GDPR compliance?

[felixhelix]

Hi, any ideas about the GDPR compliance of the plugin? I think it plausible that disqus immediately processes (and probably also collects data) personal data in form of the user's IP. Also the embedded twitter and facebook buttons could be a problem. What do you think? Regards, Felix

[ajnyga]

Hi,

I have not looked into it while our journals do not use the plugin. But most likely there is a tracking cookie of some kind involved. Not sure if it contains or is connected to personal data. If you create an account for commenting, then you most likely need to comply to Disqus privacy policy which then resolves the problem. But what cookies are set when you do not comment, I do not know in detail.

The plugin itself is very simple, it just adds the embed code Disqus provides for other platforms as well.

[felixhelix]

Hi @ajnyga,
thanks for your comment on this. I found another thread related to the twitter plugin, which questions the compliance of any 3rd party content provided by embedding (https://github.com/RBoelter/twitterBlock/issues/8, see also https://github.com/trewknowledge/GDPR/issues/33). As far as I understand these threads, the use of the disqus widget should be considered illegal in European countries. I extended the OJS plugin so that the disqus js is only loaded after user consent. It also remembers the user's choice by setting a session cookie. If you feel like this could be of interest I could make a pull request. But I don't think that it will be much asked for: My post in the german OJS user forum did not entice any comment so far. Regards, Felix