Propose new functionalities for Decidim software
#DecidimRoadmap Designing Decidim together
Make Decidim EU cookie laws compliant
**Is your feature request related to a problem?**
Decidim's current cookie banner is not compliant with the EU cookie laws. In several countries this could result into fines being made to the website owners.
Here is a little sum up of the things that we need to have in order to be compliant :
- By default, all optional cookies are disabled ( Matomo, Google, etc... )
- Cookies necessary for the platform must be mentioned and justified.
- The user must be able to revoke the acceptance of cookies at any time, in the footer or privacy policy or elsewhere, as desired.
- Block all cookies from external services by default (analytics, embeds etc.)
Currently we do none of these by default on the Decidim install.
**Describe the solution you'd like**
Implement an existing solution that allows us to do all these things. We've started a development on our end (https://github.com/OpenSourcePolitics/decidim/tree/feature/GDPR_compliance_update) but stumbled upon thanks to one of our clients on which provide a simple and acessible solution to this problem : https://github.com/empreinte-digitale/orejime it allows to :
- Set a default configuration with default Decidim cookies
- Update the default configuration according to the needs of the instance (Save in base a script that will be injected in the views...).
- Block the automatic setting of cookies from a third party platform.
We've identify 2 complexity factors :
- One related to the multi-tenant mode of Decidim. Different cookies could be set for each organization
- One related to external services such as embed (youtube), drag and dropped images from imgur and external services which can inject cookies that we would be co-responsible of.
**Describe alternatives you've considered**
Something should be done to make Decidim compliant to the cookie law
**Additional context**
None
**Does this issue could impact on users private data?**
Yes as user have to give their consent for each optional cookie.
List of Endorsements
Report inappropriate content
Is this content inappropriate?
Comment details
You are seeing a single comment
View all comments
Conversation with Antti Hukkanen
Browsers are also already implementing or planning to implement better measures to classify and enable/disable the cookies for sites based on their classifications:
https://support.mozilla.org/fi/kb/disable-third-party-cookies
https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/
https://support.apple.com/en-gb/guide/safari/sfri11471/mac
https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html
https://www.blog.google/products/chrome/building-a-more-private-web/
https://www.eff.org/deeplinks/2019/08/dont-play-googles-privacy-sandbox-1
Of course, we need a solution that complies with the laws in all EU countries with current, legacy and upcoming browsers. It just seems (and I personally really hope) in the future we might be able to get rid of these cookie consents and popups once and for all when these features are implemented in all browsers in a standard way and once sites start utilizing those features.
Thanks Antti for bringing this perspective. They are annoying.
Loading comments ...