[wp-trac] [WordPress Trac] #44043: Framework for logging/retrieving a users consent state

WordPress Trac noreply at wordpress.org
Sun May 20 06:43:49 UTC 2018

#44043: Framework for logging/retrieving a users consent state
 Reporter:  cookiebot               |       Owner:  (none)
     Type:  defect (bug)            |      Status:  new
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  Privacy                 |     Version:  trunk
 Severity:  normal                  |  Resolution:
 Keywords:  gdpr 2nd-opinion close  |     Focuses:
Changes (by gisle):

 * type:  feature request => defect (bug)


 This ticked seems to confuse granular consent (as required by the GDPR)
 and cookie compliance (as required by Directive 2002/58/EC, aka. "the
 cookie directive"). I think they need to be kept separate.

 A cookie is a rather special type a personal data, because ''you'' do not
 store it or control it. The cookie is ''always'' stored on the user's hard
 drive, and is at all times fully under the user's control. You can only
 access it and the information it contains as long as the user let you. If
 the user wants to withdraw consent to you having access to this data, the
 user deletes the cookie. End of story. This is why cookie compliance need
 to be treated different from consent to process personal data where you
 (or a third party acting as a processor for you) control access to the

 I simply do not see the need for using an external service (such
 ''CopyBot'') to handle my users' cookies, or to handle these permissions
 myself. What is proposed here is to take some data where the user is
 ''fully'' in control, and turn into something where the user is only
 ''partial'' in control. As a controller who cares for my users' privacy, I
 think this is a horrible idea.

Ticket URL: <https://core.trac.wordpress.org/ticket/44043#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list