GDPR, Cookie banner, EU law - Need to be a core of every Content Management System

[PCT1991]

Hello Joomla-Community,

Data protection law has been in force in Europe since 2018.

A handful of GDPR plugins were programmed for Joomla. But only one on the market, which you also have to buy, has observed all legal points.

As an IT expert, I simply do not understand why a cookie banner has not been implemented in Joomla or in other CMS for a long time.

It is important that a website visitor has to agree before loading scripts or fonts from other websites. Likewise, not a single cookie may be set before consent has been given.

The law also says that cookies must be described to the website visitor. Name, purpose, duration, ...

In addition, a website visitor must be able to withdraw their consent at any time.

For this reason I am requesting this feature. It's been almost 5 years and neither in Joomla nor in other CMS was something integrated. It's the law. So it should be anchored at the core of every CMS.

BTW this is the only plugin which provide all the right functions for Joomla:
https://extensions.joomla.org/extension/gdpr/

The other plugins are just wrong for the EU. This can get very, very expensive if a law agent contact you, because some Google Fonts get downloaded or a Cookie get setted without a permission of the user.

Thank you in advance!

Best regards
Pascal

[brianteeman]

This is not an issue for github

[bembelimen]

Hello Pascal,
as this is more a discussion less an issue, I moved it to the discussion part.

My personal opinion is: as there is an existing good solution, Joomla! does not really need a GDPR solution short term, but more of a GDPR framework offering possibilities to users.
Joomla! started with that by having the privacy tools implemented. Of course that's not the all inclusive solution.

A cookie manager (cookie banner) solution is in the making, but as many projects in Joomla it lacks in manpower and people pushing forward to get it done: https://github.com/joomla-projects/gsoc21_cookie-manager/tree/final-cookie-manager

[PCT1991]

Hello,

I searched now for hours how to write a feature request. Then I found this https://docs.joomla.org/How_do_you_request_a_feature%3F
Really hard to contact a developer or a support at all.

How do you request a feature?
You can post, request, fix bugs and/or test patches on GitHub or the Issue Tracker site:
https://issues.joomla.org/

I tagged it with the "feature request"-tag.

That is what I did. But here it looks completly different.

Thank you for the link about the Cookie Manager (Cookie Banner).
If this is stopping all scripts, cookies etc. before the user clicked on "yes I want it" and it is like what the EU want in the GDPR it would be nice.

What can we do about the manpower?

Best regards
Pascal

[bembelimen]

Hello Pascal,

What can we do about the manpower?

• Learn programming and contribute
• Pay a developer to contributes
• Go out on several events (JUG, Joomladay, other events outside of the Joomlasphere) and find people with the same requirements, group together and then do 1. or 2. to share the load
• Find a programmer who also need this and contribute
• Test the existing code and give feedback
• Probably ping @apapageorgiou as he did a very great review of the whole project and what's missing
• Test open PRs: https://github.com/joomla-projects/gsoc21_cookie-manager/pulls
• Check the open issues: https://github.com/joomla-projects/gsoc21_cookie-manager/issues

You see, at the end it's up to the people who want this feature to invest time...

[PCT1991]

Hello bembelimen,

thank you for your answer!

Best regards
Pascal

[RichardZimmerEschborn]

@ PCT1991

I would like to agree that it is necessary to have the possibility to restrict the use of cookies in a CMS system. Even if this would mean that the functions are limited (e.g. as long as the end user only browses and does not log in to edit pages, rate or give feedback etc).

On the other hand, there are too many ways to design and implement a GDPR cookie banner solution for a framework like Joomla! to have a complete turnkey solution implemented.

If you are interested I started to write a tutorial on docs.joomla.org about a DIY cookie warning. Just search for cookie warning tutorial.

If you like, feel free to send me a message, then we can exchange requirements.

You also find my contact form if you look at issue #39100 at joomla! issue tracker.

[PCT1991]

Hello @RichardZimmerEschborn,

thank you also for the answer!

I dont found a way to contact you. I clicked on your name / icon here ;-).

I am a IT expert, systemintegrator and developer. Normally I dont develope a full website by my own. This is why I am using Joomla since I know Joomla. Maybe from beginning of the Version 2.X :-).

I know exaclty the requirements of an "Cookie Warning" for the EU, because I needed to pay, because it was wrong and then I talk to an law agent.

For a customer of me I developed a landing page with a own "Cookie Warning" with all requirements, but this is something I can do only when I develope the full website by my own.

The requirements are:
-A user need to get an message when he is visiting the website.
--In this moment it is completly forbidden to load any fonts or scripts or pictures from third party servers ;-).
--Its even forbidden to use Google Maps in this case for example.
--The user need to have an option so he can say yes I want to use all cookies, scripts and more.
--At any point the law say he need a option to say "no" easy available on the website. In the case he is saying no all third party tools and not technical needed cookies cant get set or it is getting very expensiv for the website owner.
-Another point is the user need to see which cookies get used. When will they expired and a description is needed for what this cookie get used.
-All Cookie Banner Buttons need to have the same color that the user is not clicking on the green one for example.

And this is now a main problem. Maybe I can develope something that covers all requirements, but in Joomla it need to get loaded before everything else get loaded. In the moment the user open the website its just forbidden to open any third party script, set any non technical cookie etc. since he need to accept it. In the moment he say no. Everything like this need to get disabled.

I tried then a lot of plugins for Joomla and just saw its a simple "warning message". But in the background no scripts get disabled etc. and this is a big problem in the EU.

If I know what is to do I have no problem to develope something and gave it to everybody :-).
But at this point I just dont know how.

I dont want to make advertising for my customer. Maybe its forbidden. But I uploaded some screenshots what I developed with the right requirements when I can make a website by my own without a CMS.

When a user is visiting the website everything else got deactivated.
I used just some simple if cookie_google_allowed == yes in the sourcecode to deactivate scripts and cookies.
On every website page on the button you have the opt-out thing when a user want to deactivate everything again. Then a javascript is deleting the settet cookies on the computer too. Thats so important.

This is why I think it need to be in the main core of every CMS. 1 plugin on the market did it right. But I tested so many, saw that the cookies get setted or google fonts get just loaded before the user said "yes".

So we need some point to change the source code which is generated from joomla to avoid that some external scripts etc. get loaded and more.

Best regards
Pascal

[brianteeman]

1. Please remember that there are multiple different privacy laws across the world
2. There is no such thing as an EU wide law. Each member country has a law and each member country has implemented that law based on their own interpretation. The implementation in France is not the same as the implementation in Germany for example.
3. You absolutely do not need to make any changes to the core of Joomla for a plugin to be able to satisfy the requirements of these different privacy laws.
4. There are multiple aspects to many of the data privacy laws.

• Notifying the visitor and getting their consent
• Conforming to their selected preferences
• Storing/managing their consent
• Allow the visitor to change their consent
• Allow the visitor to request their data is removed
• Allow the visitor to request a copy of their data.
• and many more

5. There are several free extensions already available that do satisfy the requirements - you just didnt look hard enough