Cookie Solution and integration

Hello,
I have found a solution for privacy & cookie policy. Unfortunately the solution for the cookie banner is placed in the HEAD of the HTML. Also there has to be the possibility of a placed cookie for visitors that come back to the blog.

This is the documentation from the service called Iubenda and how this is implemented:
Banner and Prior Consent – Setup and Customization

So, I need feedback from support

But also other solutions are welcome. The mentioned service is not for free, so other solutions that have to be paid are also welcome.

Thanks for your help,
Markus

Another thought on this topic:

As much as I understand the GDPR, there is need for a cookie banner. Couldn’t it be solved by the service itself instead of an external solution?

At least an option to show a banner with some information and a link to the opt-out.

In the best of all worlds there has to be the possibility to change the language of the cookie banner for each blog in my account (whatever works: I am able to translate it by myself).

Hey, sorry for the delay. To integrate this, could you try this in the Custom Javascript box?

// src: https://cdn.iubenda.com/cs/iubenda_cs.js

var _iub = _iub || [];
_iub.csConfiguration = {
    "lang": "en",
    "siteId": XXXXXX, //use your siteId
    "cookiePolicyId": YYYYYY, //use your cookiePolicyId
    "banner": {
        "position": "top"
    }
};

That will include their script and the configuration, but unfortunately it won’t put it into the <head>. I’m not sure if it’ll still work.

As for including it in the service itself, we could definitely discuss that. To be sure, this cookie banner is for the stats we track, right?

Hey Daniel,

thank your very much for your reply. It is really not a problem, if it takes a while to get a respond.

Your question regarding the usage of the banner:
Yes. For now, this is only for the cookies set by Matomo.

There are some issues.

Let me mention clearly that I am not connected to Iubenda in any way. They offer different languages for the policies. And they have solved some pieces good and combine privacy policy and a cookie solution. But it is not guaranteed that they have solved everything or that this solution works for your service when it comes to details of the affected laws or used technologies. So this is step-by-step evaluating their solution and I stay flexible if there are other services mentioned…

Other services that could be a solution in combination:

Code snippet

This is the slightly modified code snippet:

// src: https://cdn.iubenda.com/cs/iubenda_cs.js

var _iub = _iub || [];
_iub.csConfiguration = {
    "lang": "en",
    "cookiePolicyInOtherWindow": true,
    "consentOnContinuedBrowsing": false,
    "cookiePolicyUrl": "https://xy.semanticdesign.blog/opt-out",
    "siteId": XXXXXX, //use your siteId
    "cookiePolicyId": YYYYYY, //use your cookiePolicyId
    "banner": {
        "position": "bottom",
        "textColor": "#dadada",
        "backgroundColor": "#5A5A5A",
    }
};

Opt-out

They offer different solutions.

Cookie Banner: Using frame: Blog: Pinned page

When I link an opt-out-page that is existing in my blog as pinned page it is blocking. So it is not includable into the frame of the banner. This option would be nice, but not necessary.

xy.semanticdesign.blog refused to connect.

Cookie Banner: Using frame: write.as privacy policy

This one works. But it is misleading. For a visitor this policy is not connected to the blog with the domain semanticdesign.blog, also the visitor would not be aware of the domain change inside the frame.

Opt-out linking to internal modified policy of write.as

Works. This means a pinned page is referenced for the opt-out. It is possible to include your checkbox for opt-out. I would prefer this solution. The content could be a reduced & slightly modified version of your information regarding the usage of cookies. But this is maybe another following thread or mail correspondence.

Opt-out linking to external write.as privacy policy

Works. But …

Write.as: Privacy policy

Possible issues with the existing write.as opt-out

There are different issues with this solution.

Missing multilingual support

This one is only existing in English, but it is necessary to offer also an opt-out for other languages that are used for a blog. In my case this is English & German (I am using a subdomain for the German variant.)

Separating cookie policy & opt-out from privacy policy

The cookie opt-out has to be separated from the privacy policy. But please verify this by yourself with other external resources. Even if this is not the case it could be a better solution for users.

PrivacyPolicies.com: Separate Cookies Policy from Privacy Policy

Iubenda gives an overview regarding this topic. Keep in mind that Iubenda is only a service. The information may be correct or not.

Iubenda.com: Cookies and the GDPR: What’s Really Required?

