Uncode is a flexible WordPress theme that can use (depending on user choice) external services like YouTube, Vimeo, SoundCloud, Spotify, Google Fonts, Twitter, Facebook and Tracking codes. All these popular services use cookies and scripts that send personal data, such as the IP address, to the provider of the service in exchange for the free service offered (this is the same thing that happens when you use the YouTube website, etc.). According to the new GDPR legislation, a user must agree through explicit consent before these services are used and before each type of personal data is processed.
Let’s try to understand. When you use a service like Google Fonts, Google Universal Analytics, YouTube, Facebook, or Twitter on your website, some personal data (usually your IP address) is sent to the provider in exchange for the free service offered. This data is then used to create targeted advertisements. Suppose that on your website’s home page, you use a YouTube video as the background for your main header. When this video is watched, some personal data about the viewer is sent to service provider (YouTube). It’s not compliant with the GDPR to simply include the video and communicate to the user that it's possible to disable it. After all, by the time the page loads, YouTube (in this example) has already collected some personal data.The GDPR stipulates that users will first have to provide approval through consent before any data is processed. Obtaining this consent needs to be of the utmost importance.
For this reason, we have developed the Uncode Privacy Plugin. When this plugin is installed and properly configured, it’s possible to block usage of third-party services up to the explicit consent of the user. Note that the use of this plugin is not mandatory. It's website owner chose to evaluate whether to use this plugin based on geographic target, the type of content offered and the type of compliance to GDPR each intends to implement. However, it’s our intention to provide our customers with all the tools needed to be compliant with the new terms imposed by GDPR.
Privacy Plugin demo
To better understand the features of this plugin and the Uncode’s implementations, we created on our official website a page that can help to understand the functionality. In this page, there are videos, embedded and as background, and some audio elements, as embedded. When accessing the page, it will not be possible to display these items because the consent was not expressly stated. When the privacy preferences open, and you set the related consents, the page will be reloaded and it will be possible to view all items.
Privacy Banner and Preferences
- Privacy Banner
When the plugin is installed and correctly configured, a banner, with a notification that informs the user that the site makes use of cookies and third party technologies, will appear on every page of the site. The message can be configured by the user according to own needs. From this banner, it’s possible to open the privacy preference, where the user can accept and approve all consent required, screenshot . - Privacy Preferences Manager
Clicking on 'Privacy Preferences' is possible to open the Privacy Preferences Manager. From this window, users can set specific consent and update their own settings, screenshot .
General Settings
This section handles the settings for the Privacy Policy Page link, the Privacy Banner text, the Privacy Excerpt text and the Consent Notice text screenshot :
- Privacy Policy Page
If selected enable the link to your Privacy Policy page in the Privacy Preferences Manager. If you do not have a Privacy Policy, you can generate one through the many free tools online. Anyway our suggestion is to consult a legal expert or use a convenient tool such as Iubenda. - Privacy Banner Text
In this field, please insert the Privacy Banner text. If the Privacy Banner Text is not filled out, the Privacy Banner will not show up. - Privacy Excerpt Text
In this field, please insert the Privacy Excerpt text, it will be visible in your own Privacy Preferences Manager. - Consent Notice Text
In the Consent Notice Text, please enter the fallback notice text that will be shown if the user has not enabled a consent. In this field, it is desirable to insert a link to the Privacy Preferences Manager, to change the settings. We have therefore inserted a convenient shortcode[uncode_privacy_box] Privacy Settings [/uncode_privacy_box].
