✨ Feat (UI): Implement Granular Consent UI for GDPR Compliance 🍪

chriskyfung commented 10 months ago

Title: Implement Granular Consent UI for GDPR Compliance

Description

The current AMP-ready Jekyll theme includes services that utilize cookies to store user data. To ensure compliance with the General Data Protection Regulation (GDPR), we need to implement a granular consent UI that allows users to control their cookies on a per-purpose basis.

Problem

The theme does not currently provide users with a way to opt in or out of specific cookie purposes, which could result in non-compliance with GDPR requirements.

Proposed Solution

We propose implementing a Consent UI that includes the following features:

[x] Granular Consent: Users should be able to consent to or reject individual cookie purposes separately.
[ ] Clear and Transparent Information: Users should be provided with clear and concise information about each cookie purpose before giving their consent.
[ ] Easy to Access: The Consent UI should be easily accessible and visible to users.
[ ] AMP Compatibility: The Consent UI must be implemented in a way that maintains AMP validity.

Possible Implementations

One possible implementation could involve using a third-party consent management platform (CMP) that is AMP-compatible. CMPs provide a range of features out-of-the-box, including granular consent options, data collection, and reporting.

Another approach could be to develop a custom Consent UI using AMP elements. This would require more development effort but could provide greater control over the UI's design and functionality.

Benefits

Implementing a granular Consent UI will provide the following benefits:

GDPR Compliance: Ensure that the theme complies with GDPR requirements for cookie consent.
User Privacy Protection: Give users control over their personal data and how it is used.
Improved User Experience: Empower users to make informed decisions about their cookie preferences.

Timeline

This feature should be prioritized and completed within the next sprint.

Assignee

To be assigned after discussion and review of proposed implementations.

Additional Notes

We should consider using a CMP that is lightweight and does not impact page performance.
The Consent UI should be designed to be user-friendly and easy to understand.
We should provide documentation and guidance to users on how to use the Consent UI.

Development of a custom Consent UI using AMP elements

Objectives

Create a user-friendly and compliant Consent UI using AMP elements.
Ensure compliance with industry regulations and best practices.
Provide a seamless and transparent user experience.

Tasks

Phase 1: Design and Development

[ ] Design the Consent UI using AMP elements, considering accessibility and responsiveness.
[x] Develop the UI using AMP's HTML and JavaScript components.
[x] Implement the necessary AMP state management and event handling.
[x] Ensure the UI is visually appealing and aligns with the brand guidelines.

Phase 2: Integration and Testing

[x] Integrate the Consent UI into the existing website or application.
[ ] Conduct thorough testing to verify functionality, performance, and accessibility.
[ ] Perform user acceptance testing to gather feedback and validate the UI.

Phase 3: Deployment and Maintenance

[x] Deploy the Consent UI on the production site.
[ ] Monitor the UI's performance and address any issues promptly.
[ ] Regularly update the UI to maintain compliance and enhance user experience.

Additional Tasks

[ ] Legal Compliance: Review and align the Consent UI with applicable laws and regulations.
[ ] Transparency: Provide clear and concise information to users about the purpose and use of their data.
[x] Granularity: Allow users to specify granular consent preferences for different purposes and vendors.
[x] Revocability: Enable users to easily revoke their consent at any time.
[ ] Accessibility: Ensure the Consent UI is accessible to users with disabilities.
[ ] Vendor Management: Integrate with vendor consent management platforms to streamline consent collection and management.

chriskyfung commented 8 months ago

Proposed Consent UI Design

To collect cookie consent on AMP pages, we intend to incorporate the following AMP components in the design of the Consent UI:

<amp-bind>
<amp-consent>
<amp-script>

To gather cookie consent on AMP pages, it's necessary to utilize the <amp-consent> element along with the data-block-on-consent or data-block-on-consent-purposes attribute.

Our Consent UI is designed to manage the following specific user interactions:

Display a consent banner when user consent hasn't been granted;
Provide an option for users to accept all purposes by clicking a button on the banner;
Enable users to open a modal and hide the banner by clicking the "Preference" button on the banner;
Within the modal, use check boxes to allow users to select the purposes they consent to;
Close the modal and apply the user's consent choices by clicking a button on the modal;
Close the modal and reject all consent purposes, except for necessary cookies, by clicking another button on the modal;
Re-display the consent banner when the user clicks on the post-consent UI.

The <amp-bind>, <amp-consent>, and <amp-script> elements play crucial roles in the Consent UI design. Here's how they function:

<amp-bind>: This AMP component allows elements on the page to have their attributes, CSS classes, and text contents dynamically changed in response to user actions or data changes. In the context of the Consent UI, <amp-bind> is used to manage the consent states for different types of cookies (essential, functional, analytics, advertising). It can dynamically show or hide certain UI elements based on the user's consent preferences.
<amp-consent>: This is a key component for managing user consent. It provides the ability to show a customizable consent UI, and it handles user interactions with this UI. In the Consent UI design, <amp-consent> is used to set up the consent banner and the cookie preference modal. It also manages the post-consent UI, which includes a button that prompts the consent UI when clicked.
<amp-script>: This AMP component allows custom JavaScript to be run on AMP pages. In the Consent UI, <amp-script> is used to load the stored consent states from the local storage and override the default values defined in the <amp-state>. This is crucial for maintaining the user's consent preferences across different browsing sessions.

The interaction between these elements is as follows:

<amp-bind> and <amp-consent> work together to manage and reflect the user's consent preferences in the UI. For example, certain parts of the UI may be shown or hidden based on the consent states managed by <amp-bind>.
<amp-script> interacts with <amp-bind> by loading the stored consent states from the local storage and updating the <amp-state> accordingly. This ensures that the user's consent preferences are remembered across different browsing sessions.
<amp-consent> uses the consent states managed by <amp-bind> to decide when to show the consent UI (e.g., when the user has not yet given their consent for certain types of cookies).

References:

chriskyfung commented 8 months ago

Cookie Consent Samples

CodePen:

Glitch:

Amp Rejected Consent Placeholder

And more...:

chriskyfung commented 8 months ago

chriskyfung / amp-affiliately-jekyll-theme