Keep also in mind that the ePrivacy Directive is (for now) the directive for cookie usage and not the GDPR:

EUR-Lex – Access to European Union law: ePrivacy Directive 2002/58/EC of the European Parliament

Markus

Demo

Demo: Cookie banner: xy.semanticdesign.blog

It is still work in progress, but there are some modifications now. So, this demo is still a draft.

The cookie banner itself is unchanged, but:

  • Links for privacy & cookie policies are placed in the footer.
  • Opt-Out has some information included.

This information could help you if you are searching for a solution for integrated policies and a cookie banner. This is integrated with the service from Iubenda, but some aspects could be helpful using equal solutions.

Privacy & cookie policies

Both policies are separated links and open an overlay window. The information regarding Matomo & Do Not Track is integrated in each policy. As the Do Not Track (DNT) functionality affects only the setting of cookies for the Matomo tool they are grouped together under the topic “Analytics” in each policy for now.

Why separated policies?

How to add services in Iubenda and declare a purpose for them:

Integrating policies in the footer

This is the applied method:

Code Snippet:

This is the slightly shortened & modified code snippet:

// footer
var topP = document.createElement("p");
//topP.style.textAlign = "center";
topP.innerHTML = '<hr><div class="custom-nav"><a href="https://www.iubenda.com/privacy-policy/YYYYYY" class="iubenda-nostyle no-brand iubenda-embed" title="Privacy Policy ">Privacy Policy</a>  |  <a href="https://www.iubenda.com/privacy-policy/YYYYYY/cookie-policy" class="iubenda-nostyle no-brand iubenda-embed" title="Cookie Policy ">Cookie Policy</a></div>';
var cont = document.getElementById("wrapper");
if (cont !== null) {
    // Add to blog index and tag pages
    cont.appendChild(topP);
} else {
    // Add to individual blog post page
    cont = document.getElementById("post-body");
    cont.insertAdjacentHTML("afterend", topP.outerHTML);
}

Matomo

Iubenda offers a standard text for Matomo. This one is included. But the opt-out for Matomo has to be described additionally with a link to the opt-out page. It is possible to integrate a custom service in Iubenda.

This is the additional text field for opt-out of tracking by Matomo:

Matomo Web Analytics: How to: Opt-out

The User may opt-out of the tracking done via Matomo Analytics by following the link below and then clicking the opt-out option on the presented page. Please note that the opt-out works by applying a cookie to the User’s browser which in turn signals to Matomo not to register the particular User. This means that the User needs to opt out again, when visiting this site in another browser or another device.

Opt out of Matomo Analytics on this page

Matomo integration:

Do Not Track

Do Not Track is added as additional service into the policies.

This is the additional text field for Do Not Track:

Matomo uses cookies, or small text files saved on your computer, but it also respects your browser’s Do Not Track (DNT) setting.

If you don’t use DNT Opt out of Matomo Analytics on this page

The issue with the added DNT service into the policy is that this one differs from the integrated standard clause regarding DNT.

This one can be found under “Additional information about Data collection and processing” → ‘How “Do Not Track” requests are handled’.

The standard information regarding DNT in every Iubenda policy:

How “Do Not Track” requests are handled

This Website does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

As it seems this standard clause can be replaced by request. I will update this information at a later point.

Data transfer outside the EU

There is another information embedded in the privacy policy. This one is the standard clause for GDPR compliance.

Here is the simplified version that you see first:

Data transfer outside the EU

Data transfer from the EU and/or Switzerland to the U.S based on Privacy Shield

Personal Data: various types of Data

The privacy policy offers more details in the section “Detailed information on the processing of Personal Data”.

At this point there is input needed by the team of write.as. Is it possible to give a statement regarding this? As it seems this is mandatory – at least for me from an European country.

The section “Legal bases for transfer” provides the most relevant sets of legal bases:

There is an older article that gives some background information to the connection between Privacy Shield and the GDPR. Next to this Safe Harbour is mentioned as the predecessor of Privacy Shield. It is worth reading this one as this article offers a differentiated view:

Opt-out

This page is still a draft also. There is still redundant information and some pieces to reflect.

My thought would be to give enough information at hand but focused enough for a short overview.

And yes, I think it is necessary to use a separate opt-out page integrated in my own blog. This one has to be translated for German readers also. It would feel not consistent to guide German readers to an opt-out page with English content. So I need some feedback what is missing or is eventually misleading.

1 Like