GDPR Questions

[sadams101]

I have two questions about GDPR settings/compliance, and I have read all blog posts here that cover this.

1) If I turn on the bar to guests which notifies them of my site's cookie usage (Guest Options -> Show terms of service confirmation bar to Guests?), but do not force Guests to accept this, will the fact that the bar is always showing to guests, including google spider, interfere in any way with the spiders when they index my site? (I think I know the answer, but want to be 100% sure here).

2) Are we sure that it is not GDPR compliant to have the opt-in newsletter box checked by default?

 

[asigno]

1. Won't cause an issue - https://twitter.com/methode/status/843828128711495682?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.seroundtable.com%2Fgooglebot-can-detect-cookies-23583.html

2. Very sure - GDPR guidelines state explicit opt-in.

Specifically in regards to opt-in checkboxes, almost every one are using one click functionality, it's debatable if that's actually enough. PageFair's suggested mechanism for “explicit consent” is two step opt-in.

https://pagefair.com/blog/2018/granular-gdpr-consent/

 

[sadams101]

Re: #2, I will have a plugin developed which, when people register, detects GDPR countries and un-checks the newsletters box, otherwise it will be checked. I don't plan to have these silly GDPR rules affect my core business, which is in North America.

[sadams101]

Also, although Google my still be able to properly spider sites with this pop up message, I am also concerned that they will punish sites in search that have these pop ups--as they did announce that they are in fact going to do this. So I am very concerned that my search results will suffer with this pop up cookie warning message turned on.

[bfarber]

6 hours ago, sadams101 said:

Also, although Google my still be able to properly spider sites with this pop up message, I am also concerned that they will punish sites in search that have these pop ups--as they did announce that they are in fact going to do this. So I am very concerned that my search results will suffer with this pop up cookie warning message turned on.

Do you have a link to where you read this?

[sadams101]

Here are some links. The second one says that a cookie warning overlay "if used responsibly" should not cause a penalty, but it doesn't really clarify in detail what "responsibly" means.

https://moz.com/blog/popups-seo-whiteboard-friday

and this is from google:

https://webmasters.googleblog.com/2016/08/helping-users-easily-access-content-on.html

Another concern for sites that rely on ad revenue, like mine, having this overlay displayed to all guests will likely lower my site's "Viewability" score for my ads. This is essentially a % ranking of each google ad that is shown on my site. This data is collected, automatically, by google's bots & scripts. With this overlay I suspect that my advertising "Viewability" score will drop because the percent of viewable ad space, on mobile especially, has dropped considerably. A potential solution is to not show this to spiders and bots, but I'm not sure if that would solve the issue. 

[Joel R]

That same Google post specifically exempts techniques for:

• Interstitials that appear to be in response to a legal obligation, such as for cookie usage or for age verification.

[sadams101]

I still think there should be a country option for displaying this...and I may have a plugin developed that does this for me. Why display it to the entire world, when the legal obligation lies only in Europe, where I get ~5-7% of my traffic. 

Google's ad viewability will still be an issue.

[Hexsplosions]

2 minutes ago, sadams101 said:

I still think there should be a country option for displaying this

I think that'd potentially hurt performance across the board. You'd surely have to lookup every IP address that visits to determine the source of the visit before you know whether it's required?

[bfarber]

Yeah...unfortunately there isn't a reliable way to determine what country a user is from.

I (an American) could be visiting Europe and would appear to be a European user based strictly on IP address lookup, and vice-versa. Unfortunately, targeting by country without explicitly confirming the visitor's country would not likely fulfill your "obligations" if you are intending to comply with GDPR and similar laws for European users.

[sadams101]

Europeans do not take their laws with them when they visit other countries--the GDPR law does not apply to a European once they are in the USA, for example. I do not have to have my newsletter check box unchecked for anyone in the USA--no laws say that, and GDPR laws can't apply to them here. SO, the plugin is created and working, and anyone in a GDPR country will see that box unchecked. It works perfectly, and is GDPR compliant.

[sadams101]

PS - Showing the cookie warning for guests also dropped my Google ads view ability by ~5%, and is causing lost revenue. The quick way of dealing with this is that I've drastically shrunk the amount of text in the message--stripped it to the very bare minimum.  Performance would likely suffer too much if I did the same thing for this message, but I will explore this as well.

[sadams101]

Oh, and another thing--the EU should have required browsers to have the cookie warning, not every web site in the world. This would have affected 3-5 companies in the world, not every website in the world.

