Make Decidim EU cookie laws compliant
**Is your feature request related to a problem?**
Decidim's current cookie banner is not compliant with the EU cookie laws. In several countries this could result into fines being made to the website owners.
Here is a little sum up of the things that we need to have in order to be compliant :
- By default, all optional cookies are disabled ( Matomo, Google, etc... )
- Cookies necessary for the platform must be mentioned and justified.
- Block all cookies from external services by default (analytics, embeds etc.)
Currently we do none of these by default on the Decidim install.
**Describe the solution you'd like**
Implement an existing solution that allows us to do all these things. We've started a development on our end (https://github.com/OpenSourcePolitics/decidim/tree/feature/GDPR_compliance_update) but stumbled upon thanks to one of our clients on which provide a simple and acessible solution to this problem : https://github.com/empreinte-digitale/orejime it allows to :
- Set a default configuration with default Decidim cookies
- Update the default configuration according to the needs of the instance (Save in base a script that will be injected in the views...).
- Block the automatic setting of cookies from a third party platform.
We've identify 2 complexity factors :
- One related to the multi-tenant mode of Decidim. Different cookies could be set for each organization
- One related to external services such as embed (youtube), drag and dropped images from imgur and external services which can inject cookies that we would be co-responsible of.
**Describe alternatives you've considered**
Something should be done to make Decidim compliant to the cookie law
**Does this issue could impact on users private data?**
Yes as user have to give their consent for each optional cookie.
Report a problem
Is this content inappropriate?