Getting Started

  • Resolved TallSam

    (@tallsam)


    8 years, 1 month ago

    Hi, I’m just getting started using this plugin. I’m a solo blogger managing just one site. I don’t have a forum or anything like that, so no users, just social media followers and email subscribers. I do have some plugins installed that could present issues for GDPR like Jetpack and Google Analytics Dashboard for WP. I have some questions:

    1. Is it possible to have your plugin only operate for Europeans so I can keep the browsing experience as simple as possible for the rest of the world?

    2. I set up a consent for analytics and cookie _ga to match your code below (it’s the javascript version, the php version provided crashed my site for some reason?). I put the code below into my functions.php file. I then opened a Chrome incognito tab. But the _ga cookie still loaded. Suggestions?
    if ( ! has_consent( 'analytics' ) || ! is_allowed_cookie( '_ga' ) ) {
    window['ga-disable-UA-XXXXXXXX-X'] = true; // Don't forget to replace X for your actual UA numbers.
    }

    3. What will your extensions do that isn’t already possible with your basic plugin?

    4. Many other plugins, third parties, and wordpress itself are supposedly going to become GDPR compliant. Does this mean there will be popups or stripes from them as well as your plugin, or can your plugin somehow overide this and take master control of consent and cookies? I just want to avoid inundating site visitors with consent requests… thoughts?

    5. I noticed the stripe on your own site reads, “This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.” But doesn’t GDPR require site visitor to opt in intentionally, not just continue browsing? I’m assuming it’s because you could have some non essential cookies/consents that they can turn on by clicking on preferences and sliding the switch, but I can’t imagine users doing this… I was thinking there would be a large consent button they click and after that, non-essential cookies are allowed to load. Can you please explain your logic here?

    6. At one point while I was testing a full screen message came up saying I had to agree to changed terms of service. Does this come up when I make a change and the GDPR cookie and so the one loaded into their browser has to be updated? Couldn’t it just be a strip again rather than a full page? I’m concerned this full page warning will turn site visitors away.

    7. Is there some service you provide to set up sites to properly use your plugin. Any estimate approximately what this costs for a small blog?

    Your plugin looks great to me so far, I’m really hopefully it will help me get through this GDPR mess!

    Thanks,
    Sam

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Fernando Claussen

    (@fclaussen)

    8 years, 1 month ago

    Hi @tallsam

    There’s a lot of questions here. I will try to cover all of them.

    1. Sorry, this is not available.

    2. Weird that the PHP version broke it. How are you using the JS version in the functions.php file? Did you change XXX for your UA numbers?

    3. Extensions will be something like… If you have a MailChimp extension and a user requests to be forgotten, the plugin would look into your MailChimp lists and remove that user from there too.

    4. Other plugins will not add privacy bars like our does. They will most likely let you know what data they are collecting and how that is being handled so you can choose to not share that data or to share it and add that information in your privacy policy.

    5. This text is constantly under review. I’m not the one editing it. But the plugin logic is that all cookies that were registered as required will be set regardless. Those are cookies necessary for the site to function correctly, like the cookies that a service like Stripe would set for an e-commerce site. All non-essential cookies will not be set unless the user goes into their preferences and enables them.

    6. This message is because you logged in and your user did not have the required privacy-policy consent. ( This would most likely be set during registration ). Other people recently brought to my attention the fact that the screen take-over is too much. So I will be changing this to a more simplistic notice bar. Probably next week.

    7. I don’t have a fixed price to give you, every case is different. I’d suggest you to email [email protected] and Shawn will get back to you with that information.

    Thread Starter TallSam

    (@tallsam)

    8 years, 1 month ago

    Thanks Fernando,

    Two followup questions and a new one:

    1. I got the php code to work. The only issue is that if I deactivate the plugin, that’s when it breaks my site. Any thoughts on this?

    2. I see I can toggle “always active” for the google analytics cookie. So it’s either permanently on or they can turn it on or off with the default being off. Couldn’t the default be changeable to on but I only let the cookie load once they’ve clicked ‘I Agree’ (I’ll use has_consent( ‘analytics’ ))? So there would be a setting to allow ‘on’ to be the default.
    The reason I ask is that as it stands right now, they will have to go out of their way to turn on google analytics, affiliate cookies etc. I just don’t think people will do this. So it essentially shuts down the most important aspects of blogging sites. And because of the lack of geo targeting, it’s shut down for the whole world, not just Europe. There’s got to be a better way… suggestions?