[TheJackal84]

53 minutes ago, sadams101 said:

Europeans do not take their laws with them when they visit other countries--the GDPR law does not apply to a European once they are in the USA, for example. I do not have to have my newsletter check box unchecked for anyone in the USA--no laws say that, and GDPR laws can't apply to them here.

Some people will not like this answer, but, Like you said the EU have no jurisdiction in the USA, do you honestly think that if the EU went to the US goverment and said, we want this man extradited to us for prosecution because he had a checkbox clicked on his website and our laws say he can't, that the goverment will say yes OK here he is, for starters the $$$ it will cost the courts etc would not be worth it, plus the goverment will probably say well he didn't break our laws and he is not excatly dangerous, that is even if they tried anyway

[opentype]

1 minute ago, TheJackal84 said:

Some people will not like this answer, but, Like you said the EU have no jurisdiction in the USA, do you honestly think that if the EU went to the US goverment and said, we want this man extradited to us because he had a checkbox clicked on his website and our laws say he can't, that the goverment will say yes OK here he is, for starters the $$$ it will cost the courts etc would not be worth it, plus the goverment will probably say well he didn't break our laws and he is not excatly dangerous, that is even if they tried anyway

Great strawman. 

[sadams101]

Well, my point is that I am complying with the GDPR -- users in those countries will see my newsletter box unchecked. This is, in my opinion, how IPB should set this up. Anyone interested in the plugin can contact @DawPi

You can add countries to this later, should other countries adopt similar laws.

[TheJackal84]

2 minutes ago, opentype said:

Great strawman. 

As I said

7 minutes ago, TheJackal84 said:

Some people will not like this answer

1 minute ago, sadams101 said:

my point is that I am complying with the GDPR -- users in those countries will see my newsletter box unchecked.

and what if they are using a VPN?

[sadams101]

BTW: Does anyone know how to edit the CSS for the new cookie warning message? I plan to shrink the size of this, especially on mobile.

Are the regulators who check this going to be using a VPN that shows them as being outside of Europe, where there laws don't apply? Really I could care less. I don't want to see my newsletter subscribers drop by 70% because of this silly new law--90% of my newsletter subscribers are in North America.

[TheJackal84]

2 minutes ago, sadams101 said:

BTW: Does anyone know how to edit the CSS for the new cookie warning message? I plan to shrink the size of this, especially on mobile.

@Nathan Explosion created a free plugin on a topic somewhere what can modify the message and the cookie page, maybe he can share the link to the topic once he see's this post

4 minutes ago, sadams101 said:

Are the regulators who check this going to be using a VPN that shows them as being outside of Europe, where there laws don't apply? Really I could care less. I don't want to see my newsletter subscribers drop by 70% because of this silly new law--90% of my newsletter subscribers are in North America.

I don't think the regulators will be human lol just a very big computer, it would take 100 years and a thousand people to manually check each website online maybe more

[DawPi]

1 hour ago, sadams101 said:

Anyone interested in the plugin can contact @DawPi

 

I did it. ?

[Nathan Explosion]

1 hour ago, TheJackal84 said:

@Nathan Explosion created a free plugin on a topic somewhere what can modify the message and the cookie page, maybe he can share the link to the topic once he see's this post

 

[bfarber]

Frankly, your solution is not GDPR-compliant (the regulations are meant to protect Europeans globally, not just when they visit from within Europe), however its up to you how much you actually care. ? If you are located in the US, it is unlikely the EU is going to come after you for GDPR compliance (at least initially).

[sadams101]

As mentioned, I was a corporate and criminal paralegal for 7 years, and I know for a fact that GDPR laws cannot cover Europeans when they are outside of Europe, how could it? It would be like me claiming that my American laws must be enforced for me when I visit Europe. 

This solution, I believe, is fully GDPR complaint. I don't wish to debate it because none of us are lawyers, but I won't be losing 60-70% of my eNewsletter subscribers in North America due to these silly rules (that supposedly protect people). It works beautifully, and the solution can be adjusted if necessary.

[Mark]

There is no way to reliably detect what country a user is in.

Right now, I am in the UK, but my IP address will indicate me being in the USA (because I'm using a VPN) and my browser is sending a header indicating Australia as my preferred region (because that's where I normally am).

While your solution appears to work beautifully, I am afraid, it is buggy. What you are trying to do is not technically possible.

The most reliable (but not 100% reliable) method would actually be to use timezone detection.