GDPR - Theme Cookie Control


#21

Thank you for sharing this information with us, Jeremie!
I’m surprised that the support team does’nt communicate with us here.


#22

Thanks for the updates. Releasing the update any later than this afternoon just isn’t acceptable. I really don’t think many theme developers understand the extent of the fines that could be imposed for non-compliance to GDPR, especially for clients with 250 staff or more. At the moment we have no idea what is going to be included in the next release and exactly what is and what isn’t going to be addressed, or how this could affect existing theme settings. How are we meant to work around this? What if they forget or simply overlook something major? We now don’t have any time investigate or find solutions and to make matters worse we have a bank holiday here this weekend too.


#23

Seriously, guys!!! Where are the updates? Really disappointed.


#24

Can someone from support please give us an update as this is really poor. Avada already has a GDPR update out and doesn’t have these problems. Is the theme update going to be available in the next few hours? I need to know so I can book time and development resources in now. Thanks.

Just noticed the update has become available. Lets hope it resolves all the cookie issues listed above!


#25

Ok, so just a quick update to everyone following this.

The latest update appears to have now removed ALL of the cookies I listed above, so thank you Artbees. Nice work! I just wish that you hadn’t left this until the very last minute.


#26

While I’m glad it’s finally out, one issue that I am facing is that I cannot add a link in the GDPR message. It would be good to be able to put some HTML for example, which would allow to link to the Privacy policy page. It’s not dramatic but it’s sad it’s not possible.


#27

Sorry guys, busy days. We finally released the GDPR update yesterday 25th of May. Please check this out:

https://themes.artbees.net/support/jupiter/release-notes/


#28

I believe you can translate those texts using PoEdit or LocoTranslate plugins and add your own link as HTML inside them.


#29

I cannot find the settings for the checkboxes (contact forms and comments). :blush: Can someone help me please?


#30

Hi Anett,

It’s not very obvious where any of the new settings are, so don’t worry!

They are in the following sections:

Global>API
Global>Quick Contact - Enable to see the options.

Hope that helps.


#31

Thank you Jason!! I’ve found it now.


#32

Youtube serves its videos from a free cookie domain also: https://www.youtube-nocookie.com. To automatically serve site embedded videos from this domain in your jupiter site, use this code in your theme functions.php:

/* add oembed handler for youtube-noocokie.com */
wp_embed_register_handler( 'ytnocookie', '#https?://www\.youtube\-nocookie\.com/embed/([a-z0-9\-_]+)#i', 'wp_embed_handler_ytnocookie' );
/* enable these to switch to youtube-nocookie automagically! */
wp_embed_register_handler( 'ytnormal', '#https?://www\.youtube\.com/watch\?v=([a-z0-9\-_]+)#i', 'wp_embed_handler_ytnocookie' );
wp_embed_register_handler( 'ytnormal2', '#https?://www\.youtube\.com/watch\?feature=player_embedded&v=([a-z0-9\-_]+)#i', 'wp_embed_handler_ytnocookie' );

function wp_embed_handler_ytnocookie( $matches, $attr, $url, $rawattr ) {
	global $defaultoptions;
	$relvideo = '';
	d($matches, $attr, $url, $rawattr);
	$embed = sprintf(
			'<iframe src="https://www.youtube-nocookie.com/embed/%2$s?rel=0" width="%3$s" height="%4$s" frameborder="0" scrolling="no" allow="autoplay; encrypted-media" allowfullscreen=""></iframe>',
			get_template_directory_uri(),
			esc_attr($matches[1]),
			$attr['width'],
			$attr['height']
			);
	return apply_filters( 'embed_ytnocookie', $embed, $matches, $attr, $url, $rawattr );
}

It works great for [vc_video] shortcode (“video player” element of the builder). Hope it can be useful.


#33

Thanks for this info. However, my understanding is that using the cookieless domain only prevents cookies from being set “before” the video is played. As opposed to the standard YouTube embed method which sets cookie as soon as a visitor reaches the page the video has been embedded onto. This is why plugins like “Cookiebot” have specific functions and code to address this. If this isn’t the case then please do let me know.

As YouTube is a “third-party” and uses a number of cookies for marketing purposes you still need to get implicit consent from the website visitor to use the cookies at any point. Again, this is just my own understanding of this though.

Thanks,


#34

After several tests with different browsers, I can’t see youtube cookies before or after playing an embedded video via youtube-nocookie (and related videos disabled ?rel=0). It seems really cookie-free…


#35

Thanks for reporting back, this is very interesting as that contradicts what I had read elsewhere. Is there any chance you can run a scan on one of those pages using cookiebot? It’s free to run a scan and very accurate.


#36

CookieBot scan reports this one from youtube-nocookie.com:

Name: @@History/@@scroll|#
Source: youtube-nocookie.com
Type: HTML
Expiration: Session

But I can’t really find this cookie inspecting Appliction tab of Chrome Dev Tools


#37

Thanks for the additional info on this. I don’t think that you have to worry about that cookie to be honest as it should just be a “session” cookie. Is that the “only” cookie found? I’ve also found a big discrepancy between the cookies shown in Google Tools and Cookiebot scans too. My approach is to play it safe and go off Cookiebot results as it’s GDPR compliant. Like I said though, I don’t think the cookie you have listed “should” be a problem.


#38

Just a quick update for anyone else interested in this. I have noticed something quite important about YouTube’s cookie free domain:. This statement is from YouTube answers page found here: https://support.google.com/youtube/answer/171780?hl=en-GB

(The privacy-enhanced mode only relates to tracking of viewer behaviour, not ad-serving behaviour. To disable tracking for advertising purposes, you can add yourself to the Tag for child-directed treatment page.)

Although this isn’t entirely clear, I would take that to mean that even the cookie free domain does indeed “still” track for marketing purposes. Hence, you are still best preventing loading altogether until “marketing” class cookies have been accepted by the end user. That’s how I interpret it anyway.

I’ve also heard back from “Vimeo’s” legal team who told me that they do not think you need to gain permission to embed and load their videos. Hope that helps.