You should not do any tracking (in which case you do not need any pop-up and approval dialog) and if you put things like twitter feeds, Google analytics and Adsense, you need to have a choice for the user which, if they do not want this, will not put them on your site.
The thing is; most sites do not honour your choices or make them as hard as possible as analytics and Adsense are required for monetising. Analytics can be replaced by friendly versions that are gdpr compliant without personal info storage or cookie tracking, but then your monetising (Adsense) or internet marketing (AdWords and landing pages) are not integrated into funnels and a lot harder.
I have tested it with some of our assets (most of which do no tracking at all and only have 1 necessary cookie for login without SaaS cannot work) but a few have Adsense and analytics; we have a small and simply bar; accept or not accept; both is one click. ~90% (not exact as we try to compare the Google analytics which means they did say Accept vs the none cookie analytics which means both accept and not accept) clicks Accept which is enough. We use [0] by the way.
Maybe the trickle down economy will work. First some web site operators get fined for not realizing that their subcontractor (twitter) captures personal data. They stop using said subcontractor, and at some point this trickles down to twitter, who will provide a compliant solution.
Good. If you want to quote text, copy it. Has the advantage that it still will be around once the tweet is gone or Twitter is offline.
With a little css it will look the same as the original tweet to which a simple link could lead you.
This is what you do if you value your users privacy. If not, then you have (under GDPR) at least give them the choice not to get these cookies. Which destroys the usability of your site for your privacy conscious users.
Maybe web devs should more carefully consider how much crap third party scripts and resources inject into their sites, rather than caring about a tiny bit of convenience.
That’s absurd. That’s like saying car owners should be held responsible for how safe their car is to drive. It makes unrealistic assumptions about the competency of the end user to judge such things.
No it’s not. Rather it’s more like drivers should be held responsible for how they drive their car.
I’m not even saying responsible— just they cant reasonably complain when they drive somewhere new and they don’t like the road conditions.
Your original analogy is more like this:
If a person's computer got hacked unintentionally, they shouldn’t be responsible for the damage it caused to others.
I’m talking at the meta level. The laws can start nationalizing every company. But I think it shouldn’t. The law can put the burden on developers — but shouldn’t.
I shouldn’t have to abide by some stupid rules to plug my server onto the Internet and listen on port 80.
Your right. The best way is to filter at the firewall level everything Google, Microsoft, Cloudfare, Facebook, Twitter etc.
The world would be a better place.
Now try to do this on Windows 10 :)
Note that fonts from Google Fonts can be self-hosted which resolves that problem. It's a little bit more work to set up, but it does resolve this issue well, while also being slightly more efficient for the end-user (assuming that you've got a decent CDN setup).
That's what I was trying to say, I think I got excited and used too many double negatives...
Theoretically, it should be more efficient hosting these things yourself - there are fewer origins to request, which means fewer lookups, fewer connections, etc.
You can put this in your build steps that it downloads everything; I have that and prefer it anyway; companies ‘tend’ to suddenly remove, change or switch things off or get hacked.
Can someone explain to me how GDPR makes you responsible for twitter collecting data? It's not your faukt if twitter has their own cookies... What matters is whi stores the data who in this case is not the person embedding twitter
Quite simple. You just facilitated Twitter's data collection. Without you it would not have happened.
Even worse, the user loading your page could probably not have known you embedded a Tweet (and sent their data to Twitter) before actually loading the page (if you didn't implement a consent dialog with a reject option).
The user only has a business relationship with the website they visit. The website is responsible for the services it employs, just like any other general contractor is responsible for their subcontractors.
The thing is; most sites do not honour your choices or make them as hard as possible as analytics and Adsense are required for monetising. Analytics can be replaced by friendly versions that are gdpr compliant without personal info storage or cookie tracking, but then your monetising (Adsense) or internet marketing (AdWords and landing pages) are not integrated into funnels and a lot harder.
I have tested it with some of our assets (most of which do no tracking at all and only have 1 necessary cookie for login without SaaS cannot work) but a few have Adsense and analytics; we have a small and simply bar; accept or not accept; both is one click. ~90% (not exact as we try to compare the Google analytics which means they did say Accept vs the none cookie analytics which means both accept and not accept) clicks Accept which is enough. We use [0] by the way.
[0] https://plausible.io