search

google / site-kit-wp

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.
https://sitekit.withgoogle.com
Apache License 2.0
1.23k stars 287 forks source link

GDPR (EU Compliance) related-features #462

Closed RicaNeaga closed 4 months ago

RicaNeaga commented 5 years ago

Feature Description

Plase take a look here, it's described fully by the most popular Google Analytics integration plugin staff - https://wordpress.org/support/topic/google-analytics-eu-compliance/

So please implement in your FREE plugin two features:

  1. A clear and described how-to tutorial on how the website can be fully compatible with GDPR via your plugin (& Analytics) integration

  2. At least a recommended solution for the Visitor Opt-In / Opt-Out Box (frontend UI).

Or, best-case-scenario, an integrated slim feature for this, like we can find now in this very slim Analytics integration (another example than the one in the link above, Google Analytics Dashboard Plugin for WordPress by MonsterInsights) - https://plugin-planet.com/ga-google-analytics-pro/

Thanks :)

Do not alter or remove anything below. The following sections will be managed by moderators only.

Acceptance criteria

Implementation Brief

Changelog entry

jamesozzie commented 5 years ago

@RicaNeaga Nice suggestion, this functionality is something that has been discussed and will be implemented in future releases.

You can also use this WordPress mini plugin. It works as an extension to Site Kit to ensure IP Addresses are anonymized.

Alternatively, here's a description of how to add filters to the plugin that would allow a developer to modify the Analytics implementation, specifically under the "Anonymizing IP Addresses" section.

Gicminos commented 5 years ago

In the meantime, how do you block google cookies before a prior consent from the user?

RicaNeaga commented 5 years ago

Not exactly a must / it's in the gray area - please see 1.3 here (given the following requirements on that page are met) - https://blog.oriel.io/2019/01/24/how-to-make-google-analytics-gdpr-compliant/

However, this must be made clear by Google, and their next wordpress plugin must have an unequivocally and fully compliant GDPR policy (enabled by default, so it can help the regular user).

Zodiac1978 commented 4 years ago

Recent decision from the European Court of Justice is demanding opt-in for tracking cookies: https://siriuslegaladvocaten.be/en/no-consent-no-cookie-says-the-european-court-of-justice/

If this is not possible to configure, this plugin is breaking the law in every country of the EU.

RicaNeaga commented 4 years ago

Nice catch :) So a consent is MANDATORY before analytics becomes active on the website.

It's a pity Google decided to put out a beta version of this plugin, calling it usable and final. Besides this GDPR ticket, there are also other woocommerce related tickets out there...

https://github.com/google/site-kit-wp/issues/202 https://github.com/google/site-kit-wp/issues/459 https://github.com/google/site-kit-wp/issues/786

Hopefully at some point Google will be more into making stable / legal / functional & usable tools for wordpress & woocommerce. No wonder their plugins are so poorly reviewed by wordpress users... https://profiles.wordpress.org/google/#content-plugins

swissspidy commented 4 years ago

The plugin is definitely not final. It's a version 1 that we wanted to share with our users who have been waiting a long time for such suite of tools.

We are now working on hard on fixing any bugs that come along such a very first version, and are carefully considering any new enhancements and features — including in the areas of e-commerce and GDPR.

Alexxxis88 commented 4 years ago

Is there any update on this issue or workarounds to make Site Kit GDPR compliant ?

It looks like a great tool to use on clients' website, however since I'm based in Europe I can't take the risk to violate GDPR rules using it as it is.

imagine commented 4 years ago

I just setup my first site in WordPress. I will be using an alternative plugin until this issue is resolved. Major brand trust erosion that Google would keep this plugin active without at least a warning in the plugin description.

AkshayRao27 commented 4 years ago

I just set one of my websites up. I wanted to install this plugin but it looks like this is still not implemented. Does anyone know of a workaround? If not, then I guess I'll have to look for a different plugin. I'm honestly quite disappointed that this has been open for a year and has no updates. But then again, is it really surprising?

AertHulsebos commented 4 years ago

Please refer to https://wordpress.org/support/topic/consent-api-integration/,

This would lay the groundwork to comply with privacy laws world wide.

rlankhorst commented 4 years ago

+1 for the WP Consent API integration

See also:

https://make.wordpress.org/core/features/ https://github.com/rlankhorst/wp-consent-level-api/ https://wpconsentapi.org/

For any questions on what this aims to do, see the docs, or just ask me :)

Depending on the website settings, the plugin can check for wp_has_consent('statistics-anonymous') or wp_has_consent('statistics')

The consent management plugin the webmaster has chosen can handle the actual consent. The WP Consent API will pass this through to Google Site Kit.

mikezielonka commented 3 years ago

Just was browsing the docs to review the current status of GDPR compliance for sitekit. Hope this makes it into a future sprint in the near future. 👍

radusalagean commented 3 years ago

I spent the last couple of days trying to get SiteKit Google Analytics integrated with a consent popup on my WordPress site. The plugin is great, the first time setup was a breeze and I really wanted to keep using it, especially since this is an official plugin by Google and there is no extra unnecessary stuff attached from third parties. However, being unable to use it in a legal way (i.e. complying to GDPR laws) makes me wanna uninstall it and look for alternatives.

