-
AuthorPosts
-
October 4, 2019 at 5:29 pm #1145030
Hi everyone,
i have to say a big thank you for update 4.6.3 – as it really is a good approach towards the right direction in terms of privacy and GDPR. Lately a judgement by the EuGH (1.10.2019) made the interpretable parts of the GDPR way more clear. Your german teammates may check out this link where everything is summarized pretty understandable.
https://datenschutz-generator.de/eugh-cookie-einwilligung-banner-detailinformationen-pflicht/
I am data protection responsible in our company and i digged into that topic in deeply. Here are some suggestions.
Things to consider for the next update:
1. Accept all / Accept group
It’s still not clear if “Accept all” is a way to go or not. Whats assumed by the lawyers according to the above judgement is that accepting groups of cookies (as long as you can still address them individually) is a way to go. So think of the situation:
You have three custom cookies set, you assign them to a group “Marketing”, you have a shortcode e.g. [aviaPrivacyAcceptGroup name=”marketing”] where the user can accept these 3 with a single click. Additionally the user also can opt in/out of single ones (already given – which is great).2. Essential cookies
Same as above but allow to add cookies to a predefined group “essential website cookies”. As currently discussed by the lawyers it looks like essential cookies may not need to be accepted individually. Your solution to be able to opt in/out of them is still good. But still there’s no catalog on what is essential or what isn’t. E.g. a shopping cart cookie would be essential for a shop. So being able to add a custom cookie to the “essential website cookies” group would be great in terms of usability and current interpretation of the law.3. Deny all cookies (except essential ones)
You have a deny all function. Deny all except essential ones would complete it according to the judgement.4. Markup bug found
There seems to be a bug with the avia-privacy-reload-tooltip-link link (a tag). Check the closing tags, its not closing properly (you see a “<” outputted on the frontend)
Checkout /wp-content/themes/enfold/includes/helper-privacy.php line 1507 -> if you remove the class it works cause of the embedded quotation marks. Embedd it differently or e.g. use custom tag5. No-Click and No-Scroll
The Modal cannot be closed currently – which is a good idea. But it doesnt work 100% You still can scroll down and click outside to close it. Either implement a No-Scroll or adjust the layer used to catch the clicks.6. Script deregister
Developers only. This would make a big impact but be a great addon (and i don’t know any other one having this feature). Often cookies are set by third party or plugins. Unfortunately some of them are set on different domains so cross browser security won’t let us access them.
Luckily most of them are set by Javacripts within these plugins that are loaded with wp_register_script. Would it be possible to deregister custom javascripts (if selectors are known) if a specific cookie isnt set? This would make your solution way more complete (even if i understand that third party scripts are none of your business – technically spoken).If theres anything unclear, just let me know.
You may answer in german too.Regards tbc
- This topic was modified 5 years, 1 month ago by tbc.
October 6, 2019 at 9:30 pm #1145546Hey tbc,
We have forward the ticket to our main developer, so he can review this further.
Best regards,
BasilisOctober 23, 2019 at 6:44 am #1150390This reply has been marked as private.October 29, 2019 at 9:23 pm #1152145Hi,
Sure guys the developer has also contact us, so we are truly discussing to get this forward.
Best regards,
BasilisNovember 12, 2019 at 4:49 pm #1156043+1 for Script deregister
This would make a great addon and we wouldn’t have to use another GDPR/DSGVO solution as soon as we are using external services/scripts
-
AuthorPosts
- You must be logged in to reply to this topic.