Feel free to move this if it sits better in another topic. I added it here as I assume most control of cookies is done with javascript.
I’m working on GDPR compliance and cookies and have a question about third party cookies.
The website embeds things like twitter feeds within the pages. This means that twitter cookies etc which track users behaviour are written to the browser.
I understand that we need to provide users the ability to enable/disable non essential cookies.
So my question is, Is it possible for our website to control cookies that the third party content is delivering?
I’m not a developer so any pointers would be most welcome.
GDPR is about personally identifiable data. If the tracking/analytics cookies aren’t storing data that can be used to identify an individual you don’t have to ask a user. E.g a cookie from a 3rd party site that literally just counts how many times a page is viewed with no other information wouldn’t need any permission.
Some platforms enable you to turn bits off. So google analytics for example allows you to disable demographics/remarketing and anonymise the users ip. You could then have some tracking data and if you then ask the user if it’s ok to be personally tracked you can then enable full tracking. That way you always have at least some analytics even if the person says no to full tracking.
Facebook and twitter though i think (i could be wrong) don’t easily have a way of anonymising the user so you would have to have it disabled to start with and ask the user if its ok to turn it on. The control you would have in this case would simply be turning it on or off. This could be done with PHP or suchlike but would require a page reload. Javascript wouldn’t need the page reload so would probably be a better bet. You’d then just set a cookie to remember that user said it was ok so when they return you don’t have to ask again.