WP Brizy Cookie Information (Storage & Funktion)
Hello my Browser shows me you are including the folowwing cookies on the my WP Page. Can you tell me how long you store them and how you use them?
- brz-firstVisit
- brz-showedPopupsInSessionTimeLine
- brz-sessions
- brz-lastVisit
- brz-pagesViews
- brz-pagesViewsInSessionTimeLine
I need this information to put it in my Cookie Page for our Website visitors.
Thank you!
Greetings
Susanne
-
Hi Michael,
We have added a document to our Knoweldgebase about Brizy WP cookies. Please check out https://support.brizy.io/hc/en-us/articles/7421688586385-What-cookies-does-Brizy-WordPress-store-
Instead of cookies, Brizy WP uses LocalStorage. Please refer to this article to understand the difference between LocalStorage, SessionStorage and Cookies. https://www.xenonstack.com/insights/local-vs-session-storage-vs-cookie
0 -
In Germany, a new Data Protection Act (TTDSG) has been in force since December 2021, which extends the scope of the GDPR. According to the TTDSG, the obligation for user consent applies not only to classic cookies, but also to local storage and session storage.
See:
and:
Usercentrics and local storage
User consent can only be waived if the use of local storage is essential for the function of the website. Whether the function of pop-ups is to be regarded as essential has not yet been decided by the courts.
So the risk of being penalized for a Brizzy website remains, at least in Germany.
It would be desirable if there was an option to disable the use of local storage in Brizzy. Many websites do not use popups and should work without local storage. It would also be desirable if in the Brizzy support document it is mentioned that the used local storage is considered essential.
I think it would be great if Brizzy would better support its users regarding GDPR, like Elementor does for example:
Elementor: How to Make Your Website GDPR Compliant
Uli
0 -
Is there any way to prevent Brizzy from using local storage by any consent tool?
Uli
0 -
Hi Ulrich,
As I understand, you do not need user consent if a website stores anonymous /impersonal data. You need consent when storing personal data and when transferring it to a country outside EU. Since Brizy LocalStorage does not collect personal data and since it does not transfer data to any server anywhere in the world, I wonder if user consent would be mandatory. Please look into this.
We already have a request to avoid using LocalStorage when a website does not use popups. We will implement this sometime in the future.
You may find this Feature Request about Elementor GDPR compliance interesting: https://github.com/elementor/elementor/issues/4544
0 -
Hi George,
according to §25 (1) TTDSG, consent is mandatory if data is stored on the user's device, regardless of what kind of data it is and whether it is transferred or not. This part is clearly and unambiguously regulated in the law. The TTDSG is an implementation of the GDPR in German law.
The only question that has not yet been clearly answered is whether the functionality of popups is essential for a website or not. Only if the popups are essential for the functionality of the website, consent for storage may be waived. As long as this is not clarified, German Brizzy users definitely want to do without local storage. Please prioritize this functionality in your timeline.
Uli
0 -
Hi Ulrich,
I think it is important to interpret a document like the TTDSG document you have hyperlinked above, in the larger context of user's privacy. GDPR and TTDSG is primarily about protecting the privacy of the users. These two laws are not concerned about impersonal/ anonymous data of a user. GDPR/TTDSG will apply to a situation when you are dealing with user's personal data. Have a look at how GDPR defines personal data here https://gdpr-info.eu/issues/personal-data/
0 -
Hi Ulrich,
This is a comment from Aert from Complianz in the first page of this post. You may find this useful.
0 -
Hi George,
I know this comment from Complianz. Please note that this statement is one year old, older than the TTDSG, which has been in force since December 2021.
According to TTDSG, it does not matter what kind of data it is, whether personal or anonymous statistical. Storage on the user's device is only permitted without consent if this is essential for the function of the website. And it makes no difference which storage technology is used, cookies or local storage or session storage.
Why does cookiebot.com still judge every Brizzy Website as not GDPR compliant? This is the result from a WordPress Website with no content and Brizzy and Brizzy Pro Plugin activated:
The reason for this result is, that the stored data on my device is categorized as "Marketing" by Cookiebot:
"Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers."
Obviously this judgement is not correct. This is a big problem, not only for website owners, but especially for agencies that want to use Brizzy. Cookiebot.com is the most popular service for checking GDPR compliance! Customers use cookiebot.com to check their websites! Why can't you get in touch with Cookiebot.com and discuss this result?
If you cannot develop a common understanding with cookiebot.com, please give us the opportunity to disable the functionality of the popups. I hate popups anyway.
By the way: After deactivating both Brizzy plugins you get the result, you want to see:
0 -
Hi Ulrich,
Cookiebot and Cookie Database judge your website as non GDPR compliant because they have incorrect data about Brizy LocalStorage in their database. We will submit Brizy WP LocalStorage details to these two companies so that they can cleanup the errors in their database and make their GDPR compliance test more reliable/accurate.
0 -
Great! Please stay tuned to this topic. We have hardly made any progress here for two years.
