GDPR consent does not block _ga cookie

  • Resolved infatum

    (@infatum)


    2 years, 12 months ago

    1. Tried different GDPR plugins that take care of marketing / analytics cookies. Yet, an independent DPO pointed out that we still have _ga cookie lingering prior to when the page is loaded. Same happens when the user explicitly presses on deny button.
    The recent pluging I’m using is ComplianZ.

    2. docs.google.com cookies, such as NID / ANID / S / 1P_JAR and others are loaded in our site web-pages having embedded Google Docs. I’ve tried blocking this in ComplianZ by disallowing iframe domains. Some cookies are gone, but NID is persistent. Despite Google mentions NID storing preferences, most of cookie scanners, including cookiebot.com, mark it as marketing = not allowed before user consent. Therefore, this should be disallowed both prior to consent message or when cookies are explicitly denied. Yet, still docs.google.com places the cookie. Could Google not force those when users denied it in their choice?

    I’m ditching myself for a 2nd week tinkering with all kinds of GDPR plugins and external sites trying to resolve _ga and docs.google.com cookies. Despite being a valuable tool, I’m about to deactivate / delete Google Site Kit and close my Google Analytics account, so as to avoid any legal GDPR issues.

    DPO states IP anonymization by Google, despite being a good move forward, is still not in accord with current GDPR policy.

    • This topic was modified 2 years, 12 months ago by infatum.
    • This topic was modified 2 years, 12 months ago by infatum.
    • This topic was modified 2 years, 12 months ago by infatum.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support James Osborne

    (@jamesosborne)

    Thanks for opening a support topic. Hopefully we can be of assistance. While I can’t be sure of how all third party plugins work when it comes to cookies I believe the Complianz plugin can block Google scripts from firing until a visitor consents. If you’re finding this isn’t the case have you tried to reach out to the plugins support forums?

    2. docs.google.com cookies, such as NID / ANID / S / 1P_JAR and others are loaded in our site web-pages having embedded Google Docs. I’v

    While I’m happy to retest the Complianz plugin with regards how it works with Google Analytics unfortunately we’re limited to Site Kit plugin support here. Any features such as embedded Google docs would be outside the scope of the Site Kit support forums.

    I’m ditching myself for a 2nd week tinkering with all kinds of GDPR plugins and external sites trying to resolve _ga and docs.google.com cookies.

    I understand, it can be a tricky area to get right. Note however that site owners who choose to use Google Analytics – whether implemented via Site Kit or via alternate means, are responsible for managing notice/consent requirements, as described in the Google Analytics Terms of Service. If testing other cookie or GDPR related plugins you may wish to consult with your DPO.

    The below guide also have some assistance which you may find useful:
    https://support.google.com/analytics/answer/9019185#zippy=%2Cin-this-article

    DPO states IP anonymization by Google, despite being a good move forward, is still not in accord with current GDPR policy.

    You’ll be happy to know that Site Kit anonymizes IP addresses upon activation of the Google Analytics module by default. In addition, we’ve added a method for cookie consent plugins to integrate with Site Kit if they wish to do so. You’ll find more on this below: https://github.com/google/site-kit-wp/issues/2087

    Let me know if you would like me to test the Complianz plugin to confirm that it does block Google scripts until a user consents.

    Plugin Support James Osborne

    (@jamesosborne)

    As we didn’t receive a response I’ll mark this as resolved. Feel free to open a new support topic if you continue to encounter issues, or reopen this topic and we’d be happy to assist.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘GDPR consent does not block _ga cookie’ is closed to new replies.