#43976 closed enhancement (worksforme)
Provide mechanism to opt-out of commenter cookies without needing to post a comment - GDPR
Reported by: | garrett-eclipse | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 5.1 |
Component: | Privacy | Keywords: | gdpr |
Focuses: | administration | Cc: |
Description
Hello,
Currently, with the GDPR updates for the comments form there's been the addition of the opt-in for cookies.
And I noticed in this thread (https://core.trac.wordpress.org/ticket/43436#comment:11) that you can opt-out by unchecking that box but it requires you post a comment.
It would be nice to provide a mechnism even a link beside that checkbox text which allows a user to opt-out of the commenter cookies without needing them to post a comment.
Maybe just a (opt-out) link beside it which clears the cookies.
It might also be a good idea in the removal request confirmation email to provide a link so users can purge their commenter cookie after their data was removed.
Thanks
Change History (4)
#2
@
7 years ago
- Milestone Awaiting Review deleted
- Resolution set to worksforme
- Status changed from new to closed
#3
@
7 years ago
Hi @azaozz
Sorry for the confusion, you're right to have cookies added for WP Comments you first must consent to them through the checkbox. But part of GDPR is the ability to withdraw consent at any time and with the comment cookies to do that the user either needs to do so from their browser (most users don't know how) or if you submit another comment with the box unchecked that'll also purge the cookies.
So to my understanding of GDPR in terms of consent and the ability to withdraw especially with cookies is that the website first needs to block the cookies till they receive consent, then that consent needs to be logged, and a mechanism to remove that consent and those cookies needs to be provided to the user.
I may be wrong, but everything I've been reading about cookies+consent indicates you now how to log that consent but also allow for it's removal. And to my interpretation removing consent would constitute the removal of those cookies. That's just from my understanding, and below is some info about needing to provide the opt-out mechanism.
Possibility to withdraw the consent at any time
The user must have the power to withdraw his or her consent.
It is therefore important to make sure that users have access to their current consent state at all times and can change the settings or withdraw their consent entirely.
Reference - https://www.cookiebot.com/en/gdpr-cookies/
Sites will need to provide an opt-out option. Even after getting valid consent, sites must give people the option to change their mind. If you ask for consent through opt-in boxes in a settings menu, users must always be able to return to that menu to adjust their preferences.
Reference - https://www.itgovernance.eu/blog/en/how-the-gdpr-affects-cookie-policies
Let me know what you think I might be off the deep end here
No, it's the opposite. You have to opt-in by checking the checkbox. If you don't opt-in the checkbox is not checked regardless of whether you post a comment or not :)
If the users have per-existing cookies that they don't want, it would be best to clear them in the browser. All browsers have that functionality and it works a lot better and does a lot more than any website can offer.