Duplicate Change the Cookies Notice, to be dismissed without redirecting to login page, since most of the browsers now have script blockers

deslocotoco · Sep 29, 2021

Hello guys,

As we all know, the GDPR is going worldwide (LGPD in my country, for example, is a copy-paste law from the GDPR) and the Cookies Notice is giving me some headcache, not that my law in my country in specific comply any website to show the cookies notice (just a clear and plane, objective text about Privacy Policies).

As we know, the vast majority of browsers have script blockers by default, and, every time a guest enter in my website, they see the Cookies Notice, and after clicking accept or 'More Information', they automatically are redirected to the login page.

I already asked about this thing in the support nodes in XF, but, as far i remember, we need our users to disable the blockers to properly use the site and guys, WE KNOW that the guest will close our window if they redirect to a login/sign-up page.

Well, obviously this is not a good implementation, a simple html banner should do the trick. The Cookie Notice doesn't have to be a so complicated thing.

And now, as far i know from international laws, the Cookies Settings and Customization are a reality now, basically any WordPress page have a plugin to do this "I Accept" - "I Don't Accept" - "I Want To Customize Cookies Settings".

Whatever. Just bringing a issue to the community to see whats happen.

Kirby · Sep 29, 2021

XenForo cookie notice is not compliant with GDPR anyway (according to german authorities and our data protection officer at least) as it is just a notice and not a confirmation.

Users could just ignore it and continue browsing the site which would set cookies (for Google Analytics, Facebook, YouTube, etc.) without consent.

Furthermore, cookies that are not strictly necessary but used for tracking (like xf_from_search) might already have been set even before the notice is displayed.

If you need smth. compliant you need a full-blown consent management solution like CookieBot, Usercentrics, Consentmanager.net, etc. which is still somewhat hard to properly integrate with XenForo.

There are quite a few threads/suggestions already:

Allow control over cookies via code events

1) If you have specific use cases in mind, we may be able to introduce specific code events in places that are unlikely to be affected by issues mentioned. [...] So for now we're not aiming to fix this but if you have any further feedback such as specific code events that might be useful then...

xenforo.com

Lack of interest - Provide a full list of cookies and other data stored on clients

Right now, there doesn''t seem to be a full, official list ot all used cookies and other data stored on clients: https://xenforo.com/community/threads/cookie-purposes.186563/ This can be problematic if such information has to be provided to end users and/or consent management solutions. I...

xenforo.com

Implemented - Update Cookie Banner compliant to GDPR

Hi there I want propose the implementation of the Cookie Banner to be compliant to the GDPR law we have in Europe. Right now the banner have only the possibility to click on "Accept" and this is not accordant with the law we have here about the privacy policy. To be legal here, that banner must...

xenforo.com

Lack of interest - Opt-In Cookies, Tracking, Receive saved Data - GDPR, DSGVO - European Law.

1. I want to alarm the community, because i got a mail where one guy wanted to receive all his saved data, because now it is his right. And he tried that for simple reason to see if he can sue me, because he literally said in the 2nd mail that he gives me another 48 the response or he will sue...

xenforo.com

Not planned - XenForo might not be compliant with EU law

https://curia.europa.eu/jcms/upload/docs/application/pdf/2019-10/cp190125en.pdf XenForo does set non-essential cookies (like xf_from_search, xf_style_id, xf_language_id, xf_tfa_trust, xf_user, xf_notice_dismissed) without getting active consent from the user. It would therefore be nice if XF...

xenforo.com

deslocotoco · Sep 29, 2021

Kirby said:
XenForo cookie notice is not compliant with GDPR anyway (according to german authorities and our data protection officer at least) as it is just a notice and not a confirmation.

Users could just ignore it and continue browsing the site which would set cookies (for Google Analytics, Facebook, YouTube, etc.) without consent.

Furthermore, cookies that are not strictly necessary but used for tracking (like xf_from_search) might already have been set even before the notice is displayed.

If you need smth. compliant you need a full-blown consent management solution like CookieBot, Usercentrics, Consentmanager.net, etc. which is still somewhat hard to properly integrate with XenForo.

There are quite a few threads/suggestions already:

Allow control over cookies via code events

1) If you have specific use cases in mind, we may be able to introduce specific code events in places that are unlikely to be affected by issues mentioned. [...] So for now we're not aiming to fix this but if you have any further feedback such as specific code events that might be useful then...

xenforo.com

Lack of interest - Provide a full list of cookies and other data stored on clients

Right now, there doesn''t seem to be a full, official list ot all used cookies and other data stored on clients: https://xenforo.com/community/threads/cookie-purposes.186563/ This can be problematic if such information has to be provided to end users and/or consent management solutions. I...

xenforo.com

Implemented - Update Cookie Banner compliant to GDPR

Hi there I want propose the implementation of the Cookie Banner to be compliant to the GDPR law we have in Europe. Right now the banner have only the possibility to click on "Accept" and this is not accordant with the law we have here about the privacy policy. To be legal here, that banner must...

xenforo.com

Lack of interest - Opt-In Cookies, Tracking, Receive saved Data - GDPR, DSGVO - European Law.

1. I want to alarm the community, because i got a mail where one guy wanted to receive all his saved data, because now it is his right. And he tried that for simple reason to see if he can sue me, because he literally said in the 2nd mail that he gives me another 48 the response or he will sue...

xenforo.com

Not planned - XenForo might not be compliant with EU law

https://curia.europa.eu/jcms/upload/docs/application/pdf/2019-10/cp190125en.pdf XenForo does set non-essential cookies (like xf_from_search, xf_style_id, xf_language_id, xf_tfa_trust, xf_user, xf_notice_dismissed) without getting active consent from the user. It would therefore be nice if XF...

xenforo.com

Well dear Kirby, you did a much better job than me bringing this subject to the attention. As a lawyer I'm the administrator and DPO of my site at the same time.

In my country, the rules for cookies are more flexible, but in terms of user consent is equally to Germany or EU in general terms.

Thanks for your contribution.

I think XenForo should pay more attention to this matter since the scale of the repercussion is worldwide and apply to all of the costumers from XF.

Duplicate Change the Cookies Notice, to be dismissed without redirecting to login page, since most of the browsers now have script blockers

deslocotoco

Well-known member

Kirby

Well-known member

Allow control over cookies via code events

Lack of interest - Provide a full list of cookies and other data stored on clients

Implemented - Update Cookie Banner compliant to GDPR

Lack of interest - Opt-In Cookies, Tracking, Receive saved Data - GDPR, DSGVO - European Law.

Not planned - XenForo might not be compliant with EU law

deslocotoco

Well-known member

Allow control over cookies via code events

Lack of interest - Provide a full list of cookies and other data stored on clients

Implemented - Update Cookie Banner compliant to GDPR

Lack of interest - Opt-In Cookies, Tracking, Receive saved Data - GDPR, DSGVO - European Law.

Not planned - XenForo might not be compliant with EU law

We value your privacy