XF 2.2 Will xenForo cookie consent notice be on Google's list of certified CMPs?

[Mr Lucky]

Not content with recently making us jump through hoops editing the default xenForo consent notice, we now have this:

Google’s commitment to transparency and control means we regularly look at ways to improve the consent experience. When we do this, we’re thinking about evolving user expectations and regulatory indicators that we think will ultimately guide the broader online advertising landscape.​

​

We recently announced in this blogpost that later this year, we will require partners using our publisher products — Google AdSense, Ad Manager, or AdMob — to use a Google-certified CMP that integrates with IAB Europe’s Transparency and Consent Framework (TCF) when serving ads to users in the European Economic Area or the UK. In the coming weeks, we will make available a list of certified CMPs that have integrated with the TCF and can demonstrate they meet the TCF’s specifications, and we’ll require that our publisher partners use a CMP from that list. This new requirement will apply to partners’ own accounts and those managed by partners on behalf of others. The list of Google certified CMPs will be available in our HC articles (Ad Manager, AdMob, AdSense).​

I wonder if xenForo will be on the approved list, or whether we need to integrate a 3rd party "approved" CMP even though the xenForo team have done a great job in furnishing us with a GDPR compliant consent notice, but now Google has changed the goalposts yet again.

I'm sure that unless we use one of their approved CMPs then we will not be able to use adsense. And I'm also sure that integrating one of those is not going to be as easy and seamless as the provided xenForo consent notice. Grrrr.

Will xenForo be compliant?

 

[cjwinternet]

Assuming you're responding to somebody else. Nobody has replied here since August 8th. Any thoughts regarding my question?

It's got sweet FA to do with forum cookies and everything to do with data and GPDR.

You can turn the xenforo message off and create an internal use exception on the Google CMP.

 

[Mr Lucky]

create an internal use exception on the Google CMP.

Are you able to explain what that means in plain English?

 

[Black Tiger]

You can turn the xenforo message off

Which one exactly?

 

[cjwinternet]

Are you able to explain what that means in plain English?

It means you can use the Google one for your own purposes ie cookies

 

[cjwinternet]

Which one exactly?

What one do you think?

 

[Mr Lucky]

It means you can use the Google one for your own purposes ie cookies

Yes, but finding it and how to install it seems to be very complex. I did find it once but it seemed it would only apply if you had auto ads, the last thing I want. How to just simply put it on your site seems impossible unless you are a developer.

Your previous post wasa great example of tech jargon that most ordinary folk do not have the foggiest idea of:

an internal use exception

 

[tonmo]

Yes, but finding it and how to install it seems to be very complex.

Finding it was easy (just login to AdSense, they accost you with it), but agreed install is very complex, depending on your use case.

It seems to be simple if you just use AdSense everywhere on your site and have no conditions (like, no ads for Supporters) -- you can just use the built-in AdSense GDPR pop-up feature, while disabling the XF GDPR pop-up feature via adminCP.

But, for those who use Adsense only on select pages, the consent isn't going to suffice, since ALL usage data is within the owner's hands for analysis, etc. If a user lands on a page that doesn't show an ad, their usage details are still going to be captured, which would seem to be a violation. So, it's not very straightforward at the moment -- in fact, at this level, the set up via Google is extremely confusing.

Hopefully 2.3 will address this, and will be out in time to do so.

 

[Mr Lucky]

Finding it was easy (just login to AdSense, they accost you with it), but agreed install is very complex, depending on your use case.

Ah yes, I see they do now with a huge popup.

But then no instructions on how to configure it

It seems to be simple if you just use AdSense everywhere on your site and have no conditions (like, no ads for Supporters) -- you can just use the built-in AdSense GDPR

Yes this is what I found confusing. I only have ads for unregistered guests. I would want the Google one for that (as long as it didn't rely on auto ads like it appeared to last time I tried).

This is why I asked the original question. If xenForo had this, it could seamlessly integrate with the display criteria of your Ad settings.

 

[Black Tiger]

What one do you think?

Would you think I would ask if I would know? It's hard enough to understand that Google technical crap because I'm not native English.
But never mind, with a lot of trying I probably found it.

Which enables a huge popup, where consent is -not- enabled by default, and no way to enable it (basic consent) by default. And which causes adsense (even when the default "accept" button is pushed, on several pages the ads are not shown.
Something I've already discovered in another thread I posted some time ago when I tested this.

 

[cjwinternet]

Would you think I would ask if I would know? It's hard enough to understand that Google technical crap because I'm not native English.
But never mind, with a lot of trying I probably found it.

Which enables a huge popup, where consent is -not- enabled by default, and no way to enable it (basic consent) by default. And which causes adsense (even when the default "accept" button is pushed, on several pages the ads are not shown.
Something I've already discovered in another thread I posted some time ago when I tested this.

