View Issue Details

IDProjectCategoryView StatusLast Update
0015292Open Gaming Network[All Projects] Generalpublic2018-12-10 09:56
ReporterwebformAssigned Tomatt 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionwon't fix 
Product Version 
Target VersionFixed in Version 
Summary0015292: GDPR concern about ads
DescriptionIssue type: Other
Reported from:
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
Hi, I just spotted the "Ads help us run this site" bar on the site.

Ads aren't an issue, but this particular version doesn't seem to be compliant with European GDPR legislation. GDPR generally means that opting out from tracking must be at least as easy as opting in - not the case here where there's no opt-out immediately available, and a big obvious button for opting in. Plus opt-out is genuinely tricky, involving going through at least three different ad management sites, and requesting not to be tracked on each site, which usually doesn't end with 100% success in opting out.

Thought I should flag this up as a fan of the site. I don't want you getting in trouble with the EU.



2018-12-01 04:07

administrator   ~0002040



2018-12-01 05:17

administrator   ~0002041

Last edited: 2018-12-01 05:18

View 2 revisions

While I'd want a legal expert to confirm it, we shouldn't need to worry because we don't target EU subjects. Merely being *available to* EU subjects isn't enough, we have to offer specific services to specific EU countries, either explicitly, or implictly (such as through use of an EU-specific language or EU-specific currency), in order to fall under the GDPR, according to this and other references. Advertised products on the store are in US$, and English is obviously used in multiple countries outside Europe.


2018-12-01 05:23

administrator   ~0002042

Last edited: 2018-12-01 05:24

View 2 revisions

Also worth nothing that Paizo, also, do not provide an opt-out (but do tell users they can do a manual block in their browser, which technically isn't enough under GDPR).

Wizards go a little further, providing an opt in popup that doesn't go away until you do opt in, but still don't follow the GDPR requirement of going back to opt out later.

I would imagine that like us, they're doing "best dilligence for making the site cookie-friendly to users, without having to spend weeks on a GDPR system, because we don't appear to be under the GDPR umbrella"


2018-12-10 09:56

administrator   ~0002044

Closing this for now, unless 100% GDPR compliance becomes a necessity.

Issue History

Date Modified Username Field Change
2018-11-29 12:02 webform New Issue
2018-11-29 12:02 webform Tag Attached: d20pfsrd
2018-12-01 04:07 jreyst Assigned To => matt
2018-12-01 04:07 jreyst Status new => assigned
2018-12-01 04:07 jreyst Note Added: 0002040
2018-12-01 05:17 matt Note Added: 0002041
2018-12-01 05:18 matt Note Edited: 0002041 View Revisions
2018-12-01 05:23 matt Note Added: 0002042
2018-12-01 05:24 matt Note Edited: 0002042 View Revisions
2018-12-10 09:56 matt Status assigned => closed
2018-12-10 09:56 matt Resolution open => won't fix
2018-12-10 09:56 matt Note Added: 0002044