Does your website use third-party services? Get GDPR compliant in minutes.

Vicomi

What does Vicomi do?

Emotion based commenting and reaction widget that lets readers respond to articles with emojis and stores reaction and session cookies on visitors devices.

What is Vicomi

Vicomi was an audience engagement widget that publishers embedded on article pages to collect emotional reactions and threaded comments. The script loaded from vicomi.com and rendered an interactive panel of emoji buttons that readers tapped to express feelings such as happy, sad, angry or surprised. The platform was operated from the United States and although the company is now defunct the widget endpoints continued to serve assets and set cookies for a long time after.

Cookies and data collected

Vicomi sets persistent cookies on the publisher domain and on the vicomi.com domain to remember which reactions a visitor has cast, to maintain login state for commenters and to detect duplicate votes. The widget also collects the page URL, the referrer, the browser user agent, the IP address and timestamps for each interaction. This combination of identifiers qualifies as personal data under the GDPR.

GDPR and ePrivacy implications

Because Vicomi stores identifiers in the browser that are not strictly necessary to deliver a service requested by the user, Article 5(3) of the ePrivacy Directive requires prior informed consent. Article 6(1)(a) of the GDPR provides the legal basis for the subsequent processing of behavioural data. Loading the script before consent is captured constitutes a breach in every EU member state.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

Data transfers

Vicomi servers were located in the United States, which is a third country under Chapter V of the GDPR. After Schrems II the transfer of personal data to a US controller requires either an adequacy decision such as the EU US Data Privacy Framework, valid Standard Contractual Clauses, or a Transfer Impact Assessment with supplementary measures. With the company defunct, none of these safeguards can be confirmed and the transfer should be considered unlawful.

How to implement compliance

Block the Vicomi script in your tag manager or CMP until the visitor has actively accepted the functional or marketing cookie category. Document the purpose in your privacy notice, list every cookie in your cookie policy and offer an effective opt out. Given that the vendor is defunct, the safest course of action is to remove the widget entirely and replace it with a maintained alternative.

GDPR consent category

Analytics

Websites using Vicomi must obtain user consent under GDPR regulations.

Legal basisConsent (GDPR Art. 6(1)(a)) and ePrivacy Directive Art. 5(3) for cookie storage

Risk levelhigh

Applicable regulationsGDPR, ePrivacy Directive, TTDSG, LIL, LOPDGDD

DPIA considerations

A DPIA is recommended because the widget loads from a defunct US vendor, transfers identifiers to the United States without confirmed safeguards and processes behavioural data on EU visitors. Document the residual risk and consider removing the widget if no controller can be reached for a data processing agreement.

Sample consent text

We use the Vicomi emotion reaction widget to let you react to articles. It stores cookies on your device and sends data to servers in the United States. Click Accept to enable Vicomi or Reject to browse without it.

Technical details

Tracking methodEmbedded JavaScript widget loaded from vicomi.com, sets first-party and third-party cookies for emotion reactions and visitor identification

Server locationUnited States (historical hosting in US data centres)

Data transferred outside the EUData transferred to the United States; Vicomi infrastructure was hosted in US data centres without SCCs in place after the Schrems II ruling

Third-party domains contacted

vicomi.comwww.vicomi.comapi.vicomi.comcdn.vicomi.com

Cookies placed

Name	Type	Duration	Purpose
vicomi_uid	functional	1 year	Persistent visitor identifier used by the Vicomi widget to recognise returning users and prevent duplicate emotional reactions on the same article.
vicomi_sid	functional	Session	Session cookie that maintains the state of an open Vicomi commenting session and links interactions to the same browser tab.
vicomi_reactions	functional	1 year	Stores which emotion the visitor has selected on each article URL so the widget can display the current state on reload.
__vicomi_ref	analytics	6 months	Captures the referring page and campaign parameters when the widget is first loaded to enrich Vicomi analytics dashboards.

Vicomi collects user analytics data — you legally need a consent banner. Try FlowConsent free.

Get started free Scan your site

Frequently asked questions

What cookies does Vicomi set?

Vicomi sets persistent cookies on the publisher domain and on vicomi.com to remember the reactions a visitor has cast, to keep a commenter logged in and to identify the visitor across pages. Typical cookies include a visitor identifier, a reaction state cookie and a session cookie for the comment thread. All of them are non essential under the ePrivacy Directive.

Is user consent required before loading Vicomi?

Yes. Loading the Vicomi script writes identifiers to the visitor terminal and reads them on subsequent visits, which falls under Article 5(3) of the ePrivacy Directive. You must obtain prior, informed, freely given and unambiguous consent before the script runs.

What is the legal basis for processing personal data via Vicomi?

The legal basis is consent under Article 6(1)(a) of the GDPR. Legitimate interest is not appropriate because the widget is not necessary to deliver the publishers content and the visitor would not reasonably expect emotional reactions to be tracked without an explicit choice.

Does Vicomi transfer data outside the EU, especially to the US?

Yes. Vicomi infrastructure was hosted in the United States, so every interaction generates a transfer of personal data to a third country. Since the company is defunct, no valid Data Privacy Framework certification or Standard Contractual Clauses can be relied upon today.

Is a DPIA required when using Vicomi?

A DPIA is strongly recommended. The widget combines online identifiers, behavioural data, transfers to the United States and a vendor that no longer offers contractual guarantees, which together represent a high residual risk to data subjects.

How do I correctly implement Vicomi in a GDPR compliant way?

Hold the script behind your consent management platform, only load it after the visitor has actively accepted functional or marketing cookies, document every cookie in your cookie policy and provide a one click withdrawal mechanism. Without a working data processing agreement, removing the widget is the only fully compliant choice.

Are there privacy friendly alternatives to Vicomi?

Yes, you can use self hosted comment engines such as Isso, Commento or Remark42, or EU based reaction widgets that store data on your own infrastructure. These tools let you avoid international transfers and keep full control over cookies and retention periods.

How should I update my cookie policy to mention Vicomi?

List Vicomi as a third party in your cookie policy, describe the purpose of the widget, name each cookie, state its retention period and identify the controller in the United States. Add a note that the vendor is no longer operational and explain the residual risks you have documented.

Get compliant — Try FlowConsent free

Free plan · 10-min setup