@lbroermann opened this Issue on August 2nd 2018

Good day,

due to our goal to achieve GDPR compliance, we're trying to implement an opt-in procedure using a commercial cookie-plugin called "Borlabs Cookie" with our WordPress-Network.
We embedded Matomo with the following code/attributes:

<!-- Matomo -->
<script type="text/javascript">
  var _paq = _paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  _paq.push(['requireConsent']);
_paq.push(['trackPageView']);
_paq.push(['trackAllContentImpressions']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="//***/";
    _paq.push(['setTrackerUrl', u+'piwik.php']);
    _paq.push(['setSiteId', '1']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<!-- End Matomo Code -->

Tracking works fine, but Matomo creates _pk_id and _pk_ses at every session's start, also if we don't set
<script type="text/javascript"> _paq.push(['setConsentGiven']); </script> at the bottom of the page, using our plugin.
'rememberConsentGiven' is no option, since we want to use our WordPress plugin to handle opt-in/opt-out.

The support-pages weren't helpful as this doesn't seem to be the expected behaviour of "requireConsent". Could you please give me some advice on how to solve this problem?
Thank you!

@tobbecmd commented on May 5th 2020

I can confirm this is still happening in version 3.13.5.
_paq.push([‘requireConsent’]); has no effect and _pk_id and _pk_ses cookies are being set without calling setConsentGiven.

@lastant commented on May 11th 2020

Maybe there is another way to make sure Matomo tracking code is loaded only after consent is given? For instance, I tried to add the tracking code dynamically using JS, instead of hard-coding it into the HTML; but tracking wouldn't work this way for some reason..

@Findus23 commented on May 24th 2020 Member
@Sven74Muc commented on June 12th 2020

Any chance to get this fixed... after 2 years? With this matomo isn't really GDPR ready

@Sven74Muc commented on June 12th 2020

Maybe there is another way to make sure Matomo tracking code is loaded only after consent is given? For instance, I tried to add the tracking code dynamically using JS, instead of hard-coding it into the HTML; but tracking wouldn't work this way for some reason..

I tried an external consent Wordpress plugin called "GDPR Cookie Consence". This is placing the matomo code first if the user set the opt-in. No cookies will be set. After rejecting the opt-in the cookies will be deleted... Great, but... if the user set's the opt-in the matomo code will be placed and the cookis set. This is I think through a page reload. At the End I have 1 visit and 2 page views in matomo instead of 1 visit and 1 page view. :-(

@tsteur commented on June 12th 2020 Member

@Sven74Muc we might have a look into this in a few months.

@Findus23 commented on June 14th 2020 Member

I have moved this into 4.1.0 just so it doesn't get lost (as I think this would be really useful for being compliant with future privacy changes).

If someone else wants to contribute this feature, it would be possible to get it earlier.

@Sven74Muc commented on June 14th 2020

Think it is not only useful for being compliant with future private chances... it's needed today to be compliant.
Think it should be solved in 4.0, 4.1 is too late!

@Sven74Muc commented on June 14th 2020

If this is solved only in a few month (after two yearf of no change) I need to delete all matomo installations and have a look for another system.
My feeling is that this will not be changed in 2020 and also not in 2021... very sad. Matomo is a great system but with some issues like this (which are fundamental) it ios not usable.

@tsteur commented on June 14th 2020 Member

btw this refs https://github.com/matomo-org/matomo/issues/13056

I guess requireCookies would be calling disableCookies and then setConsentGiven would enableCookies (unless the user called disableCookies manually). since tracking consent != cookie consent so we cannot simply enable cookies if the user disabled cookies

@Sven74Muc commented on June 15th 2020

btw this refs #13056

I guess requireCookies would be calling disableCookies and then setConsentGiven would enableCookies (unless the user called disableCookies manually). since tracking consent != cookie consent so we cannot simply enable cookies if the user disabled cookies

No, cookies are not allowed to set before consent is given (opt-in). Calling disabledCookies is not GDPR conform. There will be much court rulings in the future. The other thing is trust.. Do you think a visitor trust that a disabled cookie is realy disabled? If a cookie is there it is there and you cant't controll what it is doing. The fact that it is there generates question, doesn't matter what law is saying.

@tsteur commented on June 15th 2020 Member

It's only how it would work internally. The user etc won't notice any of this.

@Sven74Muc commented on June 16th 2020

So I maybe missunderstood you. As long as before the opt-in no cookies are set in the browser of the user it is fine.
So I hope this solution comes now quickly after 2 years of waiting.

@Sven74Muc commented on June 18th 2020

How can we get this to 4.0.0 ??

@Findus23 commented on June 18th 2020 Member

How can we get this to 4.0.0 ??

The guaranteed way is by someone creating a Pull Request which contributes this change.

@Sven74Muc commented on June 18th 2020

Hmmm... this means I need to develope it? I'm not a programmer :-(

@tsteur commented on July 2nd 2020 Member

FYI I'll look into this in the next days and we're planning to have this in the next 3.X release

@tsteur commented on July 3rd 2020 Member

Apologies this took so long! I can totally understand any frustration. We'll do our best so this won't happen again.

I've worked on this and if anyone is familiar with patching files on a server then you could try to update your piwik.js, matomo.js, and js/piwik.min.js with this content and then give it a test: https://github.com/matomo-org/matomo/blob/74c86cc5ab97723774c0a93b1603b6cdb97cb7d2/js/piwik.min.js

@diosmosis commented on July 5th 2020 Member

Fixed by #16173

This Issue was closed on July 5th 2020
Powered by GitHub Issue Mirror