Yeah, that’s why it’s called “Opt-Out-Plugin”. If it would only load Google Analytics once the users has accepted it, I would have called it “Opt-In-Plugin” 😉
As far as I know this method is GDPR compliant: users needs a possibility to opt-out. But I guess it depends on other things too (IP anonymization, etc.)
Thread Starter
Tachi
(@aytacbalci)
I’m not a legal expert and the main thing you mainly hear about GDPR is: privacy by design and privacy by default. With that in mind I would say that opt-out is not privacy by default. So, I don’t think your plugin is GDPR compliant. I think your plugin should be an opt-in plugin to be GDPR compliant.
Some background information.
I’ve read a recent article about GDPR compliance of the 150 most popular websites in the Netherlands. Two third did not comply. Some site were already tracking, before you could say yes or no. On some site you have to accept everything to be able to enter the website. All or nothing is also not allowed with GDPR.
I wouldn’t say so. What I’ve heard is that it’s allowed if there are “legitimate interests”. Whatever that means. So if someone wants to be totally sure it’s necessary to contact a lawyer for their special situations.
