohne " "Angemessenheitsbeschluss. CNIL 2023 — " "TikTok 5 Mio EUR Bussgeld.", "eugh_rulings": [ "CNIL SAN-2022-027 — TikTok 5 Mio EUR", "Italienische DPA 2024 — TikTok 10 Mio EUR", ], }, "ttwid": { "vendor": "TikTok Pte. Ltd.", "vendor_country": "SG/CN", "exact_purpose": "TikTok Web-Identifier — eindeutige Browser-ID auch " "ohne Login.", "data_collected": ["ttwid"], "typical_lifetime": "1 Jahr", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": "Wie _ttp.", }, # --- HubSpot / Marketo / Salesforce ------------------------------ "hubspotutk": { "vendor": "HubSpot Inc.", "vendor_country": "US", "exact_purpose": "HubSpot User-Token — Cross-Visit-Identitaet fuer " "Lead-Tracking.", "data_collected": ["user_token"], "ip_relevant": True, "tcf_purpose_ids": [7, 8], "typical_lifetime": "6 Monate", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": "DPF-zertifiziert.", }, "__hssc": { "vendor": "HubSpot Inc.", "vendor_country": "US", "exact_purpose": "HubSpot Session-Tracking — Pageviews innerhalb " "einer Session.", "data_collected": ["session_count"], "typical_lifetime": "30 Minuten", "reid_risk": "low", "technical_necessity": "none", }, "_mkto_trk": { "vendor": "Adobe Inc. (Marketo)", "vendor_country": "US", "exact_purpose": "Marketo Munchkin-Tracker — Lead-Identifikation " "fuer Marketing-Automation.", "data_collected": ["munchkin_id", "session_id"], "ip_relevant": True, "typical_lifetime": "2 Jahre", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": _ADOBE_BASE["schrems_ii_status"], }, "BrowserId_sec": { "vendor": "Salesforce.com Inc.", "vendor_country": "US", "exact_purpose": "Salesforce Marketing Cloud Browser-Token — " "Cross-Visit-Identifikation.", "data_collected": ["browser_id"], "typical_lifetime": "1 Jahr", "reid_risk": "medium", "technical_necessity": "none", "schrems_ii_status": "DPF-zertifiziert.", }, # --- Session-Recording / Heatmaps --------------------------------- "_hjSessionUser_": { "vendor": "Hotjar Ltd.", "vendor_country": "MT", "exact_purpose": "Hotjar User-ID — Cross-Visit-Identifikation fuer " "Session-Recording + Heatmaps.", "data_collected": ["user_id"], "ip_relevant": True, "typical_lifetime": "1 Jahr", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": "EU (Malta) — kein Drittland. Aber: parent " "Contentsquare (FR) hostet teilweise in US.", "notes": "Suffix ``. Pattern-Match noetig. " "DSGVO-Aufzeichnung = Einwilligung pflichtig.", "eu_alternative_vendor": "Mouseflow / Smartlook (CZ)", }, "_hjSession_": { "vendor": "Hotjar Ltd.", "vendor_country": "MT", "exact_purpose": "Hotjar Session-Token — eindeutige Session-ID " "innerhalb 30min Inaktivitaet.", "data_collected": ["session_id"], "typical_lifetime": "30 Minuten", "reid_risk": "medium", "technical_necessity": "none", }, "fs_uid": { "vendor": "FullStory Inc.", "vendor_country": "US", "exact_purpose": "FullStory User-ID — Cross-Visit-Identifikation " "fuer Session-Replay.", "data_collected": ["user_id"], "ip_relevant": True, "typical_lifetime": "1 Jahr", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": "DPF-zertifiziert. EU-Region verfuegbar (opt-in).", }, "mf_user": { "vendor": "Mouseflow Aps", "vendor_country": "DK", "exact_purpose": "Mouseflow User-ID — Cross-Visit-Identifikation fuer " "Heatmap + Recording.", "data_collected": ["user_id"], "typical_lifetime": "1 