Search…

X3 Photo Gallery Support Forums

Search…
 
User avatar
ulfklose
Experienced
Topic Author
Posts: 48
Joined: 10 Dec 2019, 09:10

EU Cookie Consent and new regulations

29 Dec 2019, 07:13

Did you already see those new cookie consent court decisions? I'm not a lawyer so I'm not sure if that's necessary at all for a photo website although we can use Google Analytics which is an unnecessary cookie.

https://www.ionos.de/digitalguide/websi ... ichtlinie/

I let this text translate via DeepL (https://www.deepl.com/translator), it's quite good. The text is too long to translate it in one piece with the free version of DeepL otherwise I would have done this for you. I haven't found a native English article with a similar content, but as I said, using DeepL I guess you'll understand what we are dealing with here. 

This WordPress plugin shows what I guess is necessary in the EU. Totally annoying but it's the law :-/.

https://de.borlabs.io/borlabs-cookie/

To summarize what I understood: the user has to be able to decide wether he wanted to allow tracking cookies or only allow mandatory cookies which are necessary for the website to work.
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: EU Cookie Consent and new regulations

29 Dec 2019, 07:38

It's clear that the cookie law is to prevent companies from tracking non-anonymous user data, normally across websites, indirectly for commercial gain. X3 does not use cookies, except for the panel login, which is only used for login purposes (necessary for the website to function, and only affects the admin user anyway).

Are you using Google Analytics? If so, and if you are paranoid, then why not just enable the cookie plugin that requires the user to click OK to accept cookies?
 
User avatar
ulfklose
Experienced
Topic Author
Posts: 48
Joined: 10 Dec 2019, 09:10

Re: EU Cookie Consent and new regulations

29 Dec 2019, 08:37

mjau-mjau wrote: Are you using Google Analytics? If so, and if you are paranoid, then why not just enable the cookie plugin that requires the user to click OK to accept cookies?
Because from what I understand that isn't enough. A user has to be able to opt-in and not only to accept that there are cookies or opt-out later.

I'm not the only one from the EU here, maybe someone else can give more insight as I can. I'm still a little bit confused about what's really necessary but, as I already mentioned, from what I understand the website user has to be able to opt-out of the tracking and not only accept that he or she is being tracked. It's all explained in the article I linked in my original post.
Last edited by ulfklose on 29 Dec 2019, 08:44, edited 1 time in total.
 
User avatar
ulfklose
Experienced
Topic Author
Posts: 48
Joined: 10 Dec 2019, 09:10

Re: EU Cookie Consent and new regulations

29 Dec 2019, 08:40

Another article which explains the issue (unfortunately in German as well, but very readable with the use of DeepL): https://www.e-recht24.de/news/datenschu ... licht.html

By the way, this has nothing to do with being paranoid. There have already been really hefty fines against companies which ignored the "new" regulations. And that is nothing one of your customers wants I guess.
 
User avatar
ulfklose
Experienced
Topic Author
Posts: 48
Joined: 10 Dec 2019, 09:10

Re: EU Cookie Consent and new regulations

29 Dec 2019, 09:22

You can find another example for the "new way" here: https://www.exploit-db.com/

Probably only when your IP is from the EU. But I can send you a screenshot if you wish.
 
Unblind
Experienced
Posts: 25
Joined: 05 Nov 2018, 04:28

Re: EU Cookie Consent and new regulations

29 Dec 2019, 11:12

Die Frage ist doch immer: Was sind personenbezogene Daten? Eine Webseite, auf der sich niemand registriert oder anmeldet, auch keine Kommentare oder sonst etwas hinterlässt, was den Besucher identifizierbar macht, sammelt doch keine Personenbezogenen Daten?
Ich habe auf meiner Webseite das Ding aktiviert. Ist aber wohl sinnlos, weil ich noch nicht mal Analytics verwende. Mich interessiert keine Statistik.
liebe Grüße
Unblind
 
