Implemented Update Cookie Banner compliant to GDPR

M

markoroots

Well-known member
Hi there I want propose the implementation of the Cookie Banner to be compliant to the GDPR law we have in Europe.

Right now the banner have only the possibility to click on "Accept" and this is not accordant with the law we have here about the privacy policy.
To be legal here, that banner must show all the cookies used and let the possibility to the users to accept or not the use of these.
Is it also possible to show as mandatory some "Necessary Cookies" to make turn good the site, but the users can decide to accept these, or go out of the site, the third party cookies instead can be accept or not, by just selecting the options "yes" or "no".

So would be really important for us to have the right options to let us set the banner to be law compliant.
This need:
  • a button that show all the cookies are used
  • the options/buttons to accept them or refuse
  • possibility to set use all and refuse all, or some of them
  • show what are the strictly necessary cookies to access the site
  • give them the possibility to accept only the "Necessary" that must be explained for what are used for and refuse the others (third part)

This is necessary for us that live in Europe because the default cookie banner with the GDPR directive is became in this moment furthermore out of law and this is a big risk for us.
 
Last edited:
Upvote 40
This suggestion has been implemented. Votes are no longer accepted.
Yes Kirby but that seems only a list of the CMP that have passed them tests, and are guaranted compliant. Think also that all the CMPs shown there are third part services.
This kind of banner put us (forms owners) in direction to follow the regulation about the use of the cookies on our sites to be compliant with the European Law, also because with the actual banner we have, we aren't. I don't know if it will work good or not, we are testing it, but seen that there aren't alternatives better this than the default one where you can only confirm or read what you have to accept, so also the tracking cookie of goole services that are third part cookies (that must be managed separetely).
 
markoroots said:
Think also that all the CMPs shown there are third part services.
Click to expand...
Not all of them are SaaS, here are a few that do offer On-Premise/Self-Hosted:
https://borlabs.io/borlabs-cookie/ (WordPress Plug-in, I don't think it can be used for anything else)
cookie-script.com

Cookie-Script: GDPR | CCPA | ePR cookie compliance solution

Cookie-Script is an easy-to-use solution to comply with all cookie regulations. Scan your website cookies and let visitors control their privacy.
cookie-script.com cookie-script.com
www.ccm19.de

Cookie Consent Manager | Cookie Consent Tool | Cookie Consent Management Software | mandantenfähig, multidomain

Cookie Consent Tool / Consent Management Software | CMP als DOWNLOAD oder als Service - für jede Anforderung geeignet. Mandantenfähig und multidomain - klicken und mehr erfahren ...
www.ccm19.de www.ccm19.de
 
emaw said:
Thanks @markoroots for raising this important issue again. It seems that there is no news from @ChrisD or xenforo

xf's open source competitors have implemented it nicely https://www.communiteq.com/discoursehosting/kb/your-discourse-forum-and-the-gdpr/ i would love to see this sort of arrangement in xf (if i understood it correctly)
Click to expand...
Indeed, it should be addressed properly and fully by XF. Invision claim full GDPR compliance nowadays as well, the only real competitor in the paid forum software market in my opinion, so it's not so hard to do. Not sure where the resistance comes from, especially as this is a British firm based in England where they're bound by the GDPR and they obviously have the skills for this.

At least some of us can get away with things as they are though. In a shameless plug for my forum, click on the link below and you'll see that the site carries no advertising and doesn't integrate with anything like WordPress or whatever, so the only cookies set are those by XF itself for normal functioning, which do comply with the GDPR. On top of that, I have very few add-ons and none of those play around with cookies either.

NerdZone Forums - discussions for the modern nerd

Discussions for the modern nerd
nerdzone.uk nerdzone.uk
 
FTL said:
Indeed, it should be addressed properly and fully by XF. Invision claim full GDPR compliance nowadays as well, the only real competitor in the paid forum software market in my opinion, so it's not so hard to do. Not sure where the resistance comes from, especially as this is a British firm based in England where they're bound by the GDPR and they obviously have the skills for this.

At least some of us can get away with things as they are though. In a shameless plug for my forum, click on the link below and you'll see that the site carries no advertising and doesn't integrate with anything like WordPress or whatever, so the only cookies set are those by XF itself for normal functioning, which do comply with the GDPR. On top of that, I have very few add-ons and none of those play around with cookies either.

NerdZone Forums - discussions for the modern nerd

Discussions for the modern nerd
nerdzone.uk nerdzone.uk
Click to expand...
I don't understand why xf are not taking it seriously
 
Andre Daub said:
Mee too, seems that i have to look for another forum software. :(
Click to expand...
Invision Community takes it seriously. It costs serious money, though.

I think you're likely to get away with an imperfect implementation though, especially if you're just a small forum and not taking money off people.
 
