Support » Plugin: Download Manager » Device Id calculated with IP

  • Hi Support!

    I noticed the following cookie using your plugin:

    __wpdm_client

    Also I figured out, that it’s set for every website visitor without giving consent. I think consent is needed from the current view of GDPR.
    Please see also here, using IP to generate device id:

    https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/__/Session.php#L25

    May I ask you to answer the following questions for me (and my clients):
    1. For what purpose is the cookie set?
    2. If cookie is not needed from the beginning, can a hook be provided to wait for user consent?

    Edit: Additional information: Using Version 3.2.40

    Many thanks and best regards,
    mrguenter

    • This topic was modified 2 months ago by Mario Günter. Reason: Added version information

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)
  • Thread Starter Mario Günter

    (@mrguenter)

    Additional information: Using Version 3.2.40

    Plugin Contributor Shafaet Alam

    (@shafayat-alam)

    Hi,
    It is no different than any other cookie with WordPress, so you can add the GDPR compliance/ask for user consent with standard cookie consent notice for your WordPress site.

    It is used to identify duplicate downloads and track user sessions.

    You can disable the __wpdm_client cookie by adding the following line in wp-config.php:

    define('WPDM_ACCEPT_COOKIE', false);

    Thread Starter Mario Günter

    (@mrguenter)

    Hi @shafayat-alam,

    thanks for your feedback and the possibility to disable the feature.

    You are right that the cookie of your plugin must be treated like any other cookie. According to ePrivacy Directive (Directive 2009/136/EC) Art. 66 in conjunction with Art. 6(1) GDPR, we consider the cookie set by your plugin as technically non-essential in the sense of the law applicable in the EU. It is used for tracking and processes personal data, which is why only Art. 6 (1) f GDPR (consent) can be considered as a legal basis.

    In practice, this means that the cookie may not be set until the website visitor has consented to it. Unfortunately, you currently only have the option to set the cookie (illegally) without consent or to disable the feature entirely.

    Could you please provide a hook that allows us to dynamically set the cookie depending on the consent of the website visitor or not?

    We would be happy to include a service template for your plugin in Real Cookie Banner, so that your WordPress plugin can be used with our Cookie Banner in a GDPR compliant way.

    We posted our support request on a support ticket from our customer, who asked us how he could use your plugin GDPR compliant with Real Cookie Banner.

    We would be happy about such a cooperation!

    Many thanks and best regards,
    mrguenter

    Plugin Author Shahjada

    (@codename065)

    Sure, we shall add a hook with the next update of the plugin.

    Thread Starter Mario Günter

    (@mrguenter)

    Hi @codename065

    Perfect. Please let us know what the name of the hook is and where it can be found in the code once the implementation is released.

    Many thanks and best regards,
    mrguenter

    Thread Starter Mario Günter

    (@mrguenter)

    Hi @codename065,

    are there any news regarding the hook for integration?

    Thank you very much and kind regards,
    mrguenter

    Plugin Author Shahjada

    (@codename065)

    Hi,
    The update is coming within this week.

    Thread Starter Mario Günter

    (@mrguenter)

    Hi @codename065,

    thank you for your response. Where can we find the update?

    Many thanks and best regards,
    mrguenter

Viewing 8 replies - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.