WordPress.org

Make WordPress Core

Changes between Version 2 and Version 3 of Ticket #44043, comment 18


Ignore:
Timestamp:
05/20/2018 09:55:44 AM (18 months ago)
Author:
gisle
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #44043, comment 18

    v2 v3  
    1212Because cookies are stored on the ''user's'' hard disk, under the full control of the user, withdrawing consent as required by the GDPR can and should be done by the user himself, simply by deleting the cookie.  Cookies can be deleted one by one, or in bulk, giving the user the granular control over cookie consent that is required by the GDPR.
    1313
    14 What you are proposing is to deviate from what has been legal, and considered best practices, for the last 16 years. You say that the new practice you want to introduce is an "enhancement", not a "bug".  I am not going to get into a type tagging war, but in my eyes, ''CookieBot'' just adds another unneeded third party service that could potentially track my users in the computer systems where I am the controller.  Since it does not do anything ''better'' than current best practices, I simply see no need for it, and I suspect that installing ''CookieBot'' would break the GDPR compliance with my site unless I am able to negotiate a Data Processor Agreement (me as controller, ''CookieBot'' as processor) that provides me with the controls and assurances I am, by law, required to have as a controller.  As I see no utility for myself or my users for this service, negotiating such a DPA would of course be a waste of time.
     14What you are proposing is to deviate from what has been legal, and considered best practices, for the last 16 years. You say that the new practice you want to introduce is an "enhancement", not a "bug".  I am not going to get into a type tagging war, but in my eyes, ''CookieBot'' just adds another unneeded third party service that could potentially track my users in the computer systems where I am the controller.  Since it does not do anything ''better'' than current best practices, I simply see no need for it, and I suspect that installing ''CookieBot'' would break the GDPR compliance of my site unless I am able to negotiate a Data Processor Agreement (me as controller, ''CookieBot'' as processor) that provides me with the controls and assurances I am, by law, required to have as a controller.  As I see no utility for myself or my users for this service, negotiating such a DPA would of course be a waste of time.