I'm not a web developer, that's why I went with a WordPress blog, I only wanted to have a website up quickly, and focus instead on creating content for it.

Also checked https://github.com/google/site-kit-wp/issues/2087. I don't really understand if this API is meant for us, users of the SiteKit plugin, or if this API is even available at all.

It's probably safe to assume a lot of people install SiteKit and enable Google Analytics, then install a consent popup plugin, and then they think their site is now GDPR compliant, meanwhile the consent popup is not hooked up to anything, it doesn't block any analytics scripts or cookies. You can clearly see the network traffic in Chrome Developer Tools. I doubt many WordPress site owners even know how to check if the consent popup they installed actually works.

I hope people in charge of this plugin can see why this is very problematic... people think they are in legality when actually they are not.

AertHulsebos commented 3 years ago

Hi @radusalagean the proposal exists, as can be read above.

https://github.com/google/site-kit-wp/issues/462#issuecomment-676511017

We (Complianz.io) have a direct integration and built the API, but would rather move our consent efforts toward a universal approach for any plugin that might need consent levels. I'm pretty sure between @rlankhorst & @felixarntz we can implement this rather quickly. Then any consent plugin is welcome to conform, now both Complianz & Cookiebot use the API already.

Just an FYI :-)

regards Aert

over-engineer commented 3 years ago

I spent the last couple of days trying to get SiteKit Google Analytics integrated with a consent popup on my WordPress site.

@radusalagean Hey! Just out of curiosity, which consent popup were you trying to integrate with SiteKit Google Analytics?

radusalagean commented 3 years ago

#462 (comment)

@AertHulsebos Thanks, I will have a look.

@radusalagean Hey! Just out of curiosity, which consent popup were you trying to integrate with SiteKit Google Analytics?

Hey! I tried both https://wordpress.org/plugins/cookie-law-info/ (free version of the plugin) and https://www.cookieyes.com/cookieyes-code-installation-on-wordpress/ (which is not a plugin, but they give you a script which I included in the head).

The popups appeared correctly, but neither were blocking the analytics. Looks like the plugin one has integration with MonsterInsights plugin and it claims to work out of the box. I haven't tried it yet, but I will later and if it works, I'll probably use that from now on.

Later edit: Ended up removing SiteKit and going for a more manual approach for Google Analytics. I did a manual property creation in Google Analytics after removing the auto generated ones by SiteKit. Afterwards, I took the generated code snippet from the "Global site tag (gtag.js)" section from "Property settings" > "Data Streams". I pasted that code in the "Head scripts" section of the free plugin I linked above, for the appropriate category (Analytics). Now the script runs only after consent is given.

Likewise, since I had SiteKit set up with Search Console too, I did a manual verification instead for the Search Console on a domain level (TXT entry on the DNS).

Looking back at it, I should have done this earlier, but I wasn't aware it was possible. Again, I consider myself a newbie at best when it comes to web dev and the abundance of articles available on the internet that explain how to integrate Google Analytics using their third party services made me think it wasn't even possible to do it manually, without third parties. Luckily I finally stumbled across one that did show the manual approach as an alternative. All in all, I am happy this is finally sorted out and I can start creating content on my website.

srodrigo commented 1 year ago

The only plugin I found that hopefully works with Site Kit is Complianz.

It'd be cool to finish proper support so other plugins can integrate, as otherwise Site Kit is not viable at all.

adamdunnage commented 1 year ago

@srodrigo We are in the process of updating our [GDPR compliance and privacy documentation](GDPR compliance and privacy) which will include some further third party plugin recommendations. Some of these work natively with Site Kit by providing plugin-specific configurations. Some of the more popular plugins include:

Cookieyes:

Complianz gdpr/ccpa cookie consent:

gdpr cookie compliance (ccpa, dsgvo, cookie consent):

cookiebot | gdpr/ccpa compliant cookie consent and control:

Hope this helps and do keep an eye out for the updated documentation which will be coming soon.

srodrigo commented 1 year ago

@adamdunnage thanks for the update. That's absolutely brilliant!!! Do you have any idea of the ETA for the documentation update?

adamdunnage commented 1 year ago

@srodrigo You are very welcome. I would expect this in the next few weeks but I cannot provide a concrete date unfortunately.

srodrigo commented 1 year ago

@adamdunnage thanks! No problem. Not a commitment, just to have a brief idea. A few weeks sounds great :)

jamesozzie commented 4 months ago

Now that we have a guide related to GDPR I'll close this GitHub issue.

We also have consent mode added to Site Kit, with some suggestions on consent management plugins added to that guide. These are plugins that are known to work with consent mode within Site Kit. These do have opt in/opt out configurations as per this feature request.