@mattab opened this Issue on July 13th 2015 Owner

In our effort to innovate and bring better Privacy to Piwik users worldwide, we would like to provide an easy to use mechanism for Piwik users to show a "Cookie opt-out" panel on their websites.

By default, when visitors view a website tracked by Piwik, tracking cookies are set on the visitor browser. It is possible for a Piwik admin to specifically disable all tracking cookies, but this would apply to all visitors. The goal of this feature is to let each visitor decide whether they want to opt-out from tracking cookies.

Suggested product changes

  • in Administration > JavaScript tracking code, a Piwik admin could check a box "Display a panel to let visitors opt-out from Tracking Cookies"
  • when the box is checked, the JavaScript tracking code would add a new call eg. _paq.push('enableCookieOptOut', 'This site uses cookies. Some of the cookies we use are essential for parts of the site to operate, and some cookies are used to measure how you use this website.', 'I accept cookies from this site', 'Continue');
    • parameters are: the main panel text, the checkbox label, and button label
    • the text would be translatable by Piwik translators (nice!)
    • if user wants to customise the text they can (when copy pasting)
  • when this function enableCookieOptOut is called, piwik.js would then display a Cookie opt-out panel in the website.
    • By default, I accept cookies from this site is checked (by default, Piwik uses cookie) [x]
    • A visitor can uncheck the box and click Continue and then Piwik.js will disableCookies
    • the panel could have slightly transparent background (it looks nice)

      Example

integration platform as a service

(seen on http://elastic.io)

What are your thoughts?

@braekling commented on August 14th 2015

It is a great idea to integrate this into Piwik itself. So the users don't have to care about such things.
The feature was requested for WP-Piwik several times already, so there is a demand to cover.

One additional suggestion: The generated panel should use a meaningful & unique css-class, so users can modify the look on their own.

@mattab commented on October 1st 2015 Owner

Moving to 2.15.1 after talking with @alex-gulentz - would be awesome to build this little feature in Piwik!

Btw: we will be able to offer an easy way to enable by default this feature across all website by adding the function call via CustomTrackerJs plugin.

@mattab commented on October 8th 2015 Owner

In the issue above, we specc'ed a version of the cookie consent where the user would be able to directly opt-out of cookies from within the cookie consent panel. But actually, we may not need to go this way, it is a bit more complicated so let's start maybe with the easiest solution.

Simple spec/MVP

The easiest solution would be to simply inform the user that cookies are used to provide essential functionnality to the website.

  • The message would contain a link placeholder so the user can replace the placeholder by the URL to their "privacy policy" page or their "opt-out" page. The result is that visitors to the website are informed that cookies are used and possibly (if Piwik admin specified it) they have an opportunity to click on the link to learn more, and opt-out.
  • The button would say Accept or OK.
  • There would be no checkbox I accept cookies.

Questions

  • how do we let user change background, text-color and style button, text + background?
  • how do we let user easily the position the panel? (ie. top, bottom, maybe even in a custom dom node?)
@mattab commented on October 8th 2015 Owner

Examples of cookie consent panels on existing websites below

Panel within the page

cookie4

Bottom

cooki3

cookie2

cookie1

cookie5

@Cruiser13 commented on October 21st 2015

I like the way the CMS Pimcore did implement this - with a lot of freedom for the admin in case of wording, styling and so on.

I'd also throw in that a checkbox with the ability to tell that cookies are not accepted is useless for many sites - most sites are dependent on cookies and we'd need a callback from Piwik to tell the site itself not to use cookies (e.g. implementations for Pimcore, MyBB and so on).
For 99% of sites administrated by myself I simply can't drop cookie support. No point in giving the user this option - he eighter accepts cookies or has to leave the site.

@tsteur commented on November 16th 2015 Owner

Can we maybe ideally not add such new features into LTS version (it'll be a patch release)?

@mattab commented on November 18th 2015 Owner

@tsteur ideally yes, but it would mean we need to wait 6 months or so before having this feature in a stable Piwik 3.0 release, which is an issue as it is an important feature for German users and market... The upside is that this feature is "safe" regarding LTS since we add a new feature in piwik.js (that is not enabled/ used by default) and this should not change any core API or affect existing code

@tsteur commented on November 18th 2015 Owner

OK, feature doesn't really look high value to me as it's often displayed very differently for each site to have it integrated nicely. Will all the translations etc be in piwik.js? Also I'm wondering when offering something like this, whether we need to check several laws in various countries etc (which would be impossible)? I think at least in Germany it's not a law yet, but might be soon. Not sure what it then needs to contain etc. When offering something like this to all users we should maybe mention we are not liable if anyone gets fined or a disciplinary warning for not having it done the proper way and that they need to check local law.

Also wondering if ad blockers are a problem? piwik.js is often blocked by ad blockers so it would maybe not be displayed?

@mattab commented on November 18th 2015 Owner

Will all the translations etc be in piwik.js?

No, all translations will be set in the Website tracking code, and translations will be stored in the server side. The Javascript Tracking code screen, will have a checkbox to enable the Cookie opt-out panel. User will copy the translations when copying the Js code into their page.

Also I'm wondering when offering something like this, whether we need to check several laws in various countries etc (which would be impossible)

No we don't need to: laws are different in each country, as each EU country for example receives the EU directive and can choose to implement it the way they want in local legislation. Just in europe there is wide diversity of implementations of privacy laws. Our goal at PIwik though is to lead the way in terms of privacy. That's why it's important for us to provide this feature and make it super easy for webmasters to inform their users.

Not sure what it then needs to contain etc.

It's mostly about us deciding what such panel should contain :-) I think it's important to find a message that is very easy to understand and very clear, as it will be ready by all kinds of people including some non technical at all. The text should really be the easiest to understand as possible :+1:

When offering something like this to all users we should maybe mention we are not liable if anyone gets fined or a disciplinary warning for not having it done the proper way and that they need to check local law.

it's already clear that we are not liable, but I agree we should add a notice somewhere. it may be enough to mention this in a FAQ or User guide VS in product itself?

Also wondering if ad blockers are a problem? piwik.js is often blocked by ad blockers so it would maybe not be displayed?

It is fine and acceptable that this feature does not work, when ad blocker is enabled.

Powered by GitHub Issue Mirror