No cookie banner with disabled scripts

Hi @reki1801

Cookiebot enables your website to become GDPR compliant, if our guidelines are followed. Please do remember that it is the responsibility of the website owner to implement Cookiebot correctly, thus staying compliant.

Since you don’t have scripts activated, Cookiebot wont work, as it is a javascript solution, and at the same time, you don’t have to worry about 3rd party cookies being set in your browser from scripts, since Google Analytics or any other script that sets 3rd party cookies wont be allowed to run either.

So, where is the problem?

The problem may be img tags, iframes or similar tags, that are setting cookies. If you have marked these up as described in our guidelines: <img data-src"..">, then they wont be executed, and wont set cookies either.

Now, what’s remaining is HTTP cookies set by the web-server itself. If you are the owner of that web-server, you are in full control of which cookies get set, and it is your responsibility to figure out whether you should set them or not.

If you have any questions do let us know.

Hi,
first of all to clarify that: I’m not involved into the website I was browsing. I am a normal user. Now back to the issue:
My extension allows me to select which scripts are allowed and which aren’t. Therefore, it is possible to allow Google Analytics while disallowing Cookiebot. If the webmaster did choose an Opt-Out and not an Opt-In this would result in Cookies getting set, while neither Information about it nor a possibility to Opt-Out is provided.
As far as I know an Opt-Out is legal regarding the GDPR. But if the admin uses your plugin and chooses Opt-Out there are possible use cases leading to a non-legal behavior which your plugin tries to avoid. You stated that the website owner is responsible to implement Cookiebot correctly so my question is: Is providing the option of an Opt-Out resulting in possible non-legal situations sensible if the whole goal of your users is to avoid these? In my opinion with this setting a situation could arise in which your clients are entitled to pursue remedies against you (if cookiebot is setup correctly while using your Oup-Out setting).

As previously stated, I am definetly willing to admit possible misunderstandings on my side. I wish you a nice week-end and I’m looking forward to your response!

@reki1801

My extension allows me to select which scripts are allowed and which aren’t. Therefore, it is possible to allow Google Analytics while disallowing Cookiebot. If the webmaster did choose an Opt-Out and not an Opt-In this would result in Cookies getting set, while neither Information about it nor a possibility to Opt-Out is provided.

According to our guidelines, in step 3, a cookie setting script tag (Google Analytics), which sets statistics cookies, should be tagged as such:

<script type="text/plain" data-cookieconsent="statistics">
    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
    ga('create', 'UA-00000000-0', 'auto');
    ga('send', 'pageview');
</script>

The text/plain part ensures that your browser does not render it as a script, but treats it as text. Once proper consent has been given through the cookie banner, the script will be injected to the DOM and executed by your browser.

If the site you are referring to has implemented it according to the guidelines, then the GA script will not be executed, even if you allow it with uMatrix.

Moreover, Cookiebot scans your website once a month to detect any tracking going on, finishing off with a report.

Is providing the option of an Opt-Out resulting in possible non-legal situations sensible if the whole goal of your users is to avoid these? In my opinion with this setting a situation could arise in which your clients are entitled to pursue remedies against you (if cookiebot is setup correctly while using your Oup-Out setting).

See it like this: Is the firewall vendor responsible for you leaving all your ports open and using exploitable software? No they are not, but you have the means to use their software in order to prevent possible attacks. Same goes with Cookiebot. Use it as it’s supposed to be used and you are good.

first of all to clarify that: I’m not involved into the website I was browsing. I am a normal user

You have reviewed the Cookiebot WP plugin, but you are not a user of the plugin. Further more, if you are not affiliated with the website in question, you can’t know if it uses the plugin that you have reviewed or not. They may just as well be using Cookiebot directly through uc.js. You question would have been better suited in our community forum.

Hope this clarifies your concerns. If you have further questions we are happy to answer them.