0 -
Hi Ulrich,
I have written to both Cookiebot support and Complainz support sharing with them our LocalStorage declaration document and requesting them to update information about Brizy LocalStorages in their respective databases. I have received automated replies with ticket numbers. We will wait for their response.
0 -
Hi Ulrich,
Complianz has updated details about Brizy LocalStorages in their CookieDatabase. If you do a GDPR compliance test using this plugin, it shows Brizy LocalStorages as GDPR compliant.
0 -
Ok, this looks good! Any news from cookiebot.com?
0 -
Hi Ulrich,
I have been in communication with Cookiebot Support. They had asked me to update details about Brizy localstorages in my cookiebot dashboard. I did it and in my dashboard, all details about the Brizy localstorages are up to date. You can see it here. https://jmp.sh/z7ZxvRx
However if you do a GDPR compliance test at https://www.cookiebot.com/, the compliance report still misrepresents Brizy localstorages and provides incorrect assessment. At the moment, I am not sure if they have a reliable process for correcting errors in their database. I am still waiting for a reply to my last communication with them.
0 -
Hi Ulrich,
Cookiebot has updated their database about Brizy localstorages. Thanks to their support team for the cooperation.
I have carried out a test on https://gdpr.kctest.online/. Their report says that this website is GDPR compliant. In the detailed PDF report, they have categorized Brizy cookies as Statistics (earlier it was Marketing). Here is the PDF report https://jmp.sh/jqFsfck Here is the Email: https://jmp.sh/u8JTOtw
The PDF report says that the cookie data is sent to the United States. This is not a reflection of reality. At least the overall compliance report is positive.
0 -
Hi George,
unfortunately I can not confirm your results. I tested three different Brizy sites, one of them completely empty with no content. All sites were judged not GDPR compliant by cookiebot.com
6 cookies were identified, which do not comply with GDPR:
0 -
Hi Ulrich,
Can you please add a GDPR compliance plugin to https://schirms.de/ and check again?
0 -
Hi George,
what exactly do you mean with "GDPR compliance plugin"?
Uli
0 -
Hi Ulrich,
I meant one of these plugins. In my test website https://gdpr.kctest.online/, I used Cookiebot
0 -
I tried the Cookiebot plugin with the most restrictive standard settings. But I still get the same result from cookiebot.com: The site is not GDPR compliant.
By the way: I don't want to use consent tools! I want websites, which comply with GDPR without any user consent!
Uli
0 -
Hi Ulrich,
If you look at your previous report, the reason why they said your website is non compliant is because of no prior consent on other than strictly necessary cookies. This happened to my test website as well. However when I installed the consent plugin their compliance report turned positive. I also do not use any Google hosted fonts in my test website.
0 -
Hi George,
in your privacy statement you have declared the data, which is stored, as "statistics (anonymous)":
As you said, any website which stores data other than "strictly necessary" is considered noncompliant by Cookiebot regarding ePR.
So: Any Brizy website does not comply with ePR as per your own declaration (statistics). In my opinion, all data fields with relation to popups should be declared as "strictly necessary", not "statistics".
Also: Brizy should comply with GDPR and ePR out of the box, without use of any third-party plugins!
I suggest you declare all data fields as "strictly necessary" and let Cookiebot evaluate it again. Or even better: Provide an option to deactivate popups completely.
May I remind you of this:
0 -
Hi Ulrich,
Can you give me access to https://schirms.de/. Let me see if I can make it GDPR compliant based on the test at https://www.cookiebot.com/
If you would like me to do this, please add me as a user to your WordPress Dashboard. My email: kc.george@brizy.io. Please enable the option "Send the new user an email about their account" as in this screenshot https://jmp.sh/sOSGGR3
Once you have sent me an invitation, please let me know here.
0 -
Hi George,
I've sent you an invitation.
Greets,
Uli0 -
Hi Uli,
I have made the following changes to your page https://schirms.de/
- Imported a Brizy layout to make it closer to a real life webpage
- Setup Cookiebot plugin for consent. (The plugin was installed but was not fully setup earlier)
- I have replaced Google hosted fonts with local fonts.
After making the above changes, I did a compliance test at https://www.cookiebot.com/ . Please see the attached reports
- Compliance Summary: https://jmp.sh/Oy3ZjuY
- Compliance Details: https://jmp.sh/9MSop54
The report says "Your website is: Partly compliant". The reason for partial compliance is that
Prior consent on other than strictly necessary cookies (ePR) was not obtained
Prior consent for other than strictly necessary cookies is a requirement for ePR. Hence https://schirms.de/ may not be ePR compliant as per this report.
However as per GDPR article 6 https://gdpr.eu/article-6-how-to-process-personal-data-legally/, you can process personal data of a user if at least one of the following 6 conditions are fulfilled:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
As you can see GDPR is concerned only about personal data and it does not say anything whatsoever about "other than strictly necessary cookies". Please have a look at GDPR article 5 as well. https://gdpr.eu/article-5-how-to-process-personal-data/
As per the attached reports, you can say https://schirms.de/ is GDPR compliant (however not ePR compliant)
0
Please sign in to leave a comment.
Comments
85 comments