    3. As far as cookies from third parties go, I read the bit on your website about linking the site visitor to where they can disable these. So I’m not supposed to get consent from site visitors for these? I would appreciate any info you have on that.

    Thank you again!
    Sam

    Plugin Author Fernando Claussen

    (@fclaussen)

    8 years, 1 month ago

    Hi @tallsam,

    1. If you deactivate the plugin you will get an error that says that the function you are using does not exist. You can remedy this by wrapping those in PHP’s function_exist.

    2. We can’t have it set to on by default. That is not enough for GDPR. It needs to be explicit. For Google Analytics, you can look into Anonymizing the data you collect instead of stopping Google Analytics entirely. Google this and you will find ways you can do that.

    3. I’m not the best person to answer this since I’m no lawyer. If this is something that worries you, you can always register these cookies as non-third-party cookies and block them the same way you do others.

    Thread Starter TallSam

    (@tallsam)

    8 years, 1 month ago

    Hi Fernando,

    The switch would be set to on by default, but cookies couldn’t load until the user has clicked “I Agree”. All that would be required is, in addition to the options permanently on and default off, a third option default on (something in functions.php won’t allow cookies to load until “I Agree” clicked). I think people will click the I Agree button to get rid of the stripe, but they won’t go in and tweak the settings… Your thoughts?

    Geo-targeting would be extremely helpful too. Perhaps you have some thoughts on how it could be implemented with the help of another plugin?

    Thanks,
    Sam

    Plugin Author Fernando Claussen

    (@fclaussen)

    8 years, 1 month ago

    Hi @tallsam

    Setting things on by default, even if they only are set after clicking I agree is not enough for GDPR. You don’t have to disable GA for example. You can look up how to pseudonymize data and keep using it. As long as you don’t track PII it’s fine.

    Geo-targeting is interesting, but it is not my focus at the moment. I’d rather have a full privacy solution that serves everybody. Non-EU residents deserve the right to their privacy too.

    Thread Starter TallSam

    (@tallsam)

    8 years, 1 month ago

    I agree everyone has the right to privacy. Sadly though, GRDP makes things tricky for the affiliate business… Skimlinks has an interesting solution though where they take a second shot at getting consent when a user clicks an affiliate link and consent hasn’t yet been given. They rely on the IAB consent framework to check. Is your plugin compatible with this?

    Do you have any thoughts on Amazon affiliate cookies. The thing is they don’t get sent until a link is clicked so perhaps it is the responsibility of Amazon to be getting consent for this? But it does seem to come through the publisher domain, no clue how they do that with just a link… Try as I might, I can’t seem to find any info on GRDP for Amazon affiliates. Do you have any knowledge of this?

    Thanks,
    Sam

    zviera

    (@zviera)

    8 years, 1 month ago

    Geo-targeting doesn’t work with GDPR, since the law is not about “people living in the European Union”, but about “European citizens”, wherever in the world they are at the moment. For example, I am a European citizen living in South Korea at the moment, and GDPR still protects my right for privacy. Therefore, Geo-targeting is useless and a waste of time and energy.

    Plugin Author Fernando Claussen

    (@fclaussen)

    8 years, 1 month ago

    Exactly. @zviera has a point.

    Thread Starter TallSam

    (@tallsam)

    8 years, 1 month ago

    Okay, I see the point too. And perhaps it’s just a matter of time anyway before other countries push the same privacy requirements.

    What about an affiliate system like Amazon’s, where the cookie doesn’t get sent until after a user clicks a link to Amazon. Is this a first party cookie? I would think so but I still see a cookie getting loaded under my own domain when I inspect with Chrome. What are your thoughts on this?

    Thanks,
    Sam

    Plugin Author Fernando Claussen

    (@fclaussen)

    8 years, 1 month ago

    If your site depends on these cookies to run, they are necessary cookies and should be registered like so.

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Getting Started’ is closed to new replies.