Contrib.social

[META] Comply with the EU law with a Cookie API

Open on Drupal.org →
Created on 12 February 2016, over 9 years ago
Updated 24 January 2023, over 2 years ago

Problem/Motivation

(this issue is inspired by discussion at : #2567689: 'Disagree' button does not disagree )

EU law imposes websites to inform users about the cookies used and saved by the site, and let the user agree/disagree with it:
http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm

Some contrib modules let's you fulfill the basics of this law by giving the user the opportunity to agree with cookies :
- EU Cookie Compliance
- Cookie Control

They let you agree with cookies but not actually disagree with it. And it's fine in most cases: as you can read on ec.europa.eu, session cookies and that kind of stuff are actually exempt from this law.

However, some contrib modules may use cookies that needs this agreement. You won't be able to browse the site if you are OK with the session cookie, but not with those nasty custom once since you have to agree for all with contrib module.
Moreover, if you install Drupal and some contrib modules, not knowing specifically about Cookies, what is ok and what is not, you may set up a website that is not okay by the EU law.

Proposed resolution

At a high level, it seems quite simple to provide in Core a basic API to register the cookies used by your module (just like you register permissions for instance). Core could thus provide a block displaying all registered cookies and let the user agree / disagree with each of theses (some cookies could be registered as mandatory). Just as permission, contrib module DX could have an API to know if the user has accepted his cookie and thus could decide to activate / unactivate the functionnality..

This would let things be easy in core with a basic API and a basic block to accept those. Drupal would be (from Core) EU Cookie law compliant (I don't knnow if this law have a chance to be extended worldwide one day).
Contrib Modules could benefit from this API to keep things by law when using cookies in a unified way.
Contrib Modules could extend this API with better display / design then a simple block. Just the basics would in Core.

Remaining tasks

- Discuss / Decide on this idea

If the idea catches up, I can work on defining steps, and starting the premises of an implementation.

Feature request
Status

Needs review

Component

Idea

Created by

🇫🇷France Dom.

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 2 years ago
    🇺🇸United States smustgrave

    Moving over to the ideas queue

  • Status changed to Active 6 days ago
  • Comment 6 days ago
    🇳🇿New Zealand quietone

    The Ideas project is being deprecated. This issue is moved to the Drupal project. Check that the selected component is correct. Also, add the relevant tags, especially any 'needs manager review' tags.

  • Comment 6 days ago
    🇩🇪Germany jurgenhaas Gottmadingen

    I think the scope of this issue is probably not for Drupal core. It feels like this has been addressed for Drupal CMS with the Privacy Track, which resulted in the Drupal CMS Basic Privacy recipe.

    In other words, there is simple technical solution to this topic, it requires a fine-tuned setup of the Drupal site, initially and ongoing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024