GDPR

An update on this would be great please,
Many thanks.

Hi – this plugin has never prevented cookies from being served and I don’t have any plans to update it to do so at the moment.

Thanks.

Gareth

That’s fine. But then it’s null and void because, well, GDPR removes the cookie law and replaces it with something even stricter.

I agree with dekket. If this plugin doesn’t help us comply with GDPR, then we’re not interested.

There’s a big gap in the market here. Surprised that hardly any plugin developers are seeing the opportunity to create a valuable product.

I think it is a great plugin, very well developed and with great functionality from the get-go. The plugin does exactly what it says it does, the rest we have to do it ourselves for each of the sites. @simon3333 is right, there is a market for more plugins that solve the compliance issue, but the truth is that any plugin will hardly be a 100% solution. I saw more plugins on several marketplaces, but at the end, all of the terminology and the functionality required by that law will fall under the site owner. On a personal level, I think the functionality should reside at the browser level, that way everybody will be compliant.

@dekket and @simon3333 – please feel free to use another plugin. GDPR wasn’t around when I developed this plugin so don’t be surprised if it doesn’t meet your needs for GDPR.

@catapult_themes As I clearly stated previously, that is perfectly fine. No one is forcing you to do anything.

My sole point was that because GDPR effectively removes the ‘cookie law’ and instead adds A LOT more to it, this plugin should either be removed (because it doesn’t aid compliance is ANY way AND can lead website devs into a false sense of compliance,) or it needs further development.

That being said, it’s a shame you have no further plans for it, because like @simon3333 said, there’s a giant hole in the market for a premium plugin and since this IS well-developed, it could be huge.

Just my cents. I wish you well.

• This reply was modified 6 years, 7 months ago by dekket.

Cookie control requirements seem to be a grey area. The UK’s ICO Helpline confirmed to me that there’s actually no change to cookie control requirements yet, the PECR regulations still apply. Cookie notice requirements will form part of the new ePrivacy Regulation which is under consultation and expected in 2019.

The ICO’s ‘PECR Guidance on the rules on use of cookies and similar technologies‘ pdf page 7 section ‘Prior’ consent gives further information, here’s an extract: “Wherever possible the setting of cookies should be delayed until users have had the opportunity to understand what cookies are being used and make their choice. Where this is not possible at present websites should be able to demonstrate that they are doing as much as possible to reduce the amount of time before the user receives information about cookies and is provided with options. A key point here is ensuring that the information you provide is not just clear and comprehensive but also readily available.”

@dekket and @simon3333

Have you been able to find a plugin that complies with GDPR?

I’m struggling to find one at the moment, so any help you could offer would be appreciated

Thanks
Robert

I have found a couple on Codecanyon. Not sure if they deliver the way they say they will. I am not affiliated with them and have not tried them just yet.

https://codecanyon.net/item/ultimate-gdpr-compliance-toolkit-for-wordpress/21704224?s_rank=1

https://codecanyon.net/item/gdpr-pro-complete-eu-compliant-integration/21533656?s_rank=2

That’s fine. But then it’s null and void because, well, GDPR removes the cookie law and replaces it with something even stricter.

I′ve read the GDPR several times in the last weeks – cannot find that part!?
“Cookies” are still handled in the E-Privacy Directive from 2002(!) and additional national laws. The E-Privacy update won′t be ready in May 2018.

– Allow the user to withdraw consent

Delete your cookies!

– Allow the user to not agree and thus not be served any cookies.

Leave the site!

So – according to a lot of lawyers – this is a good way to cope with the GDPR when you have updated your privacy policy.

@igestalten

It doesn’t actually remove it, but that is essentially the effect of it. At least, that is how Datainspektionen here in Sweden is interpreting it. Cookies contain personally identifiable information (PII) readable by a site, and thus that site has access to PII.

Sure, I can tell a visitor to delete their cookies, but that isn’t the issue. The issue is consent before a cookie is saved.

Anywho, I’m pretty done with this discussion, and it’s the wrong forum for it anyways.

@dekket

I think the discussion will go on for a while…

Therefore I′m interested how you will get consent before writing server-logs? or calling data from a CDN ( Webfonts, jQuery, Maps, …)? No-Plugin will do that reliable.

On the other hand you could argue with a legitimate interest (Art. 6 GDPR) to provide a working website.

Some of the requirements are absolutely weird – so there will be a lot of work for the lawyers and the webworkers…

I still consider that if the issue is that big, it will be great if we could get a solution at the browser’s level. That could present a happy world!. Even if this, not the right forum, let’s keep everyone posted in as many forums as we can, especially for small website owners and small companies it is very beneficial. Thanks

Hello, I like this plugin, but I’m looking for a GDPR compliant cookie plugin also. However, because of all the discussion about what the GDPR says about cookies in this forum thread, I’d like to add this about that.

The GDPR is big on protecting personal data, but it only mentions cookies once, in the Whereas item 30: “(30) Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”

Two other items in the Whereas section of The GDPR seem to me to be a big help in determining how the GDPR affects cookies:
“(1) The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her.”
AND
“(26) The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly. To ascertain whether means are reasonably likely to be used to identify the natural person, account should be taken of all objective factors, such as the costs of and the amount of time required for identification, taking into consideration the available technology at the time of the processing and technological developments. The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.”

Combining the information in those three items it looks like 1) Use of cookies don’t necessarily require acceptance; 2) If a cookie contains potentially personally identifiable information or sensitive information as defined in the GDPR, the site visitor must be provided information about that cookie so they clearly understand what it is and does and the user must be given the option to allow use of that cookie and the user’s choice to allow or disallow its use must be documented, etc. just like you would handle any form collecting personal data; 3) Personally identifiable data defined by The GDPR includes data that if combined with other data could identify a natural person, including third party data.

The GDPR says anonymized data is GDPR compliant without needing consent, but pseudonymized potentially personal data isn’t because it can still be combined with other data to identify a person.

Discussion I’ve seen give an example of IP addresses. Even though with DHCP, a person’s dynamic IP address may change the next time they turn on their computer, the ISP knows to whom they have assigned the IP, so if a tracking cookie contains the IP, it could conceivably be combined with the ISP’s data and identify a natural person and therefore an IP is potentially personally identifiable and needs explicit consent to collect and use.

A little longer than I thought but hopefully it helps. And no, at this time I haven’t found a cookie plugin that I like that fulfills those considerations above.