Vés al contingut principal

Configuració de les galetes

Fem servir galetes per assegurar les funcionalitats bàsiques del lloc web i per a millorar la teva experiència en línia. Pots configurar i acceptar l'ús de galetes, i modificar les teves opcions de consentiment en qualsevol moment.

Essencials

Preferències

Analítiques i estadístiques

Màrqueting

Aquesta proposta ha sigut implementada

  • Reviewed by @product and accepted in the main project
  • Funded by Barcelona City Council
  • Developed by Mainio Tech
  • Available in release 0.27 via #9271

Make Decidim EU cookie laws compliant

Avatar: Virgile Deville
Virgile Deville
Finalitzada

**Is your feature request related to a problem?**

Decidim's current cookie banner is not compliant with the EU cookie laws. In several countries this could result into fines being made to the website owners.

Here is a little sum up of the things that we need to have in order to be compliant :

  • By default, all optional cookies are disabled ( Matomo, Google, etc... )
  • Cookies necessary for the platform must be mentioned and justified.
  • The user must be able to revoke the acceptance of cookies at any time, in the footer or privacy policy or elsewhere, as desired.
  • Block all cookies from external services by default (analytics, embeds etc.)

Currently we do none of these by default on the Decidim install.

**Describe the solution you'd like**

Implement an existing solution that allows us to do all these things. We've started a development on our end (https://github.com/OpenSourcePolitics/decidim/tree/feature/GDPR_compliance_update) but stumbled upon thanks to one of our clients on which provide a simple and acessible solution to this problem : https://github.com/empreinte-digitale/orejime it allows to :

  • Set a default configuration with default Decidim cookies
  • Update the default configuration according to the needs of the instance (Save in base a script that will be injected in the views...).
  • Block the automatic setting of cookies from a third party platform.

We've identify 2 complexity factors :

  • One related to the multi-tenant mode of Decidim. Different cookies could be set for each organization
  • One related to external services such as embed (youtube), drag and dropped images from imgur and external services which can inject cookies that we would be co-responsible of.


**Describe alternatives you've considered**

Something should be done to make Decidim compliant to the cookie law

**Additional context**

None

**Does this issue could impact on users private data?**

Yes as user have to give their consent for each optional cookie.

Comentari

Confirmar

Si us plau, inicia la sessió

La contrasenya és massa curta.

Compartir