ComplianZ does not block all 3rd party cookies + Google Analytics
-
I need all cookies except for complianz ones to be literally killed prior to user consent. This includes _ga and _gid cookie and docs.google.com cookies. Such is the request made to our school by an outside data protection officer in regards to GDPR.
1. _ga cookie is a statistics cookie from Google Analytics . Now, I have tried different variations of setting it in Complianz. Trying both Gtag and Google Analytics. IP anonymization. Disabled all data gathering and sharing with Google, even technical data. Still, when loading page, I get to see _ga tag successfully loading.
Our school domain is https://liedaga.liepaja.edu.lv/, but the cookie is set by an upper domain, which is liepaja.edu.lv. I asked the domain provider whether they have their own Google Analytics installed on upper-level domain liepaja.edu.lv. They replied no and stated the cookie is set by our school.
I’m also using Google Site Kit and I have double-checked I have the same UA property number in my Analytics account. I have checked the server files via FTP and made sure I have only one google site verifiction cookie linked to only 1 account.
Despite having IP anonymazation set to active, our school is still being asked to disable ALL google cookies before the user has given consent.
2.The second point requiring addressing is docs.google.com cookies. I think these should be strictly necessary since we have Google documents embedded into our website via <iframe> tag. Yet, complianz is not able to pick them up during scanning process. I need those to be held in check.
3. Our site also uses FontAwesome icons, which are not blocked by Comlianz.
4. PDFjs is also not blocked.
Since the forum doesn’t allow attaching images, I’ve placed two SS in Google photos.
PS 1. Our school site is on Latvian, but in Chrome right-click – Translate into English does the trick.
PS 2. I’m also being pointed to the category name of the cookie. I’m told by data prtoection officer functional cookies should be renamed fter stricly necessary or necessary.
Any help with this is appreciated.
The page I need help with: [log in to see the link]
-
Hi @infatum,
1. Theres a few approaches you can take here. If you want Site Kit to place your Analytics code (instead of letting Complianz do this), you can configure it as below to fire it only when consent has been obtained.
Complianz > Wizard > Cookies > Statistics > “Yes, with Google Analytics.”
Complianz > Wizard > Cookies > Statistics – configuration > “Do you want to ask consent for statistics” Yes > “Do you want Complianz to add Google Analytics” No.
And make sure that the Site Kit integration is enabled under Complianz > Integrations > Plugins, this should already be the case though.
2. Please note the difference between first- and third-party cookies. Complianz will detect cookies set on your domain (first-party), third-party services should be selected under the Integrations section in the Wizard, after which the related data will be synced to your website from CookieDatabase.org.
You can prevent the Google Docs cookies from being set prior to consent by adding
docs.google.comto Complianz > Integrations > Script Center > “URL’s from iFrame sources that should be blocked before consent.”If you wrap the Google Docs iFrame in a pair of <div> tags, it will be blocked until consent is obtained and will be displayed as shown in the below screenshot:
3. Font Awesome can be hosted locally to prevent the connection to an external server.
4. Assuming it concerns a locally hosted version of this library, why would this need to be blocked prior to consent? I could not see any non-functional cookies being set as a result of using the service.
As for the categories, Complianz adheres to the purpose categories as mentioned in the attached CookieDatabase article. Necessary cookies fall under the category “Functional”. https://cookiedatabase.org/function-and-purpose-of-cookies/
Hope it answers your questions.
Kind regards,
JarnoThank ou for addressing. I need more guidance though:
1. Have done this before and now. Yet in Chrome I can clearly see that _ga and _gid still persist under liepaja.edu.lv domain. I have tried various combinations of yes / no, ticking and unticking, moving sliders back and forth…uhhhh.
Update. Diving deeper I discovered Google site kit is what sets the cookie. Now, why is Google Analytics falling under functional (aka necessary) category? Shouldn’t it be under statistics? Image link on Google photos. As I checked on a different PC, it does not appear for other non-site editor PCs. So, it is only on admin end. Still, why is this under Functional?
I see google.com places 1P_JAR, ANID, APISID, HSID and whole bunch of others. How to block those prior to consent?2. Thanks docs.google.com is sorted. Yet, there are still some cookies lingering. Namely, COMPASS and S cookies. Even though I can see that now iframes are blocked the fact, that these cookies are present in the list, make me think it is not blocked completely. Btw I wondered even before your reply, why cookiedatabase.org doesn’t hold any info on these two cookies: COMPASS and S.
3. Added fontawesome.com cookies to “Part of) URL’s or unique string from the inline scripts of third-party scripts & plugins that should be blocked before consent.” and this works now. Update – doesn’t help as it loads later.
4. There is no cookie now. I simply deleted it from the list after scan. Yet, it did place a PDFjs cookie.
Off-topic rant. Now the site functionality is crippled as curriculum changes are not seen if cookies are not accepted. Thanks EU for GDPR directive. Really “helps” us.
-
This reply was modified 2 years, 12 months ago by
.
-
This reply was modified 2 years, 12 months ago by
-
This reply was modified 2 years, 12 months ago by
-
This reply was modified 2 years, 12 months ago by
-
This reply was modified 2 years, 12 months ago by
-
This reply was modified 2 years, 12 months ago by
-
This reply was modified 2 years, 12 months ago by
A follow-up. Why is ComplianZ allowing statistical cookies when I have disabled it? Tried reloading. It also allows them before user consent. Have 2 images, one from admin, the as a user in Edge via this link on Google photos.
@jarnovos
How am I going to explain that to a DPO, I wonder. The DPO basically goes over GDPR, point by point. Even button sizing and location. On a side note, I had to modify the CSS of ComplianZ in WordPress theme CSS, not in ComplianZ CSS. It simply didn’t work for whatever reason despite looking straightforward.As I understand, no changes were made to the original GDPR law in regards to anonymized statistics. I can only hope I would pass.
Thanks for clarifying.
@jarnovos
I’ve been through the article provided in the link before. Set it and described to DPO in my email. IP anonymization is a step forward, but fact is, DPO looks through the prism of the GDPR regulation and still placing a cookie should not happen prior to user consent.
Now, ComplianZ did solve this.What wasn’t solved, however, was the docs.google.com cookie for <iframe> Google Docs – NID cookie. ComplianZ misses blocking it. Despite having blocked the whole docs.google.com domain and seeing content not loading unless user has consented, the NID cookie was still there. I had to remove all <iframes> and just do plain <hyperlink> externalizing my links to docs.google.com directly. That is a step backward in terms of SEO and site keeping, since making external URLs is a bad habit.
Hi @infatum,
I have an example with a docs(dot)google.com iframe;
https://dev.us3.instawp.xyz/ There are no cookies before consent.
Nor are there any cookies left, after revoking. Please use incognito to see for yourself.
regards Aert
-
This reply was modified 2 years, 12 months ago by
- The topic ‘ComplianZ does not block all 3rd party cookies + Google Analytics’ is closed to new replies.
