[Bug]: We are not asking for visitors consent to use analytics cookies

[r-ferrier]

Description

Spotify use several cookies, including google analytics cookies, to track vistors' behaviour on pages where we have a spotify player embedded.

The new youtube embed removes many of the cookies but it does still add some cookies. I think these are all functional but haven't fully investigated. We also mention in our privacy policy that we may collect anonymous analytics data. We never ask for consent/ alert users to the fact that we store cookies for either of these, which we also should be doing.

https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/what-are-the-rules-on-cookies-and-similar-technologies/

I think we need to either:

• remove spotify embeds and stop using anonymous analytics data (do we actually even do this?)
• add a banner to alert users on first visit to the site that we use functional cookies

or

• add a banner to alert users on first visit to the site that we use functional cookies and ask for consent to use third party analytics cookies
• if consent not given, we do not load spotify iframes

[aaaaargZombies]

My misadventure into elm-js interop meant that I did some investigation into web components, turns out they are very cool. Maybe we change our shortcode to use a webcomponent and host the file ourself? keeping the links to spotify etc for people who want to subscribe like that.

here's the first one I clicked on https://nadikun.com/code/paper-audio-player/demo/

[aaaaargZombies]

https://plausible.io/data-policy

GDPR, CCPA and PECR compliant web analytics

By using Plausible, you don’t need to have any GDPR, CCPA or PECR prompts and you don’t need a complex privacy policy about your use of analytics and cookies. With Plausible, you are not tracking any personal data after all. Your visitors can enjoy your site without any annoyances and distractions.

[r-ferrier]

My misadventure into elm-js interop meant that I did some investigation into web components, turns out they are very cool. Maybe we change our shortcode to use a webcomponent and host the file ourself? keeping the links to spotify etc for people who want to subscribe like that.

here's the first one I clicked on https://nadikun.com/code/paper-audio-player/demo/

this looks interesting, will have a look

[aaaaargZombies]

youtube info with the nocookies domain thing https://support.google.com/youtube/answer/171780?hl=en#zippy=%2Cturn-on-privacy-enhanced-mode

[aaaaargZombies]

@honor-gfsc CC

[r-ferrier]

I don't think just using the nocookies domain for youtube is enough:

https://devowl.io/2022/youtube-website-gdpr/

[r-ferrier]

Have made a proposal for dealing with cookies on the website, this will remain blocked until this is agreed on