Theres #1662 in stale state
I think europeans could use this template or even people for other countries want to target this market.
My case is that I want to target european users but my current website is using google analytics (included in the theme) and other things that uses cookies
Implement this is a pain (Europeans and theirs laws)
A workaround is not using Google analytics at all, looks like a bad idea :sweat_smile:
are there other current workarounds to have a compliant site without the enhancements implemented yet?
If you don't use google analytics, you may be no need cookies
This issue has been automatically marked as stale because it has not had recent activity.
If this is a bug and you can still reproduce this error on the master branch, please reply with any additional information you have about it in order to keep the issue open.
If this is a feature request, please consider whether it can be accomplished in another way. If it cannot, please elaborate on why it is core to this project and why you feel more than 80% of users would find this beneficial.
This issue will automatically be closed in 7 days if no further activity occurs. Thank you for all your contributions.
What is the risk of not being compliant, as a small site owner?
@maxime-michel the gdpr is backed up by laws, so if you infringe those laws, a tribunal may fines and/or shutdown your web site, depending on where is hosted, and which agreements there are between your country and Europe.
As soon as I'll have time, I'll investigate further on this as we're impacted as well with remmina.org
Don't get me wrong, I'm happy to join the effort if there's a subtask that I could help with. But it's hard to make it a priority for me as well, when I still routinely see national-level companies that send email without any sort of opt-out.
For everybody.
To better explain my previous message...
As soon as you, directly with scripts or through logs, or indirectly with third parties scripts (like GA), track the user of your web site, you need a privacy policy stating what, why and how to opt-out and/or opt-in, including how to get their data back and so forth.
If you use scripts/functionalities that may be used by external entities to track your users, you should state it clearly, and theoretically provide a functionality that enable/disable it.
This could become quite complex, as Google, for instance, may track(s) your users even with fonts, if they are hosted on their premises.
I think it's quite easy to get nuts...
First of all you all have to consider what's your audience and use of your website, if you directly track your users, for example with GA, you have to take some actions, there's no way you can avoid it.
A privacy policy page that details everything and than based on the user residence, opt-in/opt-out functions. It's strongly advised, in these cases, to seek legal help.
If you do not track your user, you should not worry that much, except for that cookies that are used by third parties. You can just disable GA, for example and use old school log analysis like awstats.
Now, Minimal Mistakes, doesn't track their users (us) and as soon as you install and configure it, it becomes your responsibility how you use the theme.
It could be nice if Minimal Mistakes would includes:
Honestly, for the latter we could do ourself, as it's just a page at the end and the privacy policy content should be tailored to your needs and cannot, therefore, be a general template. Minimal Mistakes makes quite easy to customise the footer, so you can add a privacy policy page link in the footer.
Regarding the cookie consent feature, it's quite important and the bare minimum needed to respect (partly) the GDPR. So this, at least should be the only things we should ask to @mmistakes
Everything else would be just nice to have, but again, @mmistakes cannot know your specific use case and build a wonder machine that write and activates/deactivates things on your behalf miraculously understanding the context on which the theme has been used.
My 2(000000000) cents
As soon as I'll come up with a solution on our site I'll post back
@mmistakes cannot know your specific use case and build a wonder machine that write and activates/deactivates things on your behalf miraculously understanding the context on which the theme has been used.
:+1:
I believe the theme provides the mechanisms to make your site GDPR compliant. There are enough cookie consent generators out there that will guide you through the process and give you some JS/CSS you can embed to your page. I'm really not interested in taking a stab at my own as it will never meet the needs of everyone.
Best advice I can offer is:
_includes/footer/custom.html (create if you're using remote_theme or Ruby gem to override the default).layout: single, here's a sample .md file the demo site uses.That's helpful, thanks. Another suggestion could be to use the youtube-nocookie.com domain as well as the ?dnt=true flag for Vimeo embeds in the video include.
@maxime-michel I'd be on board if someone wanted to submit a PR to do both of these.
I'll take care of it.
Most helpful comment
:+1:
I believe the theme provides the mechanisms to make your site GDPR compliant. There are enough cookie consent generators out there that will guide you through the process and give you some JS/CSS you can embed to your page. I'm really not interested in taking a stab at my own as it will never meet the needs of everyone.
Best advice I can offer is:
_includes/footer/custom.html(create if you're using remote_theme or Ruby gem to override the default).layout: single, here's a sample.mdfile the demo site uses.