I stop using Xenforo, I see very little interest in this topic so I will put my license up for sale (if possible). I was hesitating whether or not to update to the higher version but in this sense I have not seen any help from the Xenforo team, and I am not going to risk a fine because the software does not comply in this aspect. Good luck to you all.
 
Pardal said:
I stop using Xenforo, I see very little interest in this topic so I will put my license up for sale (if possible). I was hesitating whether or not to update to the higher version but in this sense I have not seen any help from the Xenforo team, and I am not going to risk a fine because the software does not comply in this aspect. Good luck to you all.
Click to expand...
What software are you going to use instead?
 
FTL said:
What software are you going to use instead?
Click to expand...

I'm a bit tired of the forums lately, I'm going to give myself some time before starting over with something, Flarum seems interesting to me but as I say I need some time to recharge my batteries, I had become very obsessed with Xenforo but there are times when we have to give a step back and see everything with perspective. hug everyone
 
I noticed that Google Analytics, which is the offending cookie on my forum, has been declared "illegal" in one EU country, https://noyb.eu/en/austrian-dsb-eu-us-data-transfers-google-analytics-illegal That seems to be a sign that despite the slow pace, the EU is taking this issue seriously.

Please @Chris D, @XenForo, could we get an update on your progress on addressing this issue, or at least a definitive statement about it so that we know where we stand with xf? Your comments upthread were not encouraging, but did not seem to be 100% taking the matter seriously,

Many thanks,
 
If you object to the cookies that Google Analytics sets then you should no longer use Google Analytics. It's only enabled if you enable it.
 
Chris D said:
If you object to the cookies that Google Analytics sets then you should no longer use Google Analytics. It's only enabled if you enable it.
Click to expand...
Thanks Chris,
Of course that makes sense, but isnt the answer to the question i asked or that this thread is about.

The problem that we face is that there seems to be no way to configure xf to request permission to set cookies before the cookies are set - do you have any plan to deal with this problem?

It's disappointing and a bit weird that you are being so off hand about this, apologies if i'm missing something here?
 
This is impossible, how can we pay that amount of money for a software that is not compliant to European law?

Can we send the fines to you? @Chris D
Because this is not our fault.

I am going to stop using the software now too, the support is awful, have a good day.
For every buyer, make a ticket please, stop using the software and try to get a refund.

Best regards
 
Stormfox2 said:
the support is awful
Click to expand...
According to our records the only time you have ever used support is today, and I am currently in the process of replying to that ticket.

Stormfox2 said:
For every buyer, make a ticket please, stop using the software and try to get a refund.
Click to expand...
We maintain a reasonable refund policy. Unfortunately, spurious claims of "awful" support and three years since the date of purchase would not be considered reasonable in this case, as I will confirm in response to your ticket shortly.
 
I am not talking about the personal support, but about the support of the software with updates and stuff like this. Sorry for the miscommunication. As chris said I did never use the support before, because I never had the need to.

A lot of people were complaining already and it wouldn’t have changed anything.

The last 3 years I couldn’t use the software at all, because of the known issue. This is not about a small bug that could ruin the comfort of a few users but could get me fined.
 
Stormfox2 said:
This is not about a small bug that could ruin the comfort of a few users but could get me fined.
Click to expand...
Has there ever been a fine levied against a Xenforo site under GDPR?

Do you have a legal opinion from a lawyer? Not your own opinion of the law or someone else on here, but an actual written legal opinion from an actual lawyer familiar with EU law.

If not, not sure you really have a leg to stand on here. If you have or both of those, then I would agree that Xenforo needs to act and if you have one of those, you should supply them to the Xenforo staff. But if this is just you reading news stories about the impact of GDPR or your own interpretation of it, then I'm not sure there is any obligation on their part.
 
Yes, I have been at 2 different lawyers, each one in 2017 and 2021. They were giving me pretty much the same answer, that these things are needed and should be implemented.

And no there is no lawsuit that is considering it yet, but until there is no lawsuit that says, that this is NOT the case, it is not a discussion.
 

Similar threads

F
  • Question Question
XF 2.2 Is XenForo Cloud GDPR compliant out of the box?
Replies
0
Views
403
finallyfree
F
Saphira
  • Question Question
Cookies...
Replies
2
Views
439
Saphira
Saphira
⭐ Alex ⭐
Why exactly do we need a cookie notice for third party cookies?
Replies
1
Views
580
⭐ Alex ⭐
⭐ Alex ⭐
Cylon
  • Question Question
How to encourage the user to accept the cookie banner
Replies
1
Views
904
Paul B
Paul B
M
Not a bug Invalid consent - Registration form is not compliant with GDPR
Replies
2
Views
690
Muchacha
M
Top Bottom