Hi @ov3rfly,
Unfortunately we can’t include the JS-file, as we continuously make changes and update it.
Furthermore, the script will fails if it’s hosted locally. This is due to the script fetching multiple resources from consent.cookiebot.com.
So I’m afraid we can’t accommodate your request 🙁
This is not some optional request. The current behaviour of the plugin needs to be changed due to legal requirements.
Lots of companies in EU countries like Germany are sued right as we speak for embedding external assets without previous user consent. See above make.ww.wp.xz.cn link for details why that happens and will continue to happen.
WordPress users look for solutions for this problem and find (besides others) your plugin, which in the end will get them into even more legal trouble with the current behaviour.
Fetching javascripts and multiple more external resources without previous user consent is clearly against GDPR regulations.
If a GDPR consent plugin can’t work without fetching resources from external servers, it not only basically useless but also dangerous for unsuspecting users.
Hi again,
Thank you for clarifying why you would need to locally host the script. We’re aware of the Hessen ruling, which prohibits data transfer to the United States.
Sadly locally hosting really isn’t a possibility, but we do offer an EU hosted alternative, as described in this article: Cookiebot CMP – European CDN solution.
I hope this helps you comply with the German requirements.
GDPR regulations require user consent before personal user data including IP address is sent to any third party.
Also your European CDN is a third party.
A plugin which shows a banner and includes or excludes content parts of a website based on settings in this banner can be completely hosted locally and also work perfectly fine locally without any problem.
You still can offer (paid) services to scan websites from outside for cookies etc. but there is no technical reason at all to host any plugin resources on an external server.
If there is any need to update a script for the banner, you can push a plugin update via the provided ww.wp.xz.cn mechanism which you use to distribute your plugin, done.
Your plugin description is currently not clear about the fact that at this time EU users can not use the plugin with the current behaviour without getting into legal trouble.
The whole concept of hosting GDPR consent resources on third party servers is flawed from the beginning.
We know how to comply with local requirements, the majority of your plugin users don’t. They think, they would be safe, but instead they add additional risk with the current version of this plugin.
