New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Privacy policy, user tracking and opt-in/out #16
Comments
For Google Analytics, I think it's appropriate for us to use Consent mode:
If we deny "ad storage" access, then Google Analytics/Google Ads musn't use a hosted portal to add to a user's browsing profile. I expect we can always leave this as denied. If we also deny "analytics storage" then Google Analytics is only sent "cookieless pings ... for basic measurement and modelling purposes". It's worth testing, but https://www.simoahava.com/analytics/consent-mode-google-tags/ (and the comments) suggest the "cookieless ping" data isn't shown in Google Analytics, but eventually will be shown somehow. There is some debate on whether the "cookieless pings" require consent at all. Presumably Google thinks so, otherwise I don't see a purpose to this, but this article ("Can these technologies actually be used without user consent") says the German data regulator says this is not possible:
I assume browser privacy extensions, ad blockers etc will continue to block all this anyway. The only way around that would be to self-host basic analytics (i.e. send "cookieless pings" to a server we control, or process the webserver logs), but we should know what we're trying to measure before starting on something like that. CC @thomasstjerne for similar issues for COL. |
Before proceeding with this issue we should clarify what legal responsibilities GBIF as a host have for how this is done. Terms:
I tend towards just offering Google analytics as a predefined solution. Not GTM, adds etc as introduced above. But I'm far from being an expert user in user tracking and analytics. If anyone has specific needs or expertise they can bring, then that would be great |
I believe this will need the following:
An example of this approach is https://datacite.org/ Is this easily feasible, please? |
Standard Privacy policyIn the interest of making it easy to get a privacy page: I will add a privacy page to all portals. It will use a new layout type called If the portal owners would rather write their own privacy policy, then they can simply delete the file and config again. See also https://hp-theme.gbif-staging.org/privacy-policy-template Google analyticsIt has always been possible to add google analytics to the portals, but we have now made it easy to do so while getting the users consent. See https://hp-theme.gbif-staging.org/measurements |
@timrobertson100 Updating above will update the privacy policy on all pages that use the template. Currently it is just a stub showing how to use the variables and with a button to reset user preferences. |
Thank you for making this process easier. Will there be any translations available for the standard template? |
Currently there is no tracking and hence no consent popup. But several people mentioned the intention to use Google Analytics in the pilot applications.
I suggest adding an option to add a tracking GA ID to
_config.yml
that will then insert the tracking scripts/iframe and add a consent banner (with translatable text controlled by the editors).And then have an option to overwrite the includes if someone has the need to replace the standard GA scripts with a different config or another provider.
The text was updated successfully, but these errors were encountered: