Open bkimminich opened 4 years ago
This should be corrected now as we only apply ga cookies once the Accept is clicked.
@bkimminich is the current implementation compliant?
This website uses cookies to analyze our traffic and only share that information with our analytics partners.
Accept
I am not a lawyer, but I don't think this is sufficient per GDPR/EU cookie law. You have to have the option to turn off unessential cookies, and GA falls into that category imho. I think it even needs to be opt-in instead of opt-out.
It doesn't seem that much different than the one on https://gdpr.eu/ ?
I'm not a lawyer, but I think we might be making fools of ourselves with this cookie banner (see screenshot) that doesn't even meet current EU legislation demanding an "opt in" to all tracking and non-essential cookies and not accepting plain "Accept"-banners any longer...
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf
I ran an automated conformity test, and the
_ga
and_gid
cookies (Google Analytics) need to be locked until explicitly accepted by the user in an opt-in fashion. The website I used marked the other cookies from CloudFlare and Stripe as essential and therefore compliant.Report can be found in the corresponding Slack discussion: https://owasp.slack.com/files/U1S23SNE7/F016556FB61/report-owasporg-4183554.pdf
Sent from my Pixel 3 XL using FastHub