zlacker

[parent] [thread] 9 comments
1. zerost+(OP)[view] [source] 2018-05-18 10:21:57
i suggest you remove the 3 trackers from your blog, or at least let me see it without them. I m not trying to be snarky, just pointing out that removing everything is often very hard.
replies(2): >>def_tr+13 >>sdoeri+A3
2. def_tr+13[view] [source] 2018-05-18 11:00:33
>>zerost+(OP)
The site linked in their profile works just fine with all JS disabled.
replies(2): >>sdoeri+C3 >>zerost+R3
3. sdoeri+A3[view] [source] 2018-05-18 11:11:16
>>zerost+(OP)
Well. I know that I have GTM, GA with DC integration (currently) still active on my blog. DC integration will be dropped and the privacy page will be updated to describe, what I am tracking and how long data is being stored. As needed to comply with GDPR/DSGVO.

As I am still having 7 days to go and that is just a personal blog, I plan on using my free time to do that (would just take 3 - 5 minutes to disable everything if I wanted to by removing GTM and redeploying).

So removing everything is quite easy. It is way more difficult to selectively remove singular features - in this case the DoubleClick integration. As I am not doing that exact step all day (even being a data analyst with a focus on web data), I would have to look, where to configure that exactly. That would take longer.

So be snarky - I don't care, as I am already preparing for GDPR compliance and will have my house in order come May, 25th.

[Edit] Took 12 minutes in the end. Will take some time until caching catches up. Using a incognito instance all good to go regarding the trackers. "Only" the update for the privacy page remains for the weekend to do.

replies(1): >>leeree+eQ1
◧◩
4. sdoeri+C3[view] [source] [discussion] 2018-05-18 11:12:14
>>def_tr+13
Thanks. I tried to achieve that. As I am surfing with a lot of JS being blocked/disabled, I wanted my own site to be usable for myself.
◧◩
5. zerost+R3[view] [source] [discussion] 2018-05-18 11:16:18
>>def_tr+13
i did not mean that the site doesnt work without tracking, but according to the law i should have the option to access the site without being tracked.
replies(1): >>sdoeri+l5
◧◩◪
6. sdoeri+l5[view] [source] [discussion] 2018-05-18 11:34:30
>>zerost+R3
No. That is just plainly wrong. GDPR allows for tracking without opt in. It just needs to enable you to opt out of being tracked with for example a link to opt out in the privacy policy page. Something I still plan to make more visible (in the footer or something like that), but is already there [0].

These so called cookie layers are not necessary for tracking. They are not even necessary for first party on site advertising. For that you also do not need consent if you read the GDPR/DSGVO (German version).

In the DSGVO it is §6.1f [1] you would want to read about. There is even an elaborate explanation from the German legistlation [2] what "Berechtiges Interesse" ( legitimate interest) exactly means.

So to make this short: direct marketing as well as tracking is totally fine even without consent. Give an option to opt out, explain why you need the data, what you do with it and how long you store it as well as a point of contact (for people wishing for their data to be deleted) and you are fine.

As long as you do not do profiling or stuff like that. A personal blog/website is then totally fine with GDPR. Btw. you would need to add all of this to your privacy page even if you had no web tracking installed, as your webserver probably would have logging activated. Having an IP address in there make this data fall under the GDPR (at least in Germany). So you would need to explain all that stuff because of the log files non the less.

[0]: https://schriftrolle.de/datenschutz [1]: https://dsgvo-gesetz.de/art-6-dsgvo/ [2]: https://dsgvo-gesetz.de/erwaegungsgruende/nr-47/

[Edit:] Ordered the footnotes

replies(1): >>zerost+bc
◧◩◪◨
7. zerost+bc[view] [source] [discussion] 2018-05-18 12:47:43
>>sdoeri+l5
First of all i did not mean to make you change your blog site - I was just pointing out that the law applies to everything no matter how small.

Second, are you sure about this? My understanding is that if you use third-party tags such as analytics you need to get consent from users and not to use them if they don't consent.

One other thing that is not clear to me is if we need cookie prompts, and how can we implement cookie opt-ins/outs without being able to set cookies.

replies(2): >>spiral+Wc >>sdoeri+xB6
◧◩◪◨⬒
8. spiral+Wc[view] [source] [discussion] 2018-05-18 12:54:41
>>zerost+bc
IIRC, the cookie law applies only to third party cookies. So you can freely set a first party cookie to store their opt-in/out.
◧◩
9. leeree+eQ1[view] [source] [discussion] 2018-05-19 10:33:22
>>sdoeri+A3
> the privacy page will be updated to describe, what I am tracking and how long data is being stored. As needed to comply with GDPR/DSGVO.

I thought the GDPR required users to opt-in to tracking (if consent is used as the lawful basis for processing), and if they choose not to opt-in, you must disable the tracking while still providing the service. Are you sure just updating your privacy page is enough?

Then there are the requirements to allow users to download or delete their data.

◧◩◪◨⬒
10. sdoeri+xB6[view] [source] [discussion] 2018-05-22 13:08:29
>>zerost+bc
I am sure. At least in Germany the respective privacy protection agencies (federal system so multiple agencies have their say) already stated, the "pure" analytics and "pure" advertising is ok without opt-in, only an opt-out needs to be provided.

If you do linking of such stuff (like Google Analytics with DoubleClick) you need an opt-in. Only then the opt in cookie banner is really necessary.

Please excuse the late answer - was on holiday.

[go to top]