Saving user data?

  • Resolved Ate Up With Motor

    (@ate-up-with-motor)


    6 years, 9 months ago

    Does the plugin save any data the user enters, whether in the database or within the validation cookie itself? Does the cookie actually retain the birthdate or age submitted, or is it just yes/no? Does it make a difference if you use the JavaScript version?

    (I’m trying to assess whether there are GDPR issues with this plugin.)

    Thanks!

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Phil

    (@philsbury)

    Hi @ate-up-with-motor,

    I’ll start with what the plugin stores.

    When you enter via the Age Gate, a cookie is set with the users age. Depending on what option you use – inputs/dropdowns/buttons – the first two will store their real age, with buttons storing the age required for that piece of content. It stores the actual age in order to allow the “multiple ages” option.

    There is the ability to store a users date of birth in the database at the point of registration, but that has been deprecated in 2.0.3 mostly down to GDPR – and is a setting the site owner needs to check anyway.

    There’s no differences in how these work between the standard and JS modes, however under JS you could block the script until consent is gained (more on that in a moment).

    In terms of GDPR and compliance, storing an age alone is probably not enough to be classed as identifiable information, however if other plugins hold more information then it could become it.

    However; coming back to the consent and GDPR part – consent is only one of six grounds for processing personal data, and it’s going to be most common for things like Tracking, AdWords etc, the other grounds are:

    • A contract with the individual
    • Compliance with a legal obligation
    • Vital interests
    • A public task
    • Legitimate interests

    Age Gating users probably falls into Compliance with a legal obligation depending on the purpose of the website using it – an alcohol related website would block underage users for example.

    So in terms of GDPR issues with the plugin itself, I don’t see any at this point (I am not a legal professional though, it’s just my understanding). If you are storing other user data, or you use the age for anything that falls outside Compliance with a legal obligation, then there are implications which fall outside the remit of the plugin.

    All that said, if you want to cover yourself further, make sure that the cookie is documented in a privacy policy page, and let the users know exactly what it’s used for.

    Another option – while again I don’t think it’s a requirement – would be to add some form of opt-in to the Age Gate form itself that has to be checked before they can enter. This is relatively easy to do based on your coding skills, but a step-by-step guide to doing so can be found in the Age Gate docs.

    I hope that makes sense, GDPR still seems to have many grey areas despite coming into force this week!

    Let me know if you need any further info.

    Thanks,
    Phil

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    Okay, understood. If the administrator selects the yes/no option, then I assume the cookie does NOT contain an age, just yes or no, right?

    If I may suggest, it might be worth looking at the strategy of the older Age Verify plugin, which asks for the birth date, uses it for a logical test, and then returns a yes/no verification cookie rather than storing the date or the age. I can see how this might be more complicated for the multiple ages functionality, but it would be more comfortable from a privacy standpoint, at least for anonymous users. Just something to consider.

    Thanks!

    Plugin Author Phil

    (@philsbury)

    Hi @ate-up-with-motor,

    No, the yes/no inputs will store the required age for that piece of content. If the required age is 18, it stores 18 regardless of the users real age.

    Versions of age gate prior to v2 just used a flag to say it was passed as multiple ages were not an option. Changing this back in V2 would require some serious rewriting. However what may be a more plausible option is for me to add a setting to allow a simplified cookie storage for this type of scenario for users not using the multiple age option. I have an idea for how that may be able to work, I’ll just need to test the theory.

    Thanks
    Phil

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    Okay, thanks for clarifying!

    I understand the complexity involved, I just wanted to raise the concern as something to consider in future versions.

    Plugin Author Phil

    (@philsbury)

    Hi @ate-up-with-motor,

    I’ve just put out version 2.0.4, in the Advanced tab there’s a new option for “Anonymous Age Gate”. Using this will just set the cookie as being passed and not an age.

    It is only available when not using the “Varied Ages” option, but I think that’ll work for most people.

    Hope that alleviates any privacy concerns on your end.

    Thanks,
    Phil

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    Splendid! Thanks so much for doing that.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Saving user data?’ is closed to new replies.

Tags