View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0015292||Open Gaming Network||[All Projects] General||public||2018-11-29 12:02||2018-12-10 09:56|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||Fixed in Version|
|Summary||0015292: GDPR concern about ads|
|Description||Issue type: Other|
Reported from: https://www.d20pfsrd.com/bestiary/monster-listings/animals/bat/bat-flying-fox/
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
Hi, I just spotted the "Ads help us run this site" bar on the site.
Ads aren't an issue, but this particular version doesn't seem to be compliant with European GDPR legislation. GDPR generally means that opting out from tracking must be at least as easy as opting in - not the case here where there's no opt-out immediately available, and a big obvious button for opting in. Plus opt-out is genuinely tricky, involving going through at least three different ad management sites, and requesting not to be tracked on each site, which usually doesn't end with 100% success in opting out.
Thought I should flag this up as a fan of the site. I don't want you getting in trouble with the EU.
While I'd want a legal expert to confirm it, we shouldn't need to worry because we don't target EU subjects. Merely being *available to* EU subjects isn't enough, we have to offer specific services to specific EU countries, either explicitly, or implictly (such as through use of an EU-specific language or EU-specific currency), in order to fall under the GDPR, according to this and other references. Advertised products on the store are in US$, and English is obviously used in multiple countries outside Europe.
Also worth nothing that Paizo, also, do not provide an opt-out (but do tell users they can do a manual block in their browser, which technically isn't enough under GDPR).
Wizards go a little further, providing an opt in popup that doesn't go away until you do opt in, but still don't follow the GDPR requirement of going back to opt out later.
I would imagine that like us, they're doing "best dilligence for making the site cookie-friendly to users, without having to spend weeks on a GDPR system, because we don't appear to be under the GDPR umbrella"
||Closing this for now, unless 100% GDPR compliance becomes a necessity.|
|2018-11-29 12:02||webform||New Issue|
|2018-11-29 12:02||webform||Tag Attached: d20pfsrd|
|2018-12-01 04:07||jreyst||Assigned To||=> matt|
|2018-12-01 04:07||jreyst||Status||new => assigned|
|2018-12-01 04:07||jreyst||Note Added: 0002040|
|2018-12-01 05:17||matt||Note Added: 0002041|
|2018-12-01 05:18||matt||Note Edited: 0002041||View Revisions|
|2018-12-01 05:23||matt||Note Added: 0002042|
|2018-12-01 05:24||matt||Note Edited: 0002042||View Revisions|
|2018-12-10 09:56||matt||Status||assigned => closed|
|2018-12-10 09:56||matt||Resolution||open => won't fix|
|2018-12-10 09:56||matt||Note Added: 0002044|