matomo-for-wordpress icon indicating copy to clipboard operation
matomo-for-wordpress copied to clipboard

Published 20 hours ago verified publisher icon matomo-org

Conforming to WP Consent API

Open AertHulsebos opened this issue 5 years ago • 3 comments
trafficstars

Hi! We expect the Consent API to be featured in WP 5.6 as a feature plugin. The end of the year release will feature the plugin to fill the gap between consent and plugins. Please consider conforming to the API. Documentation:

https://wordpress.org/plugins/wp-consent-api/ https://make.wordpress.org/core/2020/04/01/feature-plugin-proposal-wp-consent-api/ https://github.com/rlankhorst/wp-consent-level-api/

Please let me know if we can help,

regards Aert | Complianz.io

AertHulsebos avatar Jun 19 '20 14:06 AertHulsebos

@AertHulsebos cheers for pinging us. two questions:

  1. The doc you sent mostly talks about third parties but using this plugin Matomo wouldn't be a third party. However, it may still set analytics cookies so I suppose we'd still need to implement it?
  2. How do we know if a user has set this up and that we should use this consent API? Is this dependent on wp_get_consent_type() or so?

If I see this right we'd need to build something like this: https://github.com/rlankhorst/consent-api-example-plugin/blob/master/main.js

Depending on the setting in JS we can enable cookies or we keep them disabled.

We wouldn't do anything server side since this would be problematic eg re caching plugins that cache the entire HTML etc.

Internal implementation notes:

  • Would probably need to create a tracker.js hooking into our tracking code since we maybe need to get some tracking category (not understanding this part yet) https://github.com/rlankhorst/consent-api-example-plugin/blob/master/consent-api-example-plugin.php#L38

tsteur avatar Jun 24 '20 01:06 tsteur

@AertHulsebos any chance you could have a look at the questions above?

tsteur avatar Jul 16 '20 23:07 tsteur

Hi @tsteur,

Yes, the third parties are the best know examples, but as consent is required for at least non-anonymous tracking in most countries, and for anonymous tracking in others it applies to Matomo as well.

So in your case you'd need to check only for statistics-anonymous and statistics categories. If a user has configured Matomo anonymously, consent for statistics-anonymous is sufficient. If not, consent level should be 'statistics'. Assuming that with tracking you mean not anonymous statistics, I think this also answers your question regarding tracker.js?

For example, In the Netherlands, Complianz GDPR will set statistics-anonymous to true even before any consent is given, because these can be set without consent. In the UK, consent is necessary for this category as well.

To detect if the consent api is available, in Complianz GDPR I've used a wrapper function in the js file, like the one below. It will return the value from the consent api if available, otherwise return true.

/**
	 * wrapper to check consent for wp consent API. If consent API is not active, return true
	 * @param type
	 * @return has_consent
	 */
	function your_prefix_has_consent(type) {
                var has_consent = true;
		if (typeof wp_has_consent == 'function') {
			has_consent =  wp_has_consent(type);
		}
                return has_consent;
	}

Then you can just check this function

if (your_prefix_has_consent('statistics-anonymous')){
//do anonymous tracking
}

if (your_prefix_has_consent('statistics')){
//do not anonymous tracking
}

rlankhorst avatar Jul 17 '20 12:07 rlankhorst