Consent CAN be enabled by default though.

 

[Black Tiger]

Consent CAN be enabled by default though.

The basic consent which you get to see in the cookie window? I tried that in Google, but on saving it just appears with disabled again when looking at it again (red left arrow).
It should indeed be possible, but I don't know how.



Then I got a page "Select your data purposes" in the GPDR/AVG settings, didn't know what to do so I choose these, maybe that is wrong?
It's Dutch but the second line is basic ads.



So I don't know where else to enable them by default. Only see options to do that for "legitimate interest".

 

[Feanor]

Correct me if I'm wrong, but Google appears to now have an option to do this for you:
"If I don't create a GDPR message by January 16, 2024, please publish my GDPR message for me."

 

[Forsaken]

Correct me if I'm wrong, but Google appears to now have an option to do this for you:
"If I don't create a GDPR message by January 16, 2024, please publish my GDPR message for me."

That is using the Google CMP as far as I know.

 

[BikeGremlin]

While I'm waiting for my XenForo domain to get approved for AdSense, I did have good results with WordPress.

There, the Auto ads option could be used just for the damned cookie messages - while disabling any auto ads in the AdSense settings, and placing the ads manually. Worked like a charm.

My notes for XenForo so far (still untested & unconfirmed) - with links to the separate article for the auto ads cookie setup:
https://io.bikegremlin.com/32015/xenforo-forum-installation-securing-and-configuring/#8

I'll update it when/if my forum gets approved, while any feedback (especially additions & corrections) is more than welcome.

Relja ComeToTheDarkSideWeHaveGDPRcompliantCookies Novović

 

[Kirby]

Consent CAN be enabled by default though.

Not really if you run any Google advertising product on a website in Europe - Google basically requires the use of TCFv2 and Legitimate Interest as a legal basis will be gone once TCFv2.2 has been rolled out by all CMPs.

TCF 2.2 Launches! All You Need To Know - IAB Europe

Important Note: The Implementation deadline of TCF v2.have been moved from September 30th 2023 to November 20th 2023. More information here In order to continue helping players in the online ecosystem comply with certain requirements of the ePrivacy Directive and the GDPR, the Transparency &...

iabeurope.eu

Removal of the legitimate interest legal basis for advertising & content personalisation: within the scope of the TCF, Vendors will only be able to select consent as an acceptable legal basis for purposes 3, 4, 5 and 6 at registration level;

It was possible to enable Legitimate Interest by default, but as this will not exist any longer (for advertising) it is not possible.

 

[Jon12345]

I just got a reminder email that said: Adopt a certified CMP by 16 January 2024

Anyone here know of an easy implementation yet? Reading the previous posts on the thread seems to not have a definitive conclusion on what to do.

 

[tonmo]

I agree, this remains outstanding and I am not sure the 2.3 release addresses this. To recap, my own use case of concern is using adsense on some of my site but not all of it. And, my "Supporters" usergroup won't see ads anywhere, while other visitors to the same pages will see ads.

 

[Mr Lucky]

Yes, but finding it and how to install it seems to be very complex.

It's now a bit easier

It seems to be simple if you just use AdSense everywhere on your site and have no conditions (like, no ads for Supporters) -- you can just use the built-in AdSense GDPR pop-up feature, while disabling the XF GDPR pop-up feature via ad

I have tested it and it only seems to show up on pages that have ads. In other words

• Does not show e.g. on help pages (where I have disabled showing of ads)
• Does not show to logged in users who do not see ads

It seems to be simple if you just use AdSense everywhere on your site and have no conditions (like, no ads for Supporters) -- you can just use the built-in AdSense GDPR pop-up feature, while disabling the XF GDPR pop-up feature via adminCP.

I am not sure about that.

The xenForo message is in regard to all cookies, I thought the Google message is only in regard to ads so I'm not sure the Google one can act as a direct replacement.

Further, it only shows to users who see ads, so that means the other users (e.g. your premium group) will get no consent message at all.

 

[Mr Lucky]

I am keeping the notice enabled on my main forum and see how it affects EU revenue. My gut feeing is most people will not give consent, and so EU revenue will drop (it's not that much anyway) as this basically just becomes an EU adbloker.

You don't have to show the refuse consent button, but I think that would just annoy people who then have to either give consent or fiddle about with settings.

Hence I may be better off not showing the notice and except I lose the EU revenue.

 

[Black Tiger]

You don't have to show the refuse consent button

Really? But how can one remove that button from the Google GPDR notice? I'ts also pity that noce has all those "justified" things enabled by default but does not have the normal options active by default.
It indeed effects EU revenue.