ReCAPTCHA by Google® service collects information that can be used by Google® to identify a visitor so as to determine if the actions on our site are actually human. So, the visitor’s IP address and other data that Google® needs for the reCAPTCHA service can be sent to Google. IP addresses within the member states of the EU or other parties to the Agreement on the European Economic Area are almost always truncated before the data ends up on a server in the United States. The IP address will not be combined with any other Google data unless you are logged in with your Google Account while using a reCAPTCHA service. First, the reCAPTCHA algorithm checks if your browser already has Google cookies from other Google services (YouTube, Gmail, etc.) and then reCAPTCHA sets an additional cookie through your browser to capture a snapshot of your browser window.
Cookies created by the reCAPTCHA service are third party cookies. On our effort to understand and record the information they collect we have created the following list of browser and user data. At any case, this list is not exhaustive and as this is a third-party cookie widely used on internet nowadays, we cannot guarantee that his Google® process is GDPR compliant.
- Referrer URL (the address of the page from which the visitor comes)
- Internet IP address (e.g., 256.123.123.1)
- Information about the operating system (the software that enables you to operate your computer, known operating systems are Windows, Mac OS X or Linux)
- Cookies (small text files that store data in your browser)
- Mouse and keyboard behavior (any action you perform with the mouse or keyboard is saved)
- Date and language settings (which language or which date you have preset on your PC)
- All JavaScript objects (JavaScript is a programming language that allows websites to adapt to the user. JavaScript objects can collect all sorts of data under one name)
- Screen resolution (shows how many pixels the displayed image on your screen is made of)
It is indisputable that Google uses and analyzes this data before you click on the check mark “I am not a robot”. With the Invisible reCAPTCHA version you do not even tick the box anymore and the entire recognition process runs in the background. How much and what data Google® stores exactly, cannot be learned from Google® in detail.
Here we refer to the reCAPTCHA demo version of Google® at https://www.google.com/recaptcha/api2/demo. All these cookies require a unique identifier for tracking purposes.
Here is a list of cookies that Google® reCAPTCHA has set on this demo version:
Name: IDE
Expiry time: after one year
Utilization: This Cookie is set by the firm DoubleClick (also belongs to Google®), in order to register and report the actions of a user in dealing with advertisements on the website. Thus, the advertising effectiveness can be measured, and appropriate optimization measures are taken. IDE is stored in browsers under the domain doubleclick.net.
Example value: WqTUmlnmv_qXyi_DGNPLESKnRNrpgXoy1K-pAZtAkMbHI-311109277
Name: 1P_JAR
Expiry time: after one month
Utilization: This cookie collects statistics about website usage and measures conversions. A conversion occurs, for example, when a user becomes a buyer. The cookie is also used to show users relevant ads. Furthermore, the cookie prevents a user from seeing the same ad more than once.
Example value: 2019-5-14-12
Name: ANID
Expiry time: after 9 months
Utilization: We could not get much information about this cookie. In the privacy policy of Google®, the cookie is mentioned in connection with “advertising cookies” such as “DSID”, “FLC”, “AID”, “TAID”. ANID is stored under the domain google.com.
Example value: U7j1v3dZa3111092770xgZFmiqWppRWKOr
Name: CONSENT
Expiry time: after 19 years
Utilization: The cookie stores the status of a user’s consent to use different services from Google®. CONSENT also serves security purposes by verifying users, preventing credential fraud, and protecting user data from unauthorized attacks.
Example value: YES+AT.de+20150628-20-0
Name: NID
Expiry time: after 6 months
Utilization: NID is used by Google®, in order to tailor ads to your Google-search. With the help of cookies, Google® “remembers” your most-typed searches or your earlier interaction with ads. This way you always get customized advertisements. The cookie contains a unique ID that Google® uses to collect the user’s personal settings for promotional purposes.
Example value: 0WmuWqy311109277zILzqV_nmt3sDXwPeM5Q
Name: DV
Expiry time: after 10 minutes
Utilization: Once you mark the “I’m not a robot” checkbox, this cookie will be enabled. The cookie is used by Google Analytics for personalized advertising. DV collects information in an anonymous form and is further used to make user distinctions.
Example value: gEAABBCjJMXcI0dSAAAANbqc311109277
As aforementioned the above stated list cannot be limited to the cookies and behaviors mentioned as Google® may change cookies behavior according to their business strategy and on demand.