GDPR compliance

[Ezyweb-uk]

Are there plans to comply with GDPR by 25th May 2018? I see IT Governance have written an article about GDPR affects Cookie Policies here.

Will there be an option to revoke consent?

[ToX82]

I'm actually planning to add a few modifications according to the GDPR instructions, but honestly I am still not completely sure about what is necessary to be compliant. Any help would be greatly appreciated :)

Regarding to your other questions,

• the cookieBAR itself can't block other scripts. What you can do is to go to the cookieBAR website and see the Legal note page. Specifically, in the Important reading section there are a few scripts that tells you how to preventively block external services before the user accepts cookies.

• in order to revoke consent (and thus see the cookieBAR again) you can use a simple html link like this:

  Click here to revoke the Cookie consent

[Ezyweb-uk]

After accepting cookies, it would be neat to include a config option to show a revoke consent button that would delete all cookies for that domain; maybe it could be in a slidedown when the curser hovers over the top of the content area, or as a minimal overlay button in a top corner?

Sorry I edited out my question about blocking other scripts before seeing your reply, only because I thought I needed to consider it further. From your link I can see that other scripts could be conditionally loaded using javascript eg:

cookieValue = document.cookie.match(/(;)?cookiebar=([^;]*);?/)[2];
if (cookieValue == 'CookieAllowed') {
    // Load Google Analytics
}

But could this be made to be reactive to the user's choice, ie to load GA for current page if cookies accepted; An old script called jpecrga does this. Iubenda's claims to provide script blocking pior to consent with reactivation after consent, but only with their premium service.

[ToX82]

It looks like jpecrga's solutions requires that the users edit their source code to avoid loading external services, so it's basically the same, plus they have a specific solution for google analytics.

It doesn't really solve the problem, I'd say it's just a workaround like mine. I don't know about iubenda's solution though.

My guess is that blocking external content via javascript is sort of impossible. I think that a server side solution is still needed, unfortunately...

p.s. sorry about the "revoke cookie consent" link I have pasted before, I didn't notice it has been parsed :) You can see it working here: http://jsbin.com/cibihayute/edit?html,output

[ToX82]

I've added the revoke cookie consent link in cookiebar's homepage, so it's easier for everyone to notice. I'm closing this issue for now, please feel free to open it again if you (or anyone else) find a solution to preventively block every external service, in a reliable way.

[Ezyweb-uk]

I called the ICO helpline (the authoritative body in the UK) to clarify the situation on cookies. They say that this area is under consultation and will be part of the ePrivacy Regultions in 2019, and until that time the existing PECR applies. I was informed therefore that granular cookie control and saving consent with id and date is not required at this time.

Also I found this article interesting about not requiring explicit opt-in for standard Google Analytics https://www.peakdemand.co.uk/blog/the-impact-of-gdpr-on-google-analytics/

If you're interested in sharing info on GDPR then you're welcome to email me. I've been watching some free GDPR videos that are prepared by a UK lawyer.

[ToX82]

That's great to know. AFAIK, the situation is basically the same in Italy and I guess it's probably the same for the whole EU.

Please let me know whenever you have new informations!

[Ezyweb-uk]

One last note. I asked the ICO about whether prior consent was required, ie do non-essential cookies need to be blocked before consent is received. They refered me to their 'Guidance on the rules on use of cookies and similar technologies' pdf https://ico.org.uk/media/for-organisations/documents/1545/cookies_guidance.pdf page 7 ‘Prior’ consent. It seems to be a grey area, here's an extract from their guidance:

"Wherever possible the setting of cookies should be delayed until users have had the opportunity to understand what cookies are being used and make their choice. Where this is not possible at present websites should be able to demonstrate that they are doing as much as possible to reduce the amount of time before the user receives information about cookies and is provided with options. A key point here is ensuring that the information you provide is not just clear and comprehensive but also readily available."