Jump to content

Cre8asiteforums

Discussing Web Design & Marketing Since 1998
Closing May 25. Investment Opportunity.

optisite

May 25 - EU User Consent Policy coincidence?

Recommended Posts

When I saw the forum is shutting down the 25th I heard a voice  - "is this related to Google's updated wording on EU consent"?

The new terms for adsense users, now mentions their EU User Consent Policy.
Where you have to get consent from those end users in the EU, maintain records of this, etc. etc etc.

I believe this applies to even info-based sites like mine.  But why isn't this being talking about? At least that I can find (on any forums).

Am debating on just, blocking access to all EU countries at the server level/cpanel.  More script on hundreds of pages doesn't add up.

Maybe posting here now is futile, don't know. Will see. But this forum has been a huge help out in the past....Thank You everyone.

And please consider keeping you doors open (if you recall some years back I supported the idea of  ppc here as an idea -- I still do!)



 

Share this post


Link to post
Share on other sites

Totally coincidence. :blink:  It's just before my birthday. 

Share this post


Link to post
Share on other sites

Well happy birthday in advance Kim!

The other issue would be -- will google be able to know these countries are blocked (cpanel) and not just look for the 'consent' script and suspend the account as a result?  Further yet, might it bear on serps?



 

  • Like 1

Share this post


Link to post
Share on other sites

We had a good talk about this in this thread:

https://www.cre8asiteforums.com/topic/94311-gdpr-display-remarketing/

My take was that I have no info on anyone. I have an IP and in itself it is useless to identify anyone. So someone hits my site from the airport WiFi in Heathrow or de Gaulle. There are thousands there. Which is whom. Google has all the info.

I'm also coming at this from an info site.

Share this post


Link to post
Share on other sites

Trying to apply a rule to block EU country codes (31 of them) -- it fails on my VPS plan.

Host is telling me that I need a dedicated plan to execute this (filter?) 

Problem is there is no way I can justify a dedicated plan for this.

Share this post


Link to post
Share on other sites

I say don't sweat it.

You have an info base site so I presume no logins. If you have logins then you must GDPR the site. Same for newsletters... and I presume you are in the EU.

So looks at the absurdity of this scenario. You get a visitor from the De Gaulle airport WiFi and the person replies YES to your query about GDPR. Great! What have you got and how to "remember". By IP can be your only answer unless you do "fingerprinting". So you save the "YES" by IP. An hour later another visitor from the De Gaulle airport WiFi and you have a YES so no need to ask.

Even with this what do you know about this person? IP, user agent, and OS = Nothing. Out of the thousands of visitors from De Gaulle who is who? So you save by IP, user agent, and OS but it is Chrome on Windows 10. Hundreds of those. Change the criteria for that of mobile users. Still hundreds of each.

Now think about one PITA user wanting to know what you have? Again who is who? ... and you can't send all activity from the De Gaulle IP, that would be against the GDPR because it would be "private" info about other people. Same for a company IP or Internet café IP... even a household if there are more than one person and how do you know this?

What is the EU going to do? Ban your site? That's what you want to do.

Share this post


Link to post
Share on other sites

From this thread https://www.cre8asiteforums.com/topic/94333-the-idiots-guide-to-gdpr/

all online businesses will be affected by GDPR [emphasis mine]

Good article from jeffalytics 8 minute video

 

From a link in that article; https://www.jeffalytics.com/gdpr-compliance/

Many of you have asked me: “Do you know if I need a cookie consent popup if I’m using Google Analytics?”

Well here’s the shortish answer:

You need to obtain tracking consent if your Google Analytics data is being shared with third parties (i.e., third-party cookies), and you’re tracking people inside the countries affected by GDPR.

However, if you use Google Analytics as your only tracking tool, and you don’t enable display features, then Google doesn’t require you to gain tracking consent.

And this one about IP https://www.jeffalytics.com/gdpr-ip-addresses-google-analytics/

which shows how to anonymize IP.

Share this post


Link to post
Share on other sites

This one too https://www.washingtonpost.com/amphtml/business/gdpr-or-why-privacy-will-be-stronger-in-eu-than-us-quicktake/2018/04/10/6690e9b0-3cca-11e8-955b-7d2e19b79966_story.html for putting it in terms my brain can handle.

I have a pile of small local sites I oversee and maintain and these people have no staff, not much money and basically their sites are web brochures. The exception is one has an events calendar - plugin, and one is a magazine publisher with a subscriber list and traffic/readers from around the world. Two are non-profits but the one has a summer camp. 

I'm trying to craft a privacy policy for these small time folks but am unsure how to word it. Most don't collect anything. I took care of the GA data retention settings for them.

And these forums.

Share this post


Link to post
Share on other sites

My take is that as long as you are anonymizing ip using the variable google provides via gtm you are fine.

Share this post


Link to post
Share on other sites

If they are that old, they are probably using the older analytics.js or older ga.js. So three ways to anonymise.

Another things I picked up from your links was third party stuff like SM buttons which are fetched from somewhere else and imbedded videos.

Share this post


Link to post
Share on other sites

no logins

am not in EU

https://www.google.com/about/company/consentstaging.html
 

Quote

...You must obtain end users’ legally valid consent to:
•the use of cookies or other local storage where legally required; and
•the collection, sharing, and use of personal data for personalization of ads or other services.

