Breaking GDPR Laws?

@andyjay83 Thanks for opening a support topic. While there are no GDPR features embedded within Site Kit the plugin is GDPR compliant by default. No user personal information is collected by the plugin. If connected the Analytics module also anonymizes IP address by default.

There is also an open GitHub feature request below in relation to implementing GDPR features within the plugin:
https://github.com/google/site-kit-wp/issues/462

Thanks James, it’s nice to know this plugin does that.

Technically it’s not fully GDPR compliant as there’s no way for a user to opt in and opt out of data tracking via some sort of button that lets them allow or not allow the logging of their data.

Is there a way to do this using Site Kit?

Thanks for your time.

@andyjay83 At present there is no such feature within Site Kit. If you would like to include any such suggestions or input feel free to submit any additional details to the open GitHub issue.

Well then why and how is this plugin out? You’re advertising a product that isn’t legal and can get us site owners in trouble.

That’s not right. It makes no sense to me that this plugin was released without it being fully GDPR compliant.

And I know it’s not your fault James as you are just an employee (who is doing a tremendous job responding to all the questions in this forum by the way)

But unfortunately, you are who I am in communication with and this is extremely unethical and unlawful of Google to do.

As I’m sure you know, the GDPR fines are very VERY steep.

What is going to be done about this because something needs to be done yesterday.

I see you guys are answering other topics in this forum but what about this one? This is arguably the most important topic here because none of the support that people are asking for don’t mean anything if the plugin isn’t legal.

@andyjay83 thanks for providing your feedback. We are conferring with the team about your concerns. In the meantime, you are welcome to add input to the Github issue as mentioned. We’ll need to continue to assist other users, but we’ll return to your topic soon with more information.

A little search will get you far…. and no need to solicit the poor forum admins here…

Legal mumbo jumbo from the GDPR-document:

GDPR treats online identifiers and location data as personal data, and therefore demands they be protected in the same way as other identifiers…

GDPR states that all cookies (even pseudonymous ones) can be considered personal data if there is any potential to use them to single out or identify an individual.

NOW, having found that on the WWW:

Google has already (!!) a variety of resources regarding their GDPR compliance.

In short, if you use Google Analytics you don’t need to obtain explicit consent from visitors.

• This reply was modified 4 years, 9 months ago by docdanijb.

I’ve never solicited the forum admins. If you read correctly, I actually acknowledged how tremendous of a job they’ve been doing providing exceptional support to everyone’s questions and concerns—including mine. They’re employees of Google, none of this is their fault.

As to your point about this plugin being GDPR compliant, it is not in my opinion.

I know that you’re likely trying to convince yourself that it is because of the years of data you may have and use to promote your marketing efforts for whatever agenda you have (i.e. business Ad ROI) but I believe that it is not—despite what Google says.

For this to be fully compliant there needs to be a way ON the website you use it for the visitors to give their consent. There also needs a way to consent for each category of data that is collected and what it is used for (i.e. necessary cookies, marketing cookies, functional cookies, etc.)

Nowhere does this plugin allow you to do any of that from what I’m being told by James and Renee.

Also, don’t let them fool you. Anonymizing the data is not enough as per GDPR laws as it’s a very high bar that is set and often falls short as demonstrated here

And these fantastic employees (Renee and James) know this. You can tell by their indirect responses and their haste reaction to letting the team know about this in this forum topic and also this one

The truth is that Google is on the verge of losing a huge source of income due to the new data privacy laws that are getting more serious by the day. These new laws make it difficult to use their premier services (analytics, ads, adsense, tag manager, etc.) because their remarketing tools are not GDPR compliant if there’s no way for users to give their consent in allowing us website owners to legally use these powerful and extremely effective tools .

Google has taken a very unethical and unlawful approach in trying to save their company with the release of Google Site Kit and many other workarounds. I think this plugin can ABSOLUTELY be GDPR compliant, but it isn’t right now. And that puts website owners like you at serious fines that I’m sure Google will not compensate you for.

Apple is the one who started this initial push into the whole “customer data is important” argument. They’re the ones pushing over there in Europe.

Apple doesn’t care about data protection. They care about taking Google out. And they’re lobbying for Data Privacy rights because Apple knows that eliminates a huge chunk of Google’s income: ads and marketing.

I understand Google feels the pressure of that but the too-soon-to-be-released Google Site Kit is just one of the many moves that they should be held accountable for.

Maybe I’m wrong about how I feel about Google Site Kit but for anyone who knows, the GDPR and new Data Privacy Laws are fluid and as clear as mud. They’re changing every day and nothing is clear. And I think Google knows this and is using this to their advantage. They’re a big enough company where they can try and let things like a non-GDPR compliant Google Site Kit slip out of legality as a means of trying to save their business.

This is just my opinion on the matter. I didn’t intend to bash on anyone. My intent was to raise awareness about an amazing plugin that isn’t quite ready yet (in my opinion) so that website owners aren’t legally liable for having to fork up 4% of their global revenue or $20m (whatever comes first) for not being fully GDPR compliant.

@andyjay83 thanks for sharing your concerns in this topic. As a follow up, we have confirmed with our team that site owners who choose to use Google Analytics are responsible for managing notice/consent requirements, as described in the Terms of Service.

As mentioned previously, Site Kit already anonymizes IP addresses upon activation of the Google Analytics module. In addition, we’re working on adding a way for cookie consent plugins to integrate with Site Kit to help site owners. Follow the progress in this GitHub issue: https://github.com/google/site-kit-wp/issues/2087