User avatar
ulfklose
Experienced
Topic Author
Posts: 48
Joined: 10 Dec 2019, 09:10

Re: EU Cookie Consent and new regulations

29 Dec 2019, 18:22

Unblind wrote: Die Frage ist doch immer: Was sind personenbezogene Daten? Eine Webseite, auf der sich niemand registriert oder anmeldet, auch keine Kommentare oder sonst etwas hinterlässt, was den Besucher identifizierbar macht, sammelt doch keine Personenbezogenen Daten?
Ich habe auf meiner Webseite das Ding aktiviert. Ist aber wohl sinnlos, weil ich noch nicht mal Analytics verwende. Mich interessiert keine Statistik.
In deinem Falle ist es tatsächlich überflüssig, du kannst es also meinem Verständnis nach auch abschalten. Wer keine Cookies setzt, und das lässt sich ganz einfach herausfinden, braucht auch keine Cookie-Warnung. Ich aber verwende Analytics und brauche das auch, wenigstens temporär. Für diesen Zeitraum benötige ich aber auch eine an die Gesetzeslage angepasste Lösung, fürchte ich.
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: EU Cookie Consent and new regulations

29 Dec 2019, 21:12

X3 simply uses the plugin below:
https://github.com/osano/cookieconsent
https://www.osano.com/cookieconsent

It definitely has options on how the warning is presented, although these options are not made available directly from the X3 plugin options (for example ACCEPT / DENY buttons, which clearly are explicit). In this case, you would simply have to add the plugin manually (Settings > Custom, add the script and JS config). I could probably assist.

Personally, although I don't want to write a long post, I think it's meaningless and counter-productive.
  • Did you ever (EVER) hear or read about any private person being contacted by the law for collecting anonymous data (like Google Analytics)?
  • The cookie laws are in place for one thing and one thing only: To stop companies (with emphasis on big actors like Facebook) from farming private data about users, enabling them to be tracked across websites (or when re-visiting), often indirectly used for commercial gain (ads).
  • It's the worst thing you can do to your website. There are not many things more annoying than having to click some [OK] button at bottom of screen immediately after visitor opens a website they want to visit (often quickly).
  • It's good what the EU laws are doing, but it's difficult for them to create the law properly. It's clear emphasis is to prevent tracking of PERSONAL data (without concent), that can be used to IDENTIFY and TRACK a user (for example IP address). If you just track for example the browser-name of all your visitors (and nothing else), then that's not personal, because it doesn't identify users, and can't be used to track them. Even Google Analytics has partially addressed this [ref].
I'm not here to debate though :zipper_mouth: If you feel you need extraordinary compliance, you may need a custom plugin configuration.
 
User avatar
ulfklose
Experienced
Topic Author
Posts: 48
Joined: 10 Dec 2019, 09:10

Re: EU Cookie Consent and new regulations

30 Dec 2019, 08:08

mjau-mjau wrote: X3 simply uses the plugin below:
https://github.com/osano/cookieconsent
https://www.osano.com/cookieconsent

It definitely has options on how the warning is presented, although these options are not made available directly from the X3 plugin options (for example ACCEPT / DENY buttons, which clearly are explicit). In this case, you would simply have to add the plugin manually (Settings > Custom, add the script and JS config). I could probably assist.
I will have a look into this.
mjau-mjau wrote:

