As you may know, since April 25th the new General Data Protection Regulation is applicable whenever an EU citizen navegates at our websites. Among other things, GDPR deals with privacy issues related to cookies. If they are used for identifying and tracking the user, he or she must have a possibility to opt-out. E.g. prevent that such cookies are placed in his browser.

With third-party blocking set, Addtoany still uses at least two cookies. So my suggestion is to include some mechanism in this module that facilitates opt-out.

There is an on-going work for a similar issue in the Google Analytics module, where we are trying to make the Google cookies obey the functionalities of the EU Cookie Compliance modules, c.f. related issues.

I have set issue priority to "major", since this is an important legal issue.

Comments

Mikael Berger created an issue. See original summary.

cri2mars’s picture

cri2mars commented

i agree, it's an important feature

micropat’s picture

micropat commented
Priority: Major » Normal
Status: Active » Closed (works as designed)

AddToAny core is actually compatible by default with GDPR on publisher sites.

Cookies set, such as the uvc boolean cookie and Cloudflare's __cfduid security cookie, are exempt under the legislation.

mikael berger’s picture

mikael berger commented

Oh, that's great, thanks for the information.

cheope’s picture

cheope commented

Yes, it's compatible, but to be fully GDPR compliant I think you'd better enable the "Disable 3rd party cookies" additional option in AddToAny configuration.
If you leave it disabled and test your website with any cookie tracker, you see doubleclick and youtube cookies set.
And GDPR says that you MUST collect users' consent before setting any cookie (except internal, like session or technical ones).
That's why some modules, like Google Analytics, try to integrate solutions with EU Cookie Compliance .
Hope it helps ;-)

micropat’s picture

micropat commented

If you leave it disabled and test your website with any cookie tracker, you see doubleclick and youtube cookies set.

@cheope Those are definitely not from AddToAny. Be sure to trace those cookies back to the source — quite possibly a YouTube video embed?

The old "Disable 3rd party cookies" option is actually redundant in 2018 — the preference remains in case anything changes in the future.

While on the subject, better advice re: GDPR is to avoid placing "official" buttons such as Facebook "Like", Twitter "Tweet", etc. These official buttons were never enabled by default, but it's worth mentioning. :-)