We are currently using kitconcept.dsgvo for displaying the standard blablabla cookie banner...however this is no longer sufficient in Germany due to high court decision. I am currently investigating collective.privacy as a replacement but found three issues:
- the consent view is not being displayed upon the first request when you visit the site
- there is no popup/overlay support for the consent view (currently implemented as a viewlet)
- tracking is enabled by default although tracking requires an explicit opt-in. So the first request will be always tracked. The wording in the viewlet "Unintrusive analytics (required)" is misleading here because tracking is in general never required. "Unintrusive"...is questionable.
So has anyone integrated collective.privacy (on a German site) in a compliant way? Any examples?
The other one is to integrate CookieBot which is fully compliant with the explicit opt-in requirements and can block any not accepted cookie even for external sites content (ex, Youtube embeds). This solution has the drawback of its price that can be prohibitive for some customers.
Just for the record: We are aware of this problem and the new legislation. We already amended the behavior in our German Volto projects. We have a few classic Plone sites where we will have to make those amendments to kitconcept.volto (in Volto projects we just use the backend parts of kitconcept.volto). Therefore you can expect kitconcept.dsgvo to be updated soon. PRs are also always welcome of course.