I just visited a site, with a modal consent message box, the kind you have to answer, and which is blurring/hiding the page content until you made a choice. Simple and clear information, and with a choice to accept or not cookies, and to accept or not personalized ads, no close icon, so the user really has to make an explicit choice. So all this looks fair and very well compliant with the GDPR... but... ads were loaded anyhow on the page, before you make a choice... and... if you refuse personalized ads, and also all cookies, the site continue to displays ads and personalized ads.. even if you refresh the page, or visit other pages of the site... I assume it's still in debugging phase ...

This is very similar to what I have in mind for my websites. Everything very compliant with GDPR but making the website almost unusable unless the user makes a choice. Just, I won't include the non-personalized ads option, at least until that won't be any longer as penalizing for revenues as it currently is.

Something else I noticed. On some major sites, which used to have cookie banners with very small font, are now updating their page layout, and use cookie banner written with a normal font size making them visible. I wonder if they received warnings/recommendations from Google.

Something else I noticed. On some major sites, which used to have cookie banners with very small font, are now updating their page layout, and use cookie banner written with a normal font size making them visible. I wonder if they received warnings/recommendations from Google.

I faced the same problem, I don't guess it's because some kind of recommendation from Google; it's just because they want to make their cookie banner as large as possible, so that the users can't going on reading your website's content without clicking on the banner (thus giving their consent to ads delivery)....

I also see more and more banners with a prominent EU flag. I wonder if it's a way to tell visitors "this annoying banner is the fault of the EU."... or may be just patriotism.

you must to change TOS from your website and make some settings in Adsense and will be fine!

... or may be just patriotism.

I don't see much patriotism in the EU. If they are patriot, its mostly about their country!

What do you think about this? (The results of the GDPR action could be that the ranking would drop)
[youtube.com...]

@dollarsound Exactly what I thought was possible and mentioned earlier in the thread. Some of the full screen modals being used for GDPR by some publishers are at best horrific on mobile and at worst simply don't work. Bouncy bounce.

Nice plug there for your video @dollarsound.

@steviec79 it's a cognitiveSEO's video, not mine.

I don't see much patriotism in the EU. If they are patriot, its mostly about their country!

Patriotism ..only applies to countries,..The EU is not a country..it is a grouping of countries, ( it is also not a federation ) one cannot be "patriotic" to a trading block as a whole , even one with some political, ideological, legal etc ties and commonalities between member states.

patriotic/patrɪˈɒtɪk,peɪtrɪˈɒtɪk/
adjective

having or expressing devotion to and vigorous support for one's country

One can be patriotic with regard to ones country of residence and or origin within that trading block.. one can also be "pro-European"...as very many of us are..some are not, they may leave.

Understanding of the meanings of words is important*..especially with regards to the GDPR..it is not at all "vague", ( although some do not understand it and others prefer to "misunderstand" it ) but it ( the GDPR ) is "legalese", which, to many who are not used to the legislative vocabulary, appears "complex"..

*One cannot communicate, either on fora , on websites, in speech or in legislation, if one takes the "Humpty Dumpty" approach to words..“When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean—neither more nor less.” “The question is,” said Alice, “whether you can make words mean so many different things.” “The question is,” said Humpty Dumpty, “which is to be master—that's all.”..that way lies incomprehension, misunderstanding, disputes, ( and the eventual possibility of trade wars (or other, violent ) varieties of wars.

patriotic/patrɪˈɒtɪk,peɪtrɪˈɒtɪk/
adjective

having or expressing devotion to and vigorous support for one's country

WebmasterWorld does not like "pronunciation guides" ( I forgot what that notation is actually called Lucy24 will maybe remind me / us ? )


Patriotism is also sometimes referred to as "the last refuge of a scoundrel"..make of that what you may.

Quick Question: Anybody not yet have a cookie popup on their site? (Ignore, if you do have).

Report Type -> Targetting Type

Is somebody knows if you are collecting, but not holding user's data - are you OK with GDPR? May the GDPR solution for Adsense lying in showing personalized ads in which after clicking on ad user forced to give a consent to visit the website from ad url? If he never did and didn't visit the ad's URL after clicking and facing with the consent window/message/form - Google's side automatically erases all user data. For example, such feature may be available to choose from Adsense account only for EU users as a setting. Sound fantastic, but it's interesting if it's possible.

