Collective.privacy

We are currently using kitconcept.dsgvo for displaying the standard blablabla cookie banner...however this is no longer sufficient in Germany due to high court decision. I am currently investigating collective.privacy as a replacement but found three issues:

  • the consent view is not being displayed upon the first request when you visit the site
  • there is no popup/overlay support for the consent view (currently implemented as a viewlet)
  • tracking is enabled by default although tracking requires an explicit opt-in. So the first request will be always tracked. The wording in the viewlet "Unintrusive analytics (required)" is misleading here because tracking is in general never required. "Unintrusive"...is questionable.

So has anyone integrated collective.privacy (on a German site) in a compliant way? Any examples?

For an explicit cookie banner implementation we are using 2 different javascript implementations.

One of them is a completely manual solution based on Osano Cookie Consent which allows full customization of the behavior of the tool, but it requires you to write the javascript in a defensive way to fully adhere to the user preferences.

The other one is to integrate CookieBot which is fully compliant with the explicit opt-in requirements and can block any not accepted cookie even for external sites content (ex, Youtube embeds). This solution has the drawback of its price that can be prohibitive for some customers.

Just for the record: We are aware of this problem and the new legislation. We already amended the behavior in our German Volto projects. We have a few classic Plone sites where we will have to make those amendments to kitconcept.volto (in Volto projects we just use the backend parts of kitconcept.volto). Therefore you can expect kitconcept.dsgvo to be updated soon. PRs are also always welcome of course. :slight_smile:

cc @MrTango

Plone Foundation Code of Conduct