Complianz Privacy Suite

Why online privacy testing tools are not accurate

Mathieu

Mathieu

Categories

Popular articles

Generating an Impressum

From release 4.4 onwards, Complianz Privacy Suite (Premium) offers a new document, the Impressum. The Impressum provides the required information for commercial websites that target

Read More
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

There are several websites, such as https://2gdpr.com/ and https://cookiebot.com, where you can do an online test to see if your WordPress website and cookie management system is compliant with the GDPR. Sometimes these websites give back a negative result, mostly if analytics cookies are being loaded before the visitor can give permission.

GEO IP and Guidelines per Region

Before explaining why this happens, you need to know that the Complianz GDPR/CCPA plugin works with GEO IP. That means the plugin dynamically uses the cookie laws and DPA opinions from the website visitor’s region.

So if the user’s region is United Kingdom (https://complianz.io/brexit-and-gdpr-the-new-ico-guidance-pecr/), consent is always asked for statistical and tracking cookies. In the Netherlands and France, however, first-party analytics and anonymous statistical cookies are allowed without asking for consent. Still, according to the German DPA, anonymous first-party cookies from Google Analytics are always forbidden unless you ask for consent from the German visitor (https://complianz.io/google-analytics/).

The Complianz plugin changes the banner, the legal documents, and the cookies it blocks based on where the actual visitors come from. This is a unique feature. For visitors from the United States, Complianz shows an opt-out banner and places all the cookies at once, in Canada the plugin follows the PIPEDA rules (https://complianz.io/canada-casl-and-pipeda/). In India, there is no regulation specifically governing the use of cookies, so a visitor from that region would not see a cookie banner at all!

About Online Tests

Now back to explaining why online testers such as 2gdpr sometimes come to the wrong conclusions. There can be many reasons for that. To name just a few:

1. Online testers do not work region-based.

They only use one set of rules, so there is no room for legal or regional exceptions. The cookies most testers find are from Google Analytics and Hotjar. Both services can be configured (by using the DPA guidelines) in a way that the data collected is considered to be anonymous. In most EU regions, it is allowed to load these before the visitor can give permission. Also, the draft e-Privacy Regulation does mention this as a valid use of cookies.

2. Some online testers have their servers based in non-regulated regions

For example: India, where there are no cookie laws, which influences the results when testing a website and plugin that uses GEO IP. Complianz thinks the visitor comes from that region and does not (by default) block the cookies or show a banner to that Indian visitor, as is expected behavior.

3. Uncontrollable & Unrecognizable

It is also possible that a website uses a plugin that places cookies in ways that a cookie management system can not detect and/or block before consent. If this is the case, the website owner should consider deleting the plugin or ask the plugin developer to implement the WP Consent API.

Related articles

Leave a Reply

Your email address will not be published.

Subscribe