[wp-meta] [Making WordPress.org] #7736: Google Tag Manager is called without consent
Making WordPress.org
noreply at wordpress.org
Fri Aug 9 08:22:28 UTC 2024
#7736: Google Tag Manager is called without consent
--------------------------------+---------------------
Reporter: psmits1567 | Owner: (none)
Type: defect (bug) | Status: new
Priority: high | Milestone:
Component: WordPress.org Site | Resolution:
Keywords: |
--------------------------------+---------------------
Comment (by jonoaldersonwp):
Agreed. Obligatory "I'm not a lawyer", but, at the very ''least'' we need
to be showing some kind of notice (with disclosure info, options and
signposting), and, depending on signoff from legal counsel (who's
responsible for wordpress.org in this respect?), we ''might'' need to
''not'' fire any of these tags until consent is explicitly granted (and
then, only fire based on the consent categories granted).
That needs to apply to ''all'' third-party domains that are connected to;
including *.wp.com (i0.wp.com, stats.wp.com, pixel.wp.com) and s.w.org;
all of which process user requests, record IP addresses, aggregate
anonymous(?) browsing data, etc, on behalf of ''someone''(?).
Privacy policies and similar also need to do a better job of describing
what's being collected and why, how it's used, who has access, how to opt-
out, etc.
Stale Slack discussion (one of many similar) here:
https://wordpress.slack.com/archives/C02QB8GMM/p1709230289707119?thread_ts=1709203062.686059&cid=C02QB8GMM
I'd be happy to update our Google Tag Manager setup to use 'consent mode'
based on the outcome of any legal requirements; though that's only one
small part of the problem surface area. Might be a great opportunity to
bring some of those wp.com tracking pixels etc into the same framework,
though?
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/7736#comment:12>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list