Consents
In this screen, you can configure the consents for your site. In Uncode, you have defaults consents that enable you to use the fallback functions for all native elements. To add one consent verification, please enter one of the following names (IDs). Pay attention to name your Consents IDs exactly as directed, it's important to respect the same IDs (name), screenshot :
- YouTube
- Vimeo
- SoundCloud
- Spotify
- Google Fonts
- Tracking
Fallbacks
In Uncode you have fallbacks for all native elements that send personal data to third-party services, so as to make the user experience conform as much as possible to the original design and make it at the same time aware of new terms/options arising from GDPR. These include:
- YouTube or Vimeo video background:
If the site uses a YouTube or Vimeo background video, and consent has not been confirmed, this video will not be visible. Uncode will use as fallback the Media Poster applied to the video. If a video background is fundamental for the user experience, it is of course recommended to use a self-hosted video that does not imply the execution of scripts by third parties. - YouTube, Vimeo, SoundCloud, Spotify, Twitter and Facebook embeds
If the site uses a YouTube, Vimeo, SoundCloud or Spotify embedded element, and consent has not been confirmed, the embedded material will be not visible. Uncode will show a notice, stating that the content cannot be presented for privacy restriction, with a link to open the Privacy Preferences, screenshot . - Google Fonts
If the site uses Google Fonts, and consent has not been confirmed, Google Fonts will not be shown on the site. We remember when you use Google Fonts, via the Google API, that some personal data are sent to Google in exchange for the free service offered. Our suggestion is to start using self-hosted fonts solutions. In fact, it’s possible to also use Self-hosted Google Fonts installed on your server without using the Google API. If interested, please follow the dedicated documentation. If anyway you plan to use this method is suggest to specify the Fallback Font in Theme Options → Customise → General. - Tracking
If the site uses some tracking codes inserted in the Theme Options → CSS/JS > Tracking, and consent has not been confirmed, the tracking codes will not be inserted into the pages. Please note that with tracking codes we refers more 'aggressive' tracking codes like Facebook Pixels.
Active by default
This option was introduced from Uncode Privacy version 1.1.0 to follow up requests of our customers, who requested this option to have more flexibility. With this option it's possible enable all or specific consents by default on page load. It's important to note that to be strictly compliant with the terms, consents must be activated by the user and not activated by default. Don't use this option if you want to be compliant with the terms imposed by the GDPR legislation.
Uncode WPBakery Page Builder Consent Logic
A new interesting feature is the Consent Logic. With the Consent Logic you can include or exclude WPBakery Page Builder rows based on the user's consent. This is convenient if you use extra modules or plugins that send or collect data. When the Privacy Plugin is active and you have defined at least a consent, in each row and inner row you have a new 'Consent' tab. If you want to include or exclude a row, based on user's consent, you just need to set the consent and define the 'Include' or 'Exclude' options, screenshot .
- Exclude:
If a specific consent is confirmed the row is excluded from the page, otherwise is included. - Include:
If a specific consent is confirmed the row is included from the page, otherwise is excluded.
Let's assume you have in your page an extra plugin that sends personal data (ex: Instagram, geolocation Map, Facebook module, etc), with the Consent Logic you can exclude this row until consent is given and include another row (when consent is not given), screenshot .
You can create the fallback content manually or by using the new Consent Notice module (easy fallback) inside a row with Consent Logic option applied, screenshot .
Shortcode
If you need to use media from extra services that send data in your text using the native WordPress editor (for example, a video inserted in an article without Page Builder), we have also created a simple shortcode you can benefit:
[uncode_privacy_consent id="youtube" logic="include"]Your Media[/uncode_privacy_consent]
Cache Plugins
It’s important to highlight the changes regarding the use of cache plugins. If you want to take advantage of the GDPR features please note that it is no longer possible to use an aggressive cache that convert all pages of your site into static content. For example, a page containing a video must vary (be dynamic) depending on whether consent is expressed or not.
In Uncode, if you use WP Rocket, you can automatically exclude from cache pages that have a consent dependant element and the consent is active. The page will be not served as cached page and may vary based on user choices. To activate this feature paste this code in your Child Theme functions.php:
<?php
add_filter( 'uncode_checking_consent', 'uncode_append_to_consent', 10, 2 );
function uncode_append_to_consent( $bool, $consent_id ){
add_filter( 'do_rocket_generate_caching_files', '__return_false' );
};
If you use other good cache plugins you should have an option to exclude selective pages from the cache, alternatively you can use the function above with the proprietary filter of your plugin.
For developers
If you need to implement a custom consent and code some actions based on this consent you can use a function like this:
if ( uncode_toolkit_privacy_has_consent( 'your-custom-consent-id' ) ) { // We have the consent, so run my custom code } else { // We don't have the consent, show a fallback }
The same function is available in Javascript:
(function( $ ) { $(document).ready(function(){ if ( uncode_toolkit_privacy_has_consent( 'youtube' ) ) { console.log( 'We have the consent!' ); } else { console.log('No consent'); } }); })(jQuery);
Open the Privacy Preferences with custom methods
If you need to open the Privacy Preference window from your Main Menu or from a custom button, just use the class 'gdpr-preferences' in the appropriate class option of your menu item or of your button module.
