GDPR compliance?

  • Resolved kero

    (@kingkero)


    5 years, 1 month ago

    What options need to be set to make this plugin GDPR compliant? Meaning: no connection to facebook, instagram or googleusercontent (without consent).

    Alternatively: Would it be possible to make the JS code inside views/public.php be called within a function? That would allow to defer loading and only displaying streams if consent is given (eg via Borlabs Cookie).

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor Oleksandr

    (@awesomeoman)

    Hi, our plugin is GDPR-compliant. This means that we’re not keeping any data from website visitors.
    We don’t add any third-party scripts that can add tracking. Only direct linking to images and videos is used.

    However, images and videos are loading from third-party social networks directly, and this type of “relationships” between users and media sources is not related to our product. Social networks should comply with the law, and users are able to ask them all questions regarding data privacy, etc.

    Plugin Contributor Oleksandr

    (@awesomeoman)

    .

    Thread Starter kero

    (@kingkero)

    Yes and no. You’re correct that the plugin itself may not add any trackers, it enables the website creators to invite third party tools that do exactly that.

    The specific problem I have with a client’s site is: we can’t “lazy activate” the plugin.

    The GDPR compliance tool we use (https://borlabs.io/borlabs-cookie/) gives a visitor the possibility to accept social networks. But since the plugin inlines its relevant code (without a callback), I cannot do a JS check “if social is allowed, now load this ressource”.

    My workaround was to directly edit plugin files (add a simple callback to the inlined code – that callback gets called when the visitor has given permission). But of course, this is far from a perfect solution (and not update safe).

    Plugin Contributor Oleksandr

    (@awesomeoman)

    Could you share your solution in any way?

    Thread Starter kero

    (@kingkero)

    Hello, sorry for the late reply.

    Basically what we did is wrap all the JS code inside views/public.php in a JS
    method called initFlowFlow. Also I deregistered some of your scripts from loading and load those dynamically as well via

    \wp_localize_script('main.js', 'externals', [
    'flowflow' => [
        'plugin' => '/wp-content/plugins/flow-flow-social-streams/js/require-utils.js',
    ],
]);

    Then we do our checks like so

    if (
    window.BorlabsCookie.checkCookieConsent('instagram') &&
    window.BorlabsCookie.checkCookieConsent('facebook')
) {
    if (typeof window.initFlowFlow === 'function') {
        await asyncLoadScript(window.externals.flowflow.plugin)
        window.initFlowFlow()
    }
}
    • This reply was modified 4 years, 11 months ago by kero.
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘GDPR compliance?’ is closed to new replies.