Jahr", "reid_risk": "medium", "technical_necessity": "none", "schrems_ii_status": "EU (DK) — kein Drittland.", }, # --- Live-Chat ---------------------------------------------------- "intercom-id-": { "vendor": "Intercom Inc.", "vendor_country": "US", "exact_purpose": "Intercom Visitor-ID — Wiedererkennung anonymer " "Besucher fuer Chat-History.", "data_collected": ["visitor_id"], "typical_lifetime": "9 Monate", "reid_risk": "medium", "technical_necessity": "partial", "schrems_ii_status": "DPF-zertifiziert; EU-Datenresidenz optional.", "notes": "Suffix ``. Pattern-Match noetig.", }, "driftt_aid": { "vendor": "Salesforce.com Inc. (Drift)", "vendor_country": "US", "exact_purpose": "Drift Anonymous-Visitor-ID fuer Chat-Personalisierung.", "data_collected": ["visitor_id"], "typical_lifetime": "2 Jahre", "reid_risk": "medium", "technical_necessity": "partial", }, "__zlcmid": { "vendor": "Zendesk Inc.", "vendor_country": "US", "exact_purpose": "Zendesk Chat Visitor-ID fuer Session-Tracking.", "data_collected": ["chat_visitor_id"], "typical_lifetime": "1 Jahr", "reid_risk": "medium", "technical_necessity": "partial", "schrems_ii_status": "DPF-zertifiziert; EU-Datacenter optional.", }, # --- CDN / Sicherheit (strictly necessary) ----------------------- # __cf_bm, cf_clearance leben in Base-KB. "AKA_A2": { "vendor": "Akamai Technologies Inc.", "vendor_country": "US", "exact_purpose": "Akamai Adaptive Acceleration — geroutete Best-Path-" "Optimierung.", "data_collected": ["a2_route"], "typical_lifetime": "1 Stunde", "reid_risk": "low", "technical_necessity": "full", }, # --- Payment (strictly necessary fuer Checkout) ------------------ "__stripe_mid": { "vendor": "Stripe Payments Europe Ltd.", "vendor_country": "IE", "exact_purpose": "Stripe Fraud-Detection Merchant-ID — Risiko-Scoring " "fuer Zahlungs-Authentifizierung.", "data_collected": ["merchant_visitor_id"], "ip_relevant": True, "typical_lifetime": "1 Jahr", "reid_risk": "low", "technical_necessity": "full", "schrems_ii_status": "EU (IE) — kein Drittland.", "notes": "Strictly necessary nach §25(2) TDDDG fuer Zahlungsabwicklung.", }, "__stripe_sid": { "vendor": "Stripe Payments Europe Ltd.", "vendor_country": "IE", "exact_purpose": "Stripe Session-ID — temporaere Zahlungs-Session.", "data_collected": ["session_id"], "typical_lifetime": "30 Minuten", "reid_risk": "low", "technical_necessity": "full", }, # --- CMP-eigene Cookies (strictly necessary) --------------------- "CookieConsent": { "vendor": "Cybot A/S (Cookiebot)", "vendor_country": "DK", "exact_purpose": "Cookiebot Consent-Speicherung — gewaehlte " "Kategorien + Zeitstempel.", "data_collected": ["consent_categories", "consent_timestamp"], "typical_lifetime": "1 Jahr", "reid_risk": "low", "technical_necessity": "full", "schrems_ii_status": "EU (DK). Wenn EU-Cloud, kein Drittland.", }, "OptanonConsent": { "vendor": "OneTrust LLC", "vendor_country": "US", "exact_purpose": "OneTrust Consent-Speicherung — Kategorien + " "Vendor-Liste + Zeitstempel.", "data_collected": ["consent_categories", "consent_string"], "typical_lifetime": "1 Jahr", "reid_risk": "low", "technical_necessity": "full", "schrems_ii_status": "DPF-zertifiziert; EU-Cloud optional.", }, "OptanonAlertBoxClosed": { "vendor": "OneTrust