Found an email today from someone saying they couldn't scroll down my (Insites) cookieconsent popup to hit the accept button on their iPhone! Think it is a one off judging as how my income hasn't fallen off a cliff.

It does seem to be a possibility though if you put enough text on it as the button is pushed down. This and the fact scrolling seems to scroll the page underneath and not the consent popup...

I've seen people who made shopping carts that did that , no way to hit "buy" as it was off the screen..maybe look at the size of the "div"? older iphones had pretty poor screen definition despite the "hype"..

or..move the buttons to the top left..nothing in GDPR says where the buttons "have to be" on "the notice"...the notice itself is probably ( I don't know for certain as I haven't looked at the insites one, the ones I use( not for adsense which I don't run, but for "carts"*, are "self rolled" )set to something like fixed top left with a z index in the high numbers.

*Don't really need "notices" for carts as they are covered under "necessary"..but I prefer to tell visitors that they'll get a cookie or some will risk having all cookies blocked, which means the carts won't function correctly, and sales would show the effect of "incompletes"..

IF $0 / €0 ad revenue = no ability to fund operations (staff/writers, hosting, etc)
AND IF no ability to fund operations = no viable website = no website / website about to be pulled down
THEN is "necessary" or "legitimate interest" an attribute of ads for an advertising-based content site
OR are advertisements "necessary" for the sustainability of the operation of the website? Just wondering aloud about some of the concepts of the regulation, such as "consent to process" and its timing. (The oft asked question about setting a cookie before consent, i.e., ads on a homepage / any landing page.)

One (wo)man's "I don't NEED that AD" is another (wo)man's "Well, I surely do or it's gonners for me and this site!".

Okay, back to muttering to myself as my lawyer's mind continues to contemplate the minds of the regulation writers and their regulatory language and WTH to do about that which seems just a little bit . . squishy . . unattached to so many realities . . overly broad in its reach . .

Sigh . . .

[edited by: Webwork at 6:40 pm (utc) on Jun 22, 2018]

Food for thought: What if you present a cookie notice AND, in the cookie notice itself, you embed "non-waiver" language stating that the notice is not an admission that consent is necessary or required nor an acceptance of the jurisdiction of the EU over your site . . . and embed a link to further specific non-waiver language . . including a reservation stating that absent a proper international treaty you, as a citizen of a non-member State of the EU, do NOT consent to jurisdiction of the EU over matters relating to your business operations situated outside the EU - even if EU citizens elect to access your site.

I expect an eventual international $hitstorm arising out of attempts to impose legal duties and liabilities arising from the unpredictable and uncontrollable flow of traffic on the W3, especially given some of the "logic" . . cough . . of the regulations that "protect" EU citizens sitting on a beach chair in Miami, USA.

"Tell me again how easy it is to block EU citizen traffic . . " I can hear some U.S. Supreme Court justice asking in some future enforcement or collection case.

Food for thought. As is often the case, bright ideas get revisited once the pot actually starts to boil and overflow . . or things start blowing up . .

If one was a lawyer with lots of free time on their hands, one could play those kind of games..but then the businesses on the other side could say, well in that case your laws re "sanctions"etc ( name any law upon which there are treaties or "consent" or agreement about what is legal or not ) don't apply to anyone not a US citizen..and if everyone did that, about every law, then things like fishing treaties , international air law, maritime laws, territorial waters , movement of materials ( including radioactive ) etc would be unworkable,each country could deny the others access to their airspace, maritime environments or ports, each could send their unwanted polluting materials into the others territories..etc etc ..international copyrights would not apply, the world would be free to pirate anything intellectual property include, any one could say laws do not apply to me..even from state to state within the USA.

Blocking traffic from the EU is easy ( apart from those using proxies )..I'd expect any judge to say that an EU citizen using a proxy to make a webmaster guilty of not blocking an EU citizen would count as "wilful entrapment" ( or whatever it is called ) and throw the case out..I doubt that the EU would ever try to bring such a case in those circumstances..

