This site uses cookies. By continuing to browse the site, you agree to our use of cookies. Find out more about cookies.
Skip to main content
Metadecidim's official logo
  • English Triar la llengua Elegir el idioma Choose language
    • Català
    • Castellano
Sign Up Sign In
  • Home
  • Processes
  • Assemblies
  • Initiatives
  • Consultations
  • Conferences
  • Help

Propose new functionalities for Decidim software

#DecidimRoadmap Designing Decidim together

Phase 1 of 1
Open 2019-01-01 - 2030-12-31
Process phases Submit a proposal
  • The process
  • Debates
  • Propose new features
  • News
chevron-left Back to list

Make Decidim EU cookie laws compliant

Avatar: Virgile Deville Virgile Deville
31/03/2020 18:42  

**Is your feature request related to a problem?**

Decidim's current cookie banner is not compliant with the EU cookie laws. In several countries this could result into fines being made to the website owners.

Here is a little sum up of the things that we need to have in order to be compliant :

  • By default, all optional cookies are disabled ( Matomo, Google, etc... )
  • Cookies necessary for the platform must be mentioned and justified.
  • The user must be able to revoke the acceptance of cookies at any time, in the footer or privacy policy or elsewhere, as desired.
  • Block all cookies from external services by default (analytics, embeds etc.)

Currently we do none of these by default on the Decidim install.

**Describe the solution you'd like**

Implement an existing solution that allows us to do all these things. We've started a development on our end (https://github.com/OpenSourcePolitics/decidim/tree/feature/GDPR_compliance_update) but stumbled upon thanks to one of our clients on which provide a simple and acessible solution to this problem : https://github.com/empreinte-digitale/orejime it allows to :

  • Set a default configuration with default Decidim cookies
  • Update the default configuration according to the needs of the instance (Save in base a script that will be injected in the views...).
  • Block the automatic setting of cookies from a third party platform.

We've identify 2 complexity factors :

  • One related to the multi-tenant mode of Decidim. Different cookies could be set for each organization
  • One related to external services such as embed (youtube), drag and dropped images from imgur and external services which can inject cookies that we would be co-responsible of.


**Describe alternatives you've considered**

Something should be done to make Decidim compliant to the cookie law

**Additional context**

None

**Does this issue could impact on users private data?**

Yes as user have to give their consent for each optional cookie.

  • Filter results for category: Installation and configuration Installation and configuration

List of Endorsements

Avatar: Valentin Chaput Valentin Chaput
Avatar: txema txema verified-badge
Avatar: Pauline Bessoles Pauline Bessoles verified-badge
Endorsements count3
Make Decidim EU cookie laws compliant Comments 11

Reference: MDC-PROP-2020-03-15215
Version number 3 (of 3) see other versions
Check fingerprint

Fingerprint

The piece of text below is a shortened, hashed representation of this content. It's useful to ensure the content hasn't been tampered with, as a single modification would result in a totally different value.

Value: 61a3477db8c9ac3db974e4e36bc24935569663947b34acf9eb9094464ef2b376

Source: {"body":{"en":"<p><strong>**Is your feature request related to a problem?**</strong></p><p>Decidim's current cookie banner is not compliant with the EU cookie laws. In several countries this could result into fines being made to the website owners.</p><p>Here is a little sum up of the things that we need to have in order to be compliant : </p><ul><li>By default, all optional cookies are disabled ( Matomo, Google, etc... )</li><li>Cookies necessary for the platform must be mentioned and justified.</li><li>The user must be able to revoke the acceptance of cookies at any time, in the footer or privacy policy or elsewhere, as desired.</li><li>Block all cookies from external services by default (analytics, embeds etc.)</li></ul><p>Currently we do none of these by default on the Decidim install.\r\n</p><p><strong>**Describe the solution you'd like**</strong></p><p>Implement an existing solution that allows us to do all these things. We've started a development on our end (https://github.com/OpenSourcePolitics/decidim/tree/feature/GDPR_compliance_update) but stumbled upon thanks to one of our clients on which provide a simple and acessible solution to this problem : https://github.com/empreinte-digitale/orejime it allows to :</p><ul><li>Set a default configuration with default Decidim cookies</li><li>Update the default configuration according to the needs of the instance (Save in base a script that will be injected in the views...).</li><li>Block the automatic setting of cookies from a third party platform.</li></ul><p>We've identify 2 complexity factors : </p><ul><li>One related to the multi-tenant mode of Decidim. Different cookies could be set for each organization</li><li>One related to external services such as embed (youtube), drag and dropped images from imgur and external services which can inject cookies that we would be co-responsible of.</li></ul><p><br></p><p><strong>**Describe alternatives you've considered**</strong></p><p>Something should be done to make Decidim compliant to the cookie law</p><p><strong>**Additional context**</strong></p><p>None</p><p><strong>**Does this issue could impact on users private data?**</strong></p><p>Yes as user have to give their consent for each optional cookie.</p>"},"title":{"en":"Make Decidim EU cookie laws compliant"}}

This fingerprint is calculated using a SHA256 hashing algorithm. In order to replicate it yourself, you can use an MD5 calculator online and copy-paste the source data.

Share:

link-intact Share link

Share link:

Please paste this code in your page:

<script src="https://meta.decidim.org/processes/roadmap/f/122/proposals/15215/embed.js"></script>
<noscript><iframe src="https://meta.decidim.org/processes/roadmap/f/122/proposals/15215/embed.html" frameborder="0" scrolling="vertical"></iframe></noscript>

Report inappropriate content

Is this content inappropriate?

Reason

Comment details

Order by:
  • Older
    • Best rated
    • Recent
    • Older
    • Most discussed
You are seeing a single comment

View all comments

Avatar: Virgile Deville Virgile Deville
07/04/2020 19:36
  • Get link Get link

Thanks Antti for bringing this perspective. They are annoying.

Loading comments ...

  • Terms and conditions of use
  • About the community
  • Download Open Data files
  • Metadecidim at Twitter Twitter
  • Metadecidim at Instagram Instagram
  • Metadecidim at YouTube YouTube
  • Metadecidim at GitHub GitHub
Creative Commons License Website made with free software.
Decidim Logo

Confirm

OK Cancel

Please sign in

decidim Sign in with Decidim
Or

Sign up

Forgot your password?