Hi, As far as you don't rely on some cookbook recipe specific cookie usage, and you don't extend abusively the php session lifetime, I think that according to https://webmasters.stackexchange.com/questions/114973/are-session-cookies-exempt-from-consent-under-gdpr There's should be no problem with that in PmWiki. No?
-D- On Wed, Sep 5, 2018 at 1:54 PM Criss Ittermann <cris...@kinhost.org> wrote: > > Hi, All, > > California has adopted GDPR standards, making this no longer just an issue > for people only dealing with the EU. And more municipalities will do this as > time goes on. Because everyone wants a piece of Facebook & Google's hugely > profitable pie. And the fines are steep enough to put any of us out of > business or out of a house. > > I believe PmWiki sets cookies for visitors, not just people who log in to the > site to author. I'm not sure how to circumvent the cookie setting, and make > it contingent on consent. "Using this site means you're OK with cookies" is > not sufficient. Someone VISITING your site is not consent to put cookies on > their machine, and sites doing that will probably eventually get sued. > Active consent is required. > > So here's what I need help with: > > A way to disable cookie setting until the website user clicks OK that the > site will set cookies, and a persistent-until-clicked-OK banner to that > effect with the button. If they don't click OK, no cookies are set. Former > cookies (before a date set by the person setting it up) should be UN-set I > would think, if they have previously used the site. > > And then we also need to TRACK their consent. A SiteAdmin/GDPRCookieTracking > page that logs the IP, timestamp, and author name if they have one that they > consented might suffice. Yes it might get long. But better a long log than > no log at all. > > This is EASIER if visitors don't have cookies set, then the login form &/or > edit form need a GDPR checkbox that is UNchecked by default — it can > disappear after the first time a cookie is set for that machine/author name, > and we don't have to worry about all site visitors needing to click OK. > > > I can put up documentation on adding a GDPR compliance box to email > submission forms on the PmForm site since I've worked on that before and > doing so is fairly straightforward (for me anyway). I will probably have to > do the same for comments on some of my recipes. Yay. So logging in to > author, leaving comments (which contain potential personal identifying info > like name, email, IP, and the comment content itself), and sending emails via > PmWiki..... > > Anyone else have particular GDPR-related needs? Can anyone think of other > places user information is potentially collected (even IP address, etc.) and > cookies set? > > Crisses > ---- > "The shipping labels of one U.S. electronics company may best capture just > how global the marketplace has become: 'Made in one or more of the following > countries: Korea, Hong Kong, Malaysia, Singapore, Taiwan, Mauritius, > Thailand, Indonesia, the Philippines. The exact country of origin is > unknown.'" > -- p. 47, Organizational Behavior 9th Edition, Luthans, 2002. > > > _______________________________________________ > pmwiki-users mailing list > pmwiki-users@pmichaud.com > http://www.pmichaud.com/mailman/listinfo/pmwiki-users _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