LLC", "vendor_country": "US", "exact_purpose": "OneTrust UI-Flag — verhindert Re-Display des " "Banners nach Schliessung.", "data_collected": ["closed_timestamp"], "typical_lifetime": "1 Jahr", "reid_risk": "low", "technical_necessity": "full", }, "usercentrics-uuid": { "vendor": "Usercentrics GmbH", "vendor_country": "DE", "exact_purpose": "Usercentrics Consent-Speicherung — UUID-basiert.", "data_collected": ["consent_uuid", "consent_settings"], "typical_lifetime": "1 Jahr", "reid_risk": "low", "technical_necessity": "full", "schrems_ii_status": "DE — kein Drittland.", }, # --- Weitere Social / Werbeplattformen --------------------------- # _pin_unauth lebt in Base-KB. "_scid": { "vendor": "Snap Group Ltd.", "vendor_country": "GB/US", "exact_purpose": "Snapchat Pixel — Conversion-Tracking fuer " "Snap Ads.", "data_collected": ["snap_visitor_id"], "ip_relevant": True, "tcf_purpose_ids": [7, 9, 10], "typical_lifetime": "1 Jahr", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": "Drittlandtransfer; UK seit 2021 mit " "Angemessenheitsbeschluss.", }, "guest_id": { "vendor": "X Corp. (Twitter)", "vendor_country": "US", "exact_purpose": "X/Twitter Guest-Identifier — Tracking nicht " "eingeloggter Besucher inkl. Embeds.", "data_collected": ["guest_id"], "ip_relevant": True, "tcf_purpose_ids": [4, 9, 10], "typical_lifetime": "2 Jahre", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": "DPF-Status unklar seit Eigentuemerwechsel 2022. " "Erhoehtes Risiko, EDPB beobachtet.", }, "VISITOR_INFO1_LIVE": { "vendor": "Google Ireland Ltd. (YouTube)", "vendor_country": "IE", "exact_purpose": "YouTube Embed Visitor-ID — Bandbreiten-Optimierung " "+ Empfehlungsalgorithmus.", "data_collected": ["youtube_visitor_id"], "ip_relevant": True, "tcf_purpose_ids": [8, 10], "typical_lifetime": "6 Monate", "reid_risk": "high", "technical_necessity": "none", "notes": "YouTube-NoCookie-Domain (youtube-nocookie.com) reduziert " "Tracking — DSGVO-konformer.", }, "vuid": { "vendor": "Vimeo Inc.", "vendor_country": "US", "exact_purpose": "Vimeo User-Identifier — Wiedererkennung " "wiederkehrender Besucher fuer Statistik.", "data_collected": ["vimeo_user_id"], "typical_lifetime": "2 Jahre", "reid_risk": "medium", "technical_necessity": "none", "schrems_ii_status": "DPF-zertifiziert.", }, # --- Marketing-Automation / Email -------------------------------- "__kla_id": { "vendor": "Klaviyo Inc.", "vendor_country": "US", "exact_purpose": "Klaviyo Visitor-Tracking — fuer E-Mail-Marketing-" "Attribution.", "data_collected": ["klaviyo_id"], "ip_relevant": True, "typical_lifetime": "2 Jahre", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": "DPF-zertifiziert.", }, "_mcid": { "vendor": "Intuit Mailchimp", "vendor_country": "US", "exact_purpose": "Mailchimp Email-Click-Tracking — Verknuepft " "Pageviews mit gesendeter Kampagne.", "data_collected": ["mc_email_id"], "typical_lifetime": "1 Jahr", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": "DPF-zertifiziert.", }, # --- Product-Analytics / CDP ------------------------------------- "mp_": { "vendor": "Mixpanel Inc.", "vendor_country": "US", "exact_purpose": "Mixpanel Distinct-ID + Properties — " "Pseudonyme Event-Analytics.", "data_collected": ["distinct_id", "properties"], "typical_lifetime": "1 