enabling/disabling checkboxes in cookiebanner doesn't do anything

[CptMeatball]

What should happen

• Checking a cookiegroup on the cookiebanner enables all cookies in that specific group.
• Unchecking a cookiegroup on the cookiebanner disables all cookies in that specific group.

What actually happens

• Checking or unchecking a cookiegroup on the cookiebanner does not enable or disable cookies in a group.

[CptMeatball]

Not really sure if this is intended or not, or in line with GDPR, but it seems weird that there is a form of interaction possible for every cookiegroup. This makes it seem like that checking or unchecking certain groups, disables or enables the cookies in the group.

Although I wonder if enabling everything for 1 group through 1 checkbox, is allowed in GDPR.

[tobias-kuendig]

I'm pretty sure this problem was the same as was fixed in the latest version 1.0.17. Could you check if the problem still exists?

The checkbox design is copied from cookiebot.com (their banner is used on https://about.gitlab.com). Since they are all about GDPR I guess that this is an allowed feature.

In a future release we will add an option to remove these checkboxes from the banner (see https://github.com/OFFLINE-GmbH/oc-gdpr-plugin/issues/11).

[ghost]

Although I wonder if enabling everything for 1 group through 1 checkbox, is allowed in GDPR.

Hi, I have been wondering about this myself for a while. I did some research and found the answer.

Article 5 requires that consent is requested in a granular manner for “specified, explicit” purposes.

A user must click the “Advanced Setting” button in order to view the slightly less general opt-ins, and the companies requesting consent. These opt-ins also appear to breach Article 5, because they too conflate multiple data processing purposes into a very small number of ill-defined consent requests. For example, a large array of separate ad tech consent requests are bundled together in a single “advertising personalization” opt-in. European regulators explicitly warned against conflating purposes:

“If the controller has conflated several purposes for processing and has not attempted to seek separate consent for each purpose, there is a lack of freedom. This granularity is closely related to the need of consent to be specific …. When data processing is done in pursuit of several purposes, the solution to comply with the conditions for valid consent lies in granularity, i.e. the separation of these purposes and obtaining consent for each purpose.”

So I think it would be best to remove that from the banner.

I think it would be fine to have an option on the config settings page, to turn off/on the whole group. Because under the same webpage would be the "granular settings of each of the cookies in that group".

That's my guess on it.

[tobias-kuendig]

I have removed the cookie groups from the banner component in c519c8d80d2d0313ad6b12da128f2d36baeae875. This change will land in a 1.1.0 release.