Of course Google, facebook, twitter etc could have just not got upto all the profiling and tracking, and then the little guys would not be suffering from a law designed to bring the big abusers to heel..

Not all of the abusers were US based either by any means, right up there amongst the worst of the trackers and profilers, Criteo, a French company willing to track anyone anywhere any time, and sell your private data to anyone any time anywhere.

You going to work "pro bono" or on contingency to test your idea ? Better be quick, a lot of it changes again with the next law ( that should have been released at the same time as GDPR ) which would have allowed the "accept cookie / don't accept cookie" choice to be set in the browser? I'd be amazed if any one outside of the GAFAM ( or the equivalent trackers and data slurpers ) get hit with GDPR before then..Then again we may all be in a worldwide trade war, or actual hot war by then.

Whew! I take nap for like ... 30 seconds ... and a zillion more posts have been made? :)

I think we are seeing exactly what GDPR is doing to adsense after a few weeks, ie. practically nothing. For most it should be business as usual UNTIL somebody "big" gets fined by the EU for PII. Else, right now, we have a lot of sound and fury and little reality involved.

Has any site yet been sanctioned by the EU for GDPR failures?

Meanwhile, use a little commonsense going forward. Protect your users PII in a way that can be produced and protected at the same time. That appears to be the biggest part of GDPR. Second part is compliance in removing records ... and lastly, dealing with the time frames involved on maintenance. Ecom sites will be the hardest hit for "legal" exposure, the rest not so much.

So far, my approach has been as follow:

Desktop and non-amp mobile pages
To block all scripts, ads, etc. until the user accepts my GDPR notice (which states that if you click on Accept, personalized ads will be served), this for both EU and non-EU users (for technical reasons, I can make this a lot better, I know)

AMP
To block all amp ads using Google's suggested code (amp-consent and all the related stuff) until the user clicks on Accept; this for UE users only, no notice at all for people outside EU

Akismet is likely operational on 20+ million WordPress websites. I see no reason to doubt that each of the 20 million sites has a data processing issue and data transportation issue, as both are implicated in Akismet's functioning.

Has Akismet addressed this? Umm . . Not that I have been able to determine.

[en.forums.wordpress.com ]

[wordpress.org ]

Tip of the iceberg. I've identified a list of >a dozen other issues that will make for a great deal of . . fun . . like the utter lunacy of making IP addresses "protected data" without really, deeply thinking through the scale of the problem / burden the EU has created by imposing a duty on literally every single website operator to dance to their tune.

Maybe it will be the very breadth of the EU's privacy protection hubris that will bring down the GDPR, as it begins to bear the financial burden of investigating or responding to millions of allegations of wrongdoing. One can only hope.

My take is that the UI on some sites has been shot to shreds, particularly on mobile. No idea what impact there is on bounce rates but some of the solutions being used are awful from a user perspective. I also note there are plenty of large sites (UK based) which are doing nothing or next to nothing. The picture is also muddied by having multiple devices / browsers and different offerings (e.g. amp) sitting alongside each other. It makes it impossible to remember whether you have already been shown a consent screen / banner or not. The current situation is a mess IMHO and not workable in the longer term. Cookies weren't designed to work in a multiple device world anyway so everyone would be better off if an advertising solution could be developed which didn't need them.

To people who have been dealing with GDPR by blocking off Europe, California passed it's version of GDPR today. It goes into effect in 2020. So we really need Google to step up with a solution to this.

[nbcnews.com...]

This could quickly turn into a total and utter farce. If California goes ahead with their own GDPR legislation in 2020, will other states also introduce their own GDPR legislation? We could end up with a mass of different GDPR legislation all around the world. Australia, New Zealand, Canada may also introduce their own laws and they will all be subtly different.

To people who have been dealing with GDPR by blocking off Europe, California passed it's version of GDPR today. It goes into effect in 2020. So we really need Google to step up with a solution to this.

From what I understand, California is very soft, and not really constraining. They just want people to be informed of the data being collected, with whom these data are shared, to have an option to op out, and to forbid blocking the access to those opting out. All this sound common sense to me.