Personally, although I don't want to write a long post, I think it's meaningless and counter-productive.
  • Did you ever (EVER) hear or read about any private person being contacted by the law for collecting anonymous data (like Google Analytics)?
  • The cookie laws are in place for one thing and one thing only: To stop companies (with emphasis on big actors like Facebook) from farming private data about users, enabling them to be tracked across websites (or when re-visiting), often indirectly used for commercial gain (ads).
  • It's the worst thing you can do to your website. There are not many things more annoying than having to click some [OK] button at bottom of screen immediately after visitor opens a website they want to visit (often quickly).
  • It's good what the EU laws are doing, but it's difficult for them to create the law properly. It's clear emphasis is to prevent tracking of PERSONAL data (without concent), that can be used to IDENTIFY and TRACK a user (for example IP address). If you just track for example the browser-name of all your visitors (and nothing else), then that's not personal, because it doesn't identify users, and can't be used to track them. Even Google Analytics has partially addressed this [ref].
I'm not here to debate though :zipper_mouth: If you feel you need extraordinary compliance, you may need a custom plugin configuration.
I'm definitely with you, I HATE these cookie banner warnings, I really do and I wished that we don't need them because they're ugly, clunky und quite hard to set up.

In Germany we have something called an "Abmahnung". This can happen to everyone and happened often even to small companies and private individuals who didn't have an impress on their website. An impress. Failing to satisfy the DSGVO regulations can result in an Abmahnung as well. And this can really happen to everyone. 

I don't think that the German regulatory authority will fine me because I failed to comply with the cookie regulations but a competitor or a so called Abmahnverband could try to serve me (and everyone else) an Abmahnung which could easily cost several hundred Euros.

https://www.e-recht24.de/artikel/datens ... ungen.html

This is really nothing highly hypothetic or individual.
 
User avatar
ulfklose
Experienced
Topic Author
Posts: 48
Joined: 10 Dec 2019, 09:10

Re: EU Cookie Consent and new regulations

30 Dec 2019, 18:12

I just tried Osano's hosted service. I have to make sure that the listener script is the first being loaded. What can I do to achieve that? The listener mode finds a lot of JavaScript but no cookies and none of the Google scripts, most probably because it's not the first script being loaded.
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: EU Cookie Consent and new regulations

30 Dec 2019, 23:25

You mean it listens for Google analytics? May I ask what the point of that is? Perhaps you have a link to the osano integration page?

Traditionally, a cookie consent plugin would simply load, and then display the cookie warning regardless of what else is happening on the page. Javascripts like to load "first" so they can initiate as early as possible, but it doesn't make much difference if they are loaded "at bottom", unless they have specific behavior.
 
User avatar
ulfklose
Experienced
Topic Author
Posts: 48
Joined: 10 Dec 2019, 09:10

Re: EU Cookie Consent and new regulations

31 Dec 2019, 04:34

Their script in Listener mode scans for all loaded scripts and cookies so that they can be classified into the different categories like essential, analytics etc. 

https://docs.osano.com/article/14-getting-started

That's why it has to be loaded before everything else I guess, to discover really everything that is being loaded on that particular site. After a while I got a quite extensive list with all the scripts that are being loaded for the gallery and everything else. In this list I can define categories and these categories can later be chosen by the user. 
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: EU Cookie Consent and new regulations

31 Dec 2019, 05:00

What exactly does the "hosted service" mean? I can't see any javascript implementation guides in that link. How did you originally load the script? The best way to get it as early as possible, would be to add the script into Settings > Custom > Custom <head> section:
Code
<script src="https://cdn.jsdelivr.net/npm/cookieconsent@3.1.1/build/cookieconsent.min.js"></script>
This might be after Google analytics, but the simple fix for that would be to disable Google Analytics from X3 (Settings > Accounts > Google Analytics), and then instead just add the basic Google Analytics script also into the same custom head section, below cookie consent.
 
User avatar
ulfklose
Experienced
Topic Author
Posts: 48
Joined: 10 Dec 2019, 09:10

Re: EU Cookie Consent and new regulations

31 Dec 2019, 05:12

Their hosted services hosts an individual cookie consense for your website which you can configure. 

https://www.osano.com/features/consent-management
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: EU Cookie Consent and new regulations

31 Dec 2019, 05:25

Looks good. They only host the javascript really, although perhaps you configure settings from their website also, which are then pushed into the javascript on load? My previous post still applies in regards to loading it as early as possible.