Privacy Plugin and WPML
If you need to translate elements of the Privacy Banner and Preferences window of the Uncode Privacy plugin, please go to WPML → Theme and plugins localization and scan the plugin Uncode Privacy.
Then go to String Translation and look for those domains:
- admin_texts_uncode_privacy_consent_types
- admin_texts_uncode_privacy_cookie_banner_content
- admin_texts_uncode_privacy_cookie_privacy_excerpt
- admin_texts_uncode_privacy_fallback
Translate Privacy Plugin terms
If you need to change Privacy Plugin terms like 'I Agree', 'Privacy Preferences', 'Save Preferences' or 'Privacy Policy', you can use a dedicated localization plugin like Loco Translate (which gives you the possibility to create your own translations or modifications to text strings), or modify them with the 'gettext' filter. For example, you can use this script in the functions.php file of your Child Theme:
add_filter( 'gettext', 'uncode_support_gettext', 20, 3 ); function uncode_support_gettext( $translated_text, $text, $domain ) { switch ( $translated_text ) { case 'I Agree' : $translated_text = 'Whatever you want'; break; case 'Privacy Preferences' : $translated_text = 'Again, what you prefer'; break; case 'Save Preferences' : $translated_text = 'Etc. etc.'; break; } return $translated_text; }
Important
It’s important to note that it is the responsibility of every company or website owner to prepare their sites for GDPR compliance. It is not the duty of any framework used to create and manage a websites compliance, solely. In almost all cases a lot of manual fine tuning will be needed. Generally speaking, that means there is no use in asking “Is WordPress GDPR compliant?” or “Is Uncode GDPR compliant?”. For example, Uncode itself will never be violating the GDPR criteria as it does not collect any data. It is a powerful tool to create websites, and the end users website is what will collect data and the data collected will be different for every use-case.
Activating this plugin does not guarantee that an organization is successfully meeting its responsibilities and obligations of GDPR. Organizations should assess their unique responsibilities and ensure that extra measures are taken to meet any obligations required by law and based on a data protection impact assessment.
https://support.undsgn.com/hc/en-us/articles/360000911529#record-logs
Uncode 2.5.0.4 Options and Record Logs
Because consent under the GDPR is such an important issue, for some legislations is becoming mandatory that you keep clear records and that you're able to demonstrate that the user has given consent; should problems arise, the burden of proof lies with the data controller, so keeping accurate records is vital. For this reason, from version Uncode 2.5.0.4, we have inserted a new set of options useful to save every consent given by registered and guest users in the database.
New options
- Accept Button Type
This option allows accepting all consents with a single click. Please note that this option is not strictly compliant with GDPR (because a dedicated option must accept every consent), but it has been inserted at the request of Uncode users who needed this option for a more straightforward solution. - Show Reject Button
This option allows rejecting all the consent with a single click. With this option, a new button to reject consents will be shown in the banner. Please note that this option is mandatory according to the legislation of some countries (e.g., Italy as of January 10, 2022). - Record Logs
Through this option, it's possible to activate a new set of advanced features for recording consents. In fact, according to GDPR, it is necessary to save proof of the consent given by the user. Therefore, activating this option, the consents are saved in the database, and a new tab 'Logs', is shown where you can search and filter according to multiple parameters. - Record Type
With this option, dependent on the 'Record Logs' option, you can choose whether to save the consents of registered users only or all visitors. Please note that to be perfectly compliant, it would be necessary to record all visitors. This involves a considerable increase in the data saved because it keeps track of the consents of each user who visits your site.
Logs Tab
Use this tab to search through 5 different types of parameters for records in your database, screenshot :
- Username
Use this option to search in the database the consents of a registered user; - Email Address
Use this option to search the database for the consents of a registered user; - IP Address
Use this option to search the database for consents knowing its IP; - Session Cookie
Use this option to search in the database the consents knowing a Session Cookie, screenshot ; - Date
Use this option to see all the consents recorded in a specific date range.
Export Personal Data
If you decide to enable Record Logs, you can automatically export registered users' consent data from the native WordPress tool. Please navigate to the WordPress primary sidebar to Tools → Export Personal Data.
Comments
0 comments
Article is closed for comments.