Suggestion: Let users select own Cookie notice management

Created on 6 January 2024, 12 months ago
Updated 9 January 2024, 12 months ago

Cookie notice block is restrictive

Remove "Cookie notice" block and leave users to use own solution.

This way users will not be forced to use a specific solution that may not even be compliant from a legal point of view.

🌱 Plan
Status

Active

Version

10.2

Component

Code

Created by

πŸ‡·πŸ‡΄Romania rrotari

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @rrotari
  • πŸ‡ΊπŸ‡ΈUnited States ao5357

    Thank you for the suggestion, @rrotari -- I'm on my way out the door right now, but upon return will write out a more-considered response.

  • πŸ‡ΊπŸ‡ΈUnited States ao5357

    I'm hesitant to remove the existing default cookie notice at present time for two main reasons:

    1. As shown in the attached picture, the notice is a block placed via the admin UI, and can be disabled or deleted by a site owner quickly and easily. It is a single file with 50 lines of code and does not perform any cookie-blocking operations via JavaScript or any other means
    2. The block, like the site-wide alert placed in the header by default, demonstrates the out-of-the-box functionality, and is a good example of creating a fixed-position block using the frost_theme utility CSS library (though it could be improved a bit with translation functions)
    3. Your point about the basic cookie notice perhaps not being compliant for a particular consuming site is well-taken, though. Ideally this issue will be closed as completed following one or both of these kinds of contributions to the project:

    • Legal review and textual/functional changes to the existing block to improve compliance with as many acts/regulations in as many jurisdictions as possible
    • Documentation, whether in the root readme, a module readme, a module's hook_help() implementation, a new markdown docs directory, or other appropriate location, recommending the best contrib replacements for the default block for sites that need more compliance/functionality

    The out-of-the-box frost site doesn't actually use cookies for regular visitors: though, dismissed element IDs are stored in LocalStorage. Only logged-in admins get a session cookie. That said, the fixed cookie notice block is a good-faith effort by a site outside of California (USA) or the Euro-zone to inform users of the potential use of cookies and an easy way to direct interested users to the privacy policy. (Keeping in mind I am not a lawyer and this isn't legal advice) Site owners in California or Europe (or doing significant business in those places) may want to consider a 'contrib' module or two as a replacement to ensure greater compliance with local data privacy regulations.

Production build 0.71.5 2024