Jahr", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": "DPF-zertifiziert; EU-Residency optional.", "notes": "Suffix `_mixpanel`. Pattern-Match noetig.", }, "ajs_anonymous_id": { "vendor": "Twilio Inc. (Segment)", "vendor_country": "US", "exact_purpose": "Segment Anonymous-ID — Cross-Device-Identitaet " "vor Login.", "data_collected": ["anonymous_id"], "typical_lifetime": "1 Jahr", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": "DPF-zertifiziert; EU-Datenresidenz optional.", }, "AMP_": { "vendor": "Amplitude Inc.", "vendor_country": "US", "exact_purpose": "Amplitude Device-ID — Cross-Session-Identitaet " "fuer Product-Analytics.", "data_collected": ["device_id", "session_id"], "typical_lifetime": "1 Jahr", "reid_risk": "high", "technical_necessity": "none", "schrems_ii_status": "DPF-zertifiziert.", "notes": "Suffix ``. Pattern-Match noetig.", }, # --- A/B-Testing ------------------------------------------------- "optimizelyEndUserId": { "vendor": "Optimizely Inc.", "vendor_country": "US", "exact_purpose": "Optimizely End-User-ID — konsistente " "Experiment-Zuteilung pro Besucher.", "data_collected": ["end_user_id", "variation_assignments"], "typical_lifetime": "6 Monate", "reid_risk": "medium", "technical_necessity": "none", "schrems_ii_status": "DPF-zertifiziert.", }, # --- RUM / Monitoring (oft strictly necessary diskutiert) -------- "_dd_s": { "vendor": "Datadog Inc.", "vendor_country": "US", "exact_purpose": "Datadog RUM Session-Tracking — Performance- " "Monitoring + Fehler-Telemetrie.", "data_collected": ["session_id", "session_type"], "typical_lifetime": "15 Minuten", "reid_risk": "low", "technical_necessity": "partial", "schrems_ii_status": "EU-Region (Frankfurt) verfuegbar.", "notes": "Bei reiner Server-/Fehler-Telemetrie ohne Cross-Site-" "Tracking Argument fuer berechtigtes Interesse moeglich.", }, # --- EU-Analytics-Alternativen ----------------------------------- "_pk_ref": { "vendor": "InnoCraft Ltd. (Matomo)", "vendor_country": "NZ", "exact_purpose": "Matomo Referrer-Tracking — Quelle des Besuchs.", "data_collected": ["referrer", "campaign"], "typical_lifetime": "6 Monate", "reid_risk": "low", "technical_necessity": "none", "schrems_ii_status": "NZ hat Angemessenheitsbeschluss (2012). " "Bei On-Premise-Hosting kein Transfer.", "notes": "Self-Hosting empfohlen — dann zeroes Drittland.", }, "_pk_cvar": { "vendor": "InnoCraft Ltd. (Matomo)", "vendor_country": "NZ", "exact_purpose": "Matomo Custom-Variables — pro Visit konfigurierbar.", "data_collected": ["custom_vars"], "typical_lifetime": "30 Minuten", "reid_risk": "low", "technical_necessity": "none", }, } # Pattern-Lookups fuer dynamische Cookie-Namen _EXT_PATTERNS: list[tuple[str, str]] = [ (r"^_hjSessionUser_", "_hjSessionUser_"), (r"^_hjSession_", "_hjSession_"), (r"^intercom-id-", "intercom-id-"), (r"^mp_", "mp_"), (r"^AMP_", "AMP_"), ] def lookup_cookie_extended(name: str) -> CookieKnowledge | None: """Lookup in der KB_EXT (Extension). None wenn nicht gefunden.""" import re if not name: return None # noqa: E701 if name in KB_EXT: return KB_EXT[name] # noqa: E701 for pat, key in _EXT_PATTERNS: if re.search(pat, name): return KB_EXT.get(key) # noqa: E701 base = name.split(".", 1)[0] if base != name and base in KB_EXT: return KB_EXT[base] # noqa: E701 return None