GDPR - Theme Cookie Control


#1

I’ve seen lot’s of feature requests relating to GDPR requirements, but none touch on Jupiters use of cookies. From what I understand, we now need to “declare” and “classify” any cookies that are in use. Currently, this is a huge task that could be made much easier for everyone if there was a quick way to deactivate or at least have more control over certain non-essential functionality.

We’re currently using https://www.cookiebot.com/en/ to handle cookies and classifications and it’s amazing how many cookies are being created by Jupiter.The whole “like/love” system (the hearts on blog posts for example) creates a ton of cookies named along the lines of: mk_jupiter_love_.

Please can someone from support kindly confirm if issues like this are being considered as this is really important right now.

Thanks.


#2

Sorry to bump this, but this is quite important for GDPR purposes. If you have website in the EU you must now declare and classify all cookies. This must be presented to users ‘before’ any cookies are set and put on the users computer or device.

Therefore, we need to reduce the amount of cookies Jupiter is setting or at least have some documention to tell us how the cookies it currently uses should be classified. Can anyone from support chime in here and confirm if this is being addressed or at least how to classify the huge amount of ‘my_jupiter_love’ cookies please? Are they ‘nessasary’, ‘statistics based’ or ‘marketing related’? Anyone else reading this should know this affects your site too if your are operating in the EU, so please vote up.


#3

I UPVOTE this too! Very important for EU companies & websites


#4

I know this is not the solution you’re looking for, but to be compliant before the 25th, you can consider removing the heart icon using custom CSS:

/Hide print & love bar blog posts/
.single-social-section{display:none;}
.mk-love-this{display:none;}

I’m really curious about Artbees’ solution as well though!


#5

Hi Marloes,

Thanks for the reply but this won’t stop the cookies from actually being set, and that’s the real issue. It only hides the heart icon. Although the cookies don’t appear to present any privacy issue as such, they are still being set and therefore apparently have to be defined. In addition, the theme needs modifying to prevent any cookies from being set prior to the user giving implicit consent now.

If you have a website in the EU then this affects you, so please vote this up as time is running out.


#6

Aren’t it all functional cookies in Jupiter? I read that you don’t need permission for functional cookies, only for analytical and tracking cookies, therefore this is not a GDPR issue. But I’m no legal expert, so maybe I’m wrong.


#7

Hi, I’m obviously not a legal expert or tying to give advice in any way here. However, from “my” understanding “all” cookies must still be declared and site owners are “responsible” for any third party cookies in use on their websites. This includes cookies set by social media functions - social share buttons, links and video embeds. These type of cookies generally track information that “could” be combined with other information collected via third-party content to create a user “profile”.

Currently, Jupiter appears to set an awful lot of cookies relating to various social media functionality. In the interest of fairness, this may also apply equally to other themes right now though! However, some cookies (like the mk-jupiter-love) cookie set by the heart/like icon have an expiry date of “335586 days”! If you haven’t done so already then I would recommend performing a free scan on cookiebot.com, it will shed some light on the extent of the issue.

Just note that even if you use a plugin like Cookiebot, you still have to manually add a code snippet to “every” single plugin being used on your site (that set cookies) so that it can prevent that plugin from settings cookies until permission has been given. This code then has to be added back into each of these plugins “every time” they are updated going forward. At least until plugin developers have made their plugins GDPR compliant. Managing cookies now appears to be very complex, so this topic should be at the top EU site owners list of priorities right now. We should also all be putting pressure on social media companies, theme and plugin developers to get on top of this.


#8

I’m not a lawyer too, but I think “jason1” is right. One of our clients has hired a lawyer to interpret the regulations of the GDPR and he says to us that we must “list and explain”, “all” cookies the website (wordpress with jupitertheme) is using. AND in addition, there should be a way to disable “all” according to GDPR “non technical” cookies, like it is done on the Website of BMW (https://www.bmw.de/de/footer/footer-section/cookie-policy.html).


#9

Hi Steffen, thanks for confirming. I don’t think many theme and plugin developers are taking this seriously at all. This isn’t something that should be left until the last minute and we now only have just over a week of time remaining to implement this.

We’re currently in the process of implementing Cookiebot across our client website networks, but there’s no way to disable many of the cookies being set by what appears to be the social media functionality of Jupiter. I can also confirm that disabling the social media functions in the “Blog” section of Jupiter does not resolve this. This does hide the actual icons (social media share and heart / love icon), but the cookies are “still” being set. It looks like some cookies may also be created for every single new post that is created too. This needs addressing ASAP.


#10

Hi guys, just wanted to give you an update. I’ve just heard back from Artbees and they have confirmed that they are working on updates to make Jupiter GDPR compliant and apparently the next update “should” resolve these issues. Great news!


#11

Thanks for “making the noise” about GDPR compliance! :clap:


#12

In addition, I should say that we are going to retire the love button totally. Since this feature doesn’t have popularity and also there are dozens of similar plugins out there, this is no longer needed. So, in the next version, we won’t have the love button and also what it sets on cookies.


#13

You’re most welcome.


#14

Hi Mohsen,

Thanks for the additional info but please can you ensure that the next update includes some way to manage the following cookies that all appear to be set by Jupiter: (There’s an awful lot being set by Linkedin and this must be coming from Jupiter as we don’t use any other social media plugins)

bcookie linkedin.com
leo_auth_token linkedin.com
lidc linkedin.com
visit linkedin.com
_twitter_sess twitter.com
guest_id twitter.com
GAPS accounts.google.com
NID google.com
JSESSIONID linkedin.com
lang linkedin.com
_auth pinterest.com
RT linkedin.com
csrftoken pinterest.com
SESS# pinterest.com
UID scorecardresearch.com
UIDR scorecardresearch.com
_pinterest_sess pinterest.com
cm_sub pinterest.com
G_ENABLED_IDPS pinterest.com
ct0 twitter.com
personalization_id twitter.com

In addition, please can you try to release the next update in time for us to actually be able to implement and test any changes that may be required as you are already cutting it very close.

Many thanks.


#15

Just a quick tip for anyone else following this topic. If you have embedded YouTube or Vimeo videos anywhere on any of your websites then you should now block these from loading until consent for “marketing” cookies has first been granted by the user. Hope that helps.


#16

I’ve been following this thread for a few days. Now there are only two days left. I hope you are in time and the update will be released today or tomorrow. :wink:


#17

Yup, waiting impatiently for this as well…


#18

I completely understand how complex making changes to a theme this size must be and appreciate that you must be working hard to get the next version finished. However, we need to know if the next version of the theme “will” be available prior to the 25th so we can keep clients informed and somehow try and reduce the impact this might have on them. I’m at a loss as to why something so serious has been left until the absolute last minute.

If the next version of the theme won’t be ready sometime tomorrow then literally everyone using this theme within the EU is going to be non-GDPR compliant. This is a major thing, so please can someone from Artbees kindly confirm if the theme will or won’t be ready in time so we actually know one way or another. If it won’t be available, then please can one of your devs supply a manual code fix that we can use in the meantime?

I am literally considering removing Jupiter (which I really don’t want to do) and swapping it for another theme on some clients websites just to be safe at the moment, as I can’t seem to find any way to control the cookies being set and am running out of time.

Thank you.


#19

It would be great to have some communication about this. Like where is it at, when is it gonna be ready, can we have already a checkbox for the contact form and some documentation on which cookies are made so we can explain this already… ?


#20

I just got an answer from support saying they will have an update out today or tomorrow to address the GDPR issues… It’s a bit last minute but at least it’ll be there.