When seeking consent you must:
•retain records of consent given by end users; and
•provide end users with clear instructions for revocation of consent.

You must clearly identify each party that may collect, receive, or use end users’ personal data as a consequence of your use of a Google product. You must also provide end users with prominent and easily accessible information about that party’s use of end users’ personal data

How is legally required defined? By whom?  I do see where EU countries vary from one to the next on their requirements like the ability to change consent, etc.

About the collection of personal data, necessary to serve up their ads -- this is what Google does. They want me to gain consent on their behalf? I'm confused.

And I'm still trying to figure out what they mean by a third party. They says it is a site or app not under my control and whose is not already using a Google product that incorporates this policy -- the same time as they say I must ensure that they comply with these policies? WHAT? How can I possibly be responsible for a party not under my control?

bobbb - "However, if you use Google Analytics as your only tracking tool, and you don’t enable display features, then Google doesn’t require you to gain tracking consent."

I'm not sure what display features even are - can't get into my account until I bow to the new AdSense terms.

Edited by optisite

Share this post


Link to post
Share on other sites
1 hour ago, optisite said:

I'm not sure what display features even are - can't get into my account until I bow to the new AdSense terms.

Neither do I so I must not be using it.

I seem to remember an email about Adsense and it was all covered by them after you agree to the Adsense terms. GA is where you need to do something. retention and IP anonymize. (I gave a link above)

I'm fairly sure third party is something like those social media buttons people put on their site but are called from the third party site. ie FB button called from FB has a 1 pixel tracker (maybe not all the time). Solution: Load all the button from your site. Same for fonts etc etc.

Share this post


Link to post
Share on other sites
1 hour ago, bobbb said:

Neither do I so I must not be using it.

I seem to remember an email about Adsense and it was all covered by them after you agree to the Adsense terms. GA is where you need to do something. retention and IP anonymize. (I gave a link above)

I'm fairly sure third party is something like those social media buttons people put on their site but are called from the third party site. ie FB button called from FB has a 1 pixel tracker (maybe not all the time). Solution: Load all the button from your site. Same for fonts etc etc.

Is awstats or webalizer considered a tracking tool - that many or most sites use, packaged with hosting plans - or are they just stats programs? I don't "track" individual users that I know of.

I do use FB and twitter buttons.  Google + on a site. Do they need to come down by the Google directive?

bobbb - "Solution: Load all the button from your site. Same for fonts etc etc. "

Not sure how this could be done...back to the EU user consent policy:

"If personal data of end users of a third party property is shared with Google due to your use of, or integration with, a Google product, then you must use commercially reasonable efforts to ensure the operator of the third party property complies with the above duties. A third party property is a site, app or other property that is not under your, your affiliate's or your client's control and whose operator is not already using a Google product that incorporates this policy."

Sorry, this is all unclear to me. Are they saying the third part of, say, being a twitter or FB account - that I must be sure they comply with Googles EU user consent policy?

Edited by optisite

Share this post


Link to post
Share on other sites

glyn - (maybe along with data sharing settings/privacy controls -  however this is done)  to implement the snippet for gtm, anonymizing ip -- I simply replace the existing analytics code on all the pages with this google tag manager script alone?  Or  supplement the old?

from what I remember AdSense code requires analytics...

these would be "non-privacy" cookies then, it seems?

no concerns about adsense compliance with GDPR then?

________________________ added 5.18.18 _______________

Just saw this at https://www.google.com/about/company/consenthelpstaging.html -- "Help with the EU User Consent Policy"

"What if I don’t want to have end users’ personal data used for personalization of ads?

We will be launching new functionality that allows you to disable personalized ads. Please note that the non-personalized ads that we serve on websites still require cookies to operate"

Is Google referring to anonymizing ip's through gtm -- or is this possibly some unreleased option that isn't yet available, before May 25th? 

Edited by optisite

Share this post


Link to post
Share on other sites

If you use analytics.js the the change is: (Uppercase I is not a typo)

  ga('set', 'anonymizeIp', true);

just before:
 

  ga('send', 'pageview');
</script>

OK! about the FB buttons: I don't know exactly how they do it (because I have not wanted to) but I've seen a Facebook cookie in my browser and have no Facebook account. So it must have gotten there by something a site placed into their HTML code.
So ignore what I said about buttons and fonts. It is not accurate.

Share this post


Link to post
Share on other sites

Made a test.

I just went to https://www.jeffalytics.com/gdpr-ip-addresses-google-analytics/

And now I have cookies for youtube and facebook. So there is third party code which put these cookies in my browser. Now my thinking is Facebook only can read this cookie. Then I go to another site which does the same thing... and Facebook can read this cookie from the first site and stupid Mozilla does not let me see the content anymore.

<rant>Sometimes with all their smarts they can be very stoopid</rant>

For those interested:  https://www.ghacks.net/2018/02/26/mozilla-removes-individual-cookie-management-in-firefox-60/

3 solutions offered.

short solution: Load chrome://browser/content/preferences/cookies.xul  in the address bar to display the dialog

Then I saved to my bookmark toolbar

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

×