Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GA Plugin and GDPR #4976

Closed
kbariotis opened this issue Apr 13, 2018 · 11 comments
Closed

GA Plugin and GDPR #4976

kbariotis opened this issue Apr 13, 2018 · 11 comments
Labels
stale? Issue that may be closed soon due to the original author not responding any more. type: question or discussion Issue discussing or asking a question about Gatsby

Comments

@kbariotis
Copy link
Contributor

kbariotis commented Apr 13, 2018

Description

Google's new EU user consent policy states that Google's products, such as Google Analytics must have user's consent in order to work in a page. That means that a website must take the user's consent and then enable the Google Analytics plugin. With that in mind, I would like to see some sort of a toggle to enable/disable the Gatsby Google Analytics plugin on demand.

Expected result

I would like to be able to have Google Analytics plugin disabled by default. Then ask the user's consent and only then enable it.

Here are some references on GA tracking code:

  1. https://developers.google.com/analytics/devguides/collection/gtagjs/user-opt-out
  2. https://developers.google.com/analytics/devguides/collection/gtagjs/#disable_page_view_tracking
@sebastienfi
Copy link
Contributor

To know if the user is browsing from EU, we'd have to use an IP Geolocation service. I don't know any that's free.
As an easy workaround, we could detect the timezone of the user and from there extrapolate it's location.
@kbariotis would you like to submit a PR doing that ?

@kbariotis
Copy link
Contributor Author

kbariotis commented Apr 13, 2018

No @sebastienfi I don't think this is Gatsby's responsibility at all. This must be left at the owner's choice. Gatsby should just give control to the owner whether the plugin is enabled or not and allow to enable it at run time, rather than built time.

I could start by adding an enabled/disabled flag on the plugin. How does that sound?

@m-allanson m-allanson added the type: question or discussion Issue discussing or asking a question about Gatsby label Apr 14, 2018
@sebastienfi
Copy link
Contributor

sebastienfi commented Apr 14, 2018

We use a specific CDN for Europe and another set of CDN for the rest of the world.
We deploy a specific build of Gatsby to Europe. With a straightforward system: once the user clicks on "I agree" we set window.gdpr-agreed = true. Then in Gatsby, we have a condition declaring the GTM & GA code if(window.gdpr-agreed) ... .
If the user agreed, a cookie stores this value and the next browse, window.gdpr-agreed will be set from the cookie value.
It would be cool a cool feature to have this embedded in the gatsby-plugin. I can see more elegant scenarios.

Is what you propose to integrate an option in the plugin to activate the check on whether window.gdpr-agreed is right, and submit an example of integration to define that value?

Send your PR, and I'm happy to review :) It would be welcome to have an example site like example-Europe-gdpr.

@jurosh
Copy link
Contributor

jurosh commented May 18, 2018

Btw. using google analytics is OK (even in Europe) if you anonymize IPs and also disable cross session (bad) cookies.

With this config tracking should be fine:

gtag('config', 'UA-...', {
      'anonymize_ip': true,
      'cookie_expires': 0
  });

Ofc. you lose cross-session user tracking feature of analytics, but it might be good for many developers who jsut want to do basic tracking and don't care about GDPR.

Currently plugin allows to anonymize IP, but doesn't allow (cannot see option) to enable session only cookies - cookie_expires.

As I understand (don't take as lawyer advice) whole GDPR (no consent) compliant code might be:

<script async src="https://www.googletagmanager.com/gtag/js?id=UA-XYZ"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());
  gtag('config', 'UA-XYZ', {
      'anonymize_ip': true,
      'cookie_expires': 0
  });
</script>

@discordianfish
Copy link

@jurosh Thanks, that's very helpful! Looks like cokies_expires is now also available as cookieExpires in the plugin too: https://github.com/gatsbyjs/gatsby/tree/master/packages/gatsby-plugin-google-analytics#create-only-fields

@bonakor
Copy link

bonakor commented Dec 12, 2018

Hi,
I'm adding here the way I worked to implement a GDPR cookie notice on a Gatsby website. I'm sure it's not "as it should be", but it's working with tarteaucitron.js, one of the tool recommended by the french government to handle cookies.

Maybe it can help others facing the same difficulties.

First, I imported tarteaucitron into the scripts folder of my static folder.
After, I used the method to customize my html js.
Before the closing of </head>, I added this
<script type="text/javascript" src={withPrefix('/scripts/tarteaucitron/tarteaucitron.js')}></script>
Then before the closing of </body>, I added
<script dangerouslySetInnerHTML={{
__html: ` tarteaucitron.init({
"privacyUrl": "", /* Privacy policy url */

    "hashtag": "#tarteaucitron", /* Open the panel with this hashtag */
    "cookieName": "tartaucitron", /* Cookie name */

    "orientation": "top", /* Banner position (top - bottom) */
    "showAlertSmall": true, /* Show the small banner on bottom right */
    "cookieslist": true, /* Show the cookie list */

    "adblocker": true, /* Show a Warning if an adblocker is detected */
    "AcceptAllCta" : true, /* Show the accept all button when highPrivacy on */
    "highPrivacy": false, /* Disable auto consent */
    "handleBrowserDNTRequest": false, /* If Do Not Track == 1, accept all */

    "removeCredit": true, /* Remove credit link */
    "moreInfoLink": true, /* Show more info link */

    //"cookieDomain": ".my-multisite-domaine.fr" /* Shared cookie for subdomain */
    });

    `,

}}
/>`

And that's it. Hope it can help

@mmmoli
Copy link

mmmoli commented Jan 16, 2019

I published this a couple months back for GDPR compliance:
https://www.gatsbyjs.org/packages/gatsby-plugin-cookiehub/

Cookiehub looked way nicer than tarteaucitron.

@bonakor
Copy link

bonakor commented Jan 16, 2019 via email

@gatsbot
Copy link

gatsbot bot commented Feb 15, 2019

Hiya!

This issue has gone quiet. Spooky quiet. 👻

We get a lot of issues, so we currently close issues after 30 days of inactivity. It’s been at least 20 days since the last update here.

If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

Thanks for being a part of the Gatsby community! 💪💜

@gatsbot gatsbot bot added the stale? Issue that may be closed soon due to the original author not responding any more. label Feb 15, 2019
@gatsbot
Copy link

gatsbot bot commented Feb 26, 2019

Hey again!

It’s been 30 days since anything happened on this issue, so our friendly neighborhood robot (that’s me!) is going to close it.

Please keep in mind that I’m only a robot, so if I’ve closed this issue in error, I’m HUMAN_EMOTION_SORRY. Please feel free to reopen this issue or create a new one if you need anything else.

Thanks again for being part of the Gatsby community!

@ghost
Copy link

ghost commented Jul 29, 2019

I published this a couple months back for GDPR compliance:
https://www.gatsbyjs.org/packages/gatsby-plugin-cookiehub/

Cookiehub looked way nicer than tarteaucitron.

I can't seem to find the widget ID on cookie hub, would you mind telling me where to look for it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
stale? Issue that may be closed soon due to the original author not responding any more. type: question or discussion Issue discussing or asking a question about Gatsby
Projects
None yet
Development

No branches or pull requests

7 participants