Complianz Privacy Suite

Developers guide for Third-Party integrations

Rogier Lankhorst

Rogier Lankhorst

Categories

Popular articles

Editing Legal Documents

The legal documents are generated by the Wizard and will show up under ‘Pages’ with a shortcode in the content. This shortcode is used to

Read More

CNIL updated privacy guidelines

While the much-anticipated ePrivacy directive seems to be postponed for some years, local Data Protection Authorities formulate their statements, which provide us with concrete guidelines

Read More
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Needless to say, Complianz is one of the best tools there is to get a site compliant. 🙂

A lot of tools out there only show a cookie banner. You will get a notice, but cookies are already placed on the visitor’s computer. Assuming you’re a developer reading this, you will probably think “yes, but this is WordPress, how can your plugin prevent other plugins from placing cookies?”. We’ve managed to resolve this problem for most third party services by brute force blocking the entire javascript from services like Youtube, Google, etc. Additionally, a growing number of plugins are actively integrated.

The majority of WordPress plugins place functional, essential cookies. This approach makes sure we’ve covered about 90% of cookies. Still, if another plugin we don’t know about places tracking cookies, we can’t prevent that.

If a user encounters such a plugin or service, he can add it to his script center. If this unknown service is reported to us, we will implement it in the integrations list in the plugin. But you, as a developer, can also help us make more sites compliant as well as we can. There are several approaches you can take. It will depend on your actual code, clientside, serverside, third-party scripts, etc., what method you’ll need. As we actively seek to enlarge our integrations list, we’re always happy to help you with this.
Just drop us a message!

The Complianz integrations filters

In complianz/integrations/plugins you will find a list of plugins (if detected) that are integrated. The user can enable or disable integrations here. To add your plugin to this list, you can either send us the code, or contact us so we can work together on the integration. It’s often just a few lines.

For a user friendly integration, it needs to be added to this list of plugins, to give the user full control. There are three steps in the integration process

  • Add your plugin to the settings page
  • Tell Complianz where it can find the file
  • Add the actual scripts that will tell your plugin to wait until consent is given.

Let’s walk through these one by one.

Allowing users to enable or disable integrations by adding it to the settings page

If you look at the integrations page in complianz/integrations/plugins, you will see a list of checkboxes for each plugin that has been detected. This makes it explicit for a user that there is an actual integration, and it allows the user to disable or enable the integrations. All plugin integrations are enabled by default.

To add your plugin to the list, just use this filter. In this example, we’ve added the user-integration plugin:

add_filter('cmplz_integrations', 'my_cmplz_integrations');
function my_cmplz_integrations($plugins){
    $plugins['user-registration'] = array(
        'constant_or_function' => 'UR_VERSION',
        'label' => 'User Registration',
        'condition' => array('privacy-statement' => 'yes'),
    );
    return $plugins;
}

The constant_or_function key should get either a constant, or function which only exists in your plugin. The label is used for the settings page. The condition is not required: for example, the condition above makes sure the integration only activates when the user has enabled the privacy statement.

This will add the plugin to the integrations page, and will allow the user to turn it off or on.

Tell Complianz where the file is located

The final step is to tell the integrations feature where to find the code. For plugins shipped with Complianz itself, it will look in the plugin folder, in integrations/plugins/user-registration.php (for the above example).

If you want to add the integration from your plugin, you’ll need to change this path. To do that, we will use a filter that overrides the path to the integration:

add_filter('cmplz_integration_path','my_cmplz_integration_path', 10, 2);
function my_cmplz_integration_path($path, $plugin){
    if ($plugin === 'user-registration'){
        $path = 'my-plugin-path'.'/'.'my-integrations-file.php';
    }
    return $path;
}

The actual integration code

In the file that contains the integration, we now need to add some script. Of course, it depends on your plugin how it should actually integrate, you can look for examples in the integrations/plugins folder in Complianz GDPR.

PHP: Block loading of javascript until consent is given

Often Complianz will prevent cookies from being placed by setting a javascript to text/plain, then activate it again when the user consents. You can leverage this functionality yourself by adding a filter. Of course, this requires the script not to get minified by a caching plugin. Otherwise, Complianz will not recognize the script. If it’s an inline script, it will always work, as long as the string can be found in the inline script. This is the way we implemented the integration with Tidio Live Chat for example:

add_filter('cmplz_known_script_tags', 'cmplz_tidio_live_chat_script');
function cmplz_tidio_live_chat_script($tags){

    $tags[] = 'document.tidioChatCode';

    return $tags;
}
You can do the same with iframes
add_filter('cmplz_known_iframe_tags', 'cmplz_geo_my_wp_iframetags');
function cmplz_geo_my_wp_iframetags($tags){
    $tags[] =  'apis.google.com';
    return $tags;
}

Javascript: Use cookies placed by Complianz

You can check the cookies placed by Complianz for the current consent status. There are several cookies, and this one is the most important for your purpose:

complianz_consent_status

This cookie has the value “allow”, “deny”, or “dismiss”. If you want to place tracking/marketing cookies, you can do this when the value of this cookie is “allow”.
If you want your javascript to hook into the consent actions, you can use our hook to fire your scripts:

$(document).on("cmplzEnableScripts", myScriptHandler);
function myScriptHandler(consentData) {
console.log(consentData.consentLevel);
if (consentData.consentLevel==='all'){
//do something that requires marketing level consent
}
}

If you want to hook into the moment that the banner is entirely loaded, you can use the cmplzCookieWarningLoaded hook.

$(document).on("cmplzCookieWarningLoaded", myScriptHandler);
function myScriptHandler(consentData) {
    console.log(consentData.consentLevel);
}

PHP: Let Complianz place your cookie

The other way round is also possible: let Complianz place a cookie when consent is given, which tells your plugin that it can place cookies. We’ve used this approach to integrate with WP Google Maps widget, which does have a GDPR implementation, but not very slick looking. We used the plugin’s filters to replace the blocked version of the maps with our own beautiful placeholder, then let Complianz place a cookie which tells the plugin that it’s okay to render the map.

/**
 * Add cookie that should be set on consent
 * @param $cookies
 * @return mixed
 */


function cmplz_wp_google_maps_add_cookie($cookies){
    $cookies['wpgmza-api-consent-given'] = array( '1','');
    return $cookies;
}
add_filter('cmplz_set_cookies_on_consent',  'cmplz_wp_google_maps_add_cookie');


/**
 * Add placeholder to the list
 * @param $tags
 * @return array
 */
function cmplz_wp_google_maps_placeholder($tags){

    $tags['googlemaps'] = 'gmw-map-cover';

    return $tags;
}
add_filter('cmplz_placeholder_markers', 'cmplz_wp_google_maps_placeholder');

This list is certainly not complete yet, and each implementation will require its own approach. If you need any info or have a suggestion for our own code that can improve integrations, let me know!

Related articles

Leave a Reply

Your email address will not be published.