GDPR compliance

[Horizon]

1.) I would like to comply with GDPR showing GDPR cookie warning in countries which require it
2.) I don't want to show an unnecessary popup/warning to countries which do not require the GDPR cookie warning (thankfully, being so far in a country which doesn't require it, I find it more annoying than useful to my own browsing.)

I'm not quite sure I understand the meaning/implications of this option under Basic Settings

Block all cookies
[]enable []disable Prevents cookies from being saved and terminates user session (GDPR). When enabled the pop-up will be shown to all users, regardless of their country.

Is it possible to comply with GDPR in countries which require it without having to show the cookie warning to countries which don't require it?

[Horizon]

Still thinking about this.

In the demo with the nova template, if you check the box
Block all cookies
[x]enable
It doesn't seem to block all cookies. There is a time cookie set, and if you click a heart for example a favorites cookie is created...

And is there a way to enable the block all cookies option until consent and also geo-target the notice so the popup is only shown where it is required?

[Rudi]

You can set these options via Basic Settings > Cookie Policy > Country codes for cookie policy & Block all cookies

[Horizon]

Yes, that's where I've set it.

My questions:

1.) Would it be difficult to show it to only the country list entered AND block cookies until the accept button is pressed?

2.) When I click enable on the second option in the demo admin to block all cookies before accept, all cookies don't seem to be blocked before hitting the Accept button.
I clicked [x]enable on that checkbox, and then browsed the user side without clicking Accept, and see that the following cookies were set anyway:
PHPSESSID
client_utc_time
grid_mode
and when I clicked a heart icon, favorites

Will do some more testing to see if I'm somehow messing this up. Testing with edge browser in windows sandbox. Will test with another browser.

[Rudi]

It works the way you need: appears only for the country codes you set in the settings and blocks cookies until user accepts the cookie policy

[Horizon]

Thanks,

Excellent to hear that it should work, but it's not quite working on my site. Possibly I should put in a ticket to have you look at it.

My main concern:

Tested three times now, and if I click enable for

Block all cookies
[x]enable []disable Prevents cookies from being saved and terminates user session (GDPR). When enabled the pop-up will be shown to all users, regardless of their country.

It shows to me in the US even though US is not in the country list. That seems to be what the description says there, but it would be much better if it "appears only for the country codes you set in the settings and blocks cookies until user accepts the cookie policy." It doesn't show a newer version available, but maybe I need something to be tweaked there.

If I click disable for the block option, then cookies aren't blocked if you don't click Accept as a user. So I'm afraid this wouldn't be GDPR compliant. If I click enable, it's showing for the US even though US is not in country list, and I'm afraid that may annoy the majority of my users unnecessarily since it's not required for the majority of my users, only less than 5% require GDPR notice at this point in time.

Minor concerns:

Also if I click enable for the block option, it initially prevents all but two cookies from being set on first page load; however PHPSESSID still shows as a set cookie although it shows content: deleted, and client_utc_time shows as a set cookie although it shows its content as blank. I'm not sure if this would be ok with gdpr letter of the law to set cookies and have their contents be blank; maybe that is fine - I am not sure?

Then if you click a list/grid button or a heart to add a favorite on a listing type page, a favorites or grid_mode cookie is set even if you don't click accept on the cookie popup as a user. If you then navigate to the homepage again, the favorites or grid_mode cookie is deleted. I'm not sure if this is quite right since the cookie is set without clicking accept. Maybe this is close enough to not be a problem, I am not quite sure.

[Horizon]

Just wanted to follow up my forum post and say Thank you Rudi / Flynax. My main concern is now solved and the cookie policy plugin is working the way I wanted it to which is great - showing only to the country list AND blocking cookies (only) if visitor's geo location is on the country list. THANKS!