Support » Plugin: Custom Twitter Feeds » GDPR Compliance – Cookie usage

  • I’ve used Custom Twitter Feeds and the related plugins for Facebook and Instagram and think they’re great and would very much like to continue to use them. However, I have concerns about GDPR compliance of the Custom Twitter Feeds plugin in particular. I’ve read the sticky topic on this forum dealing with this issue – but I’m not satisfied that it deals fully with the problems around Twitter setting a whole host of cookies without user consent. This is additional to concerns about non-anonymized data being passed to Twitter without prior consent.

    This article sets out neatly the issues with regards to cookie placement in general: https://eugdprcompliant.com/cookies-consent-gdpr/

    It would be great if the Custom Twitter Feeds plugin could be made to satisfy the concerns set out in the above article, regarding explicit user consent for cookie placement, and the capability of revoking that consent. Ideally, it should be possible to substitute a message requesting user authorization in the space otherwise occupied by the feed, and only on user authorization would the contents of the feed be revealed, cookies set, and any personal identifying information passed to Twitter. There would also need to be a link at the bottom of the enabled feed allowing the website visitor the opportunity to revoke their consent.

    A big ask I know – but I can’t see how I can be confident of full GDPR compliance without these features.

Viewing 2 replies - 1 through 2 (of 2 total)
  • I’ve just come across this article, which puts things in a rather different light: https://www.iubenda.com/en/help/5525-cookies-and-eu-data-law-gdpr-requirements

    This statement is of particular relevance: “You are also not required to manage consent for third-party cookies directly on your site/app as this responsibility falls to the individual third-parties. You are, however, required to at least facilitate the process by linking to the relevant policies of these third-parties. These links should be accompanied by information related to the use, purpose, and type of cookies and, ideally, should be included in your cookie policy.”

    If this article is accurate, then, if I’ve understood things correctly, it’s isn’t necessary to block third party cookies, such as those generated by the Twitter feed, prior to consent being given.

    However, the above article deals specifically with the issue of cookies. It doesn’t deal with other data transferred to Twitter, that may be of a personal nature, and thus fall under the auspices of the GDPR, such as the IP address. So, prior consent, before tweets are displayed, may still be needed to satisfy GDPR.

    What a minefield!

    Plugin Contributor Craig at Smash Balloon

    (@craig-at-smash-balloon)

    Hey alarch,

    I would agree that GDPR can be quite overwhelming! We do have a short article on some suggestions: https://smashballoon.com/custom-twitter-feeds-gdpr-compliance/

    We also have a separate article you can link to to satisfy the other issue you mentioned: https://smashballoon.com/gdpr-and-our-plugins/

    Hopefully that helps!

    – Craig

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.