What is the need / problem
The European regulation enforced from May 2018 request all websites using cookies to inform user about the cookies used and for all cookies not strickly necessary for the service (that the user has deliberatly chosen to use) let them the possibility to refuse them.
Not doing it make us out of law and we could be fine (pretty high fine) for not respecting that.
Also beyond the law, we do want to be honest and transparent with our users about what data we collect from them and what we do with it.
Who does it impact
All EU users
What is the current impact of this problem
Users don’t clearly know which of their data we collect and use through cookies.
OFN in EU countries incur financial risk if not applying that rule.
What is the benefit in focusing on this
Leveraging the risk + build a 100% trustful relationship with our users regarding their data.
Links to more details
- GDPR discussion: General Data Protection Regulation : action plan proposition
- Legal compliance first reflexion including rules regarding data: Legal conformity: what we need to do
Potential solutions that will solve this problem
I propose one feature candidate which is “instance create a page explaining cookies, can toggle-on/off pop-in/banner requiring user to accept cookies and can link his own page into it” the 4 stories below
- list and understand which cookies we use, which data we collect and for what to be able to communicate it
- create a page in the “user guide” (at the end like “info on your data”, where we explain all the thing): exemple in France http://lapaillasse.org/a-propos-de-ce-site#mentions-legales
- display pop-up when first connexion with explanation in short of data we collect and for what and ask to click on “ok” + link to precedent page to explain more in detail. (if no click on ok redirect on some support page / forum page explaining that it’s not possible to use the service if doesn’t accept cookie and for which reason. Else if those cookies are not necessary can just keep going on his navigation)
- create toggle off-in to allow instance to activate or not AND enable instance to link the url that the user need to review before accepting the cookie (so each instance can have the page they want to explain what they need given their local constraints)