[wp-trac] [WordPress Trac] #43976: Provide mechanism to opt-out of commenter cookies without needing to post a comment - GDPR

WordPress Trac noreply at wordpress.org
Mon May 7 16:44:42 UTC 2018 

#43976: Provide mechanism to opt-out of commenter cookies without needing to post a
comment - GDPR
-----------------------------+-----------------------------
 Reporter:  garrett-eclipse  |       Owner:  (none)
     Type:  enhancement      |      Status:  closed
 Priority:  normal           |   Milestone:
Component:  General          |     Version:  trunk
 Severity:  normal           |  Resolution:  worksforme
 Keywords:  gdpr             |     Focuses:  administration
-----------------------------+-----------------------------

Comment (by garrett-eclipse):

 Hi @azaozz

 Sorry for the confusion, you're right to have cookies added for WP
 Comments you first must consent to them through the checkbox. But part of
 GDPR is the ability to withdraw consent at any time and with the comment
 cookies to do that the user either needs to do so from their browser (most
 users don't know how) or if you submit another comment with the box
 unchecked that'll also purge the cookies.

 So to my understanding of GDPR in terms of consent and the ability to
 withdraw especially with cookies is that the website first needs to block
 the cookies till they receive consent, then that consent needs to be
 logged, and a mechanism to remove that consent and those cookies needs to
 be provided to the user.

 I may be wrong, but everything I've been reading about cookies+consent
 indicates you now how to log that consent but also allow for it's removal.
 And to my interpretation removing consent would constitute the removal of
 those cookies. That's just from my understanding, and below is some info
 about needing to provide the opt-out mechanism.

   Possibility to withdraw the consent at any time

   The user must have the power to withdraw his or her consent.
   It is therefore important to make sure that users have access to their
 current consent state at all times and can change the settings or withdraw
 their consent entirely.
 Reference - https://www.cookiebot.com/en/gdpr-cookies/

   Sites will need to provide an opt-out option. Even after getting valid
 consent, sites must give people the option to change their mind. If you
 ask for consent through opt-in boxes in a settings menu, users must always
 be able to return to that menu to adjust their preferences.
 Reference - https://www.itgovernance.eu/blog/en/how-the-gdpr-affects-
 cookie-policies

 Let me know what you think I might be off the deep end here

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43976#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list