Bring our cookies up to industry standards

[imnasnainaec]

Look for maintained library that cover GDPR, and maybe even uses their clear language. ... and avoid the bad interfaces:

ToDo:

• [x] Cookie consent popup
  • [x] Briefly and clearly describe Strictly necessary cookies that are required for user
  • [x] Allow easy opt in/out of Statistics cookies or Performance cookies for analytics
• [x] Store cookie selection/acknowledgement in Local Storage or a cookie
• ~Connect cookie selection to logged-in user~
• [x] Add section in User Settings for changing selection
• [x] Localize all gui strings
• [x] Match style to our MUI style
• [x] Only run analytics scripts when consent has been given

[imnasnainaec]

Allow opting out of analytics (cf #3005)

[imnasnainaec]

From https://gdpr.eu/cookies/:

Cookie compliance To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:

• Receive users’ consent before you use any cookies except strictly necessary cookies. Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
• Document and store consent received from users.
• Allow users to access your service even if they refuse to allow the use of certain cookies
• Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

And we're only using:

• Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.
• Statistics cookies — Also known as “performance cookies,” these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions. This includes cookies from third-party analytics services as long as the cookies are for the exclusive use of the owner of the website visited.

(... no Preferences or Marketing cookies).

[imnasnainaec]

A possible package to use: https://www.npmjs.com/package/vanilla-cookieconsent https://github.com/orestbida/cookieconsent