Cookies and GDPR

hello sorry if I bring up this conversion a couple of years old. but i am looking for a solution for gdpr and cookies. I took your advice, activated the account, entered the code, but it always tells me that the script is not active
they say to insert the script in the head of the various pages. how do you do this?
I have inserted it in the Custom Header Plugin, in the Header Content field.
Is this right or not?
thank you for any help and for the time devoted to me

Hello @simgiallorosso,

I moved your question into a separate thread from the original one here: Is OJS GDPR compliant? - #62 by leonardo.mancini - it might be better to deal with this as a separate issue, since that thread is several years old. Can you elaborate on what specific version of OJS you’re using (e.g. 3.3.0-8) where you’re trying to make this change?

-Roger
PKP Team

Thank you so much.
The version is 3.3.0.8

if it can be useful to someone I solved it using this free service and inserting the code through the Custom Header Plugin in the Header Content field. now the site is ok with gdpr

2 Likes

Hi @simgiallorosso,

TL;DR; existing GA plugin for OJS is not GDPR and we are working to offer solutions.

Context:

In January a new sentence came out that banned the use of GA in Austria.

The reason is that in the EU IPs are considered personal data and by GDPR all personal data of EU citizens must be stored in the EU.

After this sentence, the French Data Protection Authority (CNIL) follows this decision and orders a French website to comply with the GDPR, so it is expected that in the coming monts/years the rest of the EU countries will adopt similar measures.

Solution:

That said, to make legal use of GA in the EU 3 things must happen:

  1. You must communicate it properly in the privacy policy.
  2. You must disable GA cookies by default.
  3. You must anonymize IPs so that they are not stored outside the EU.

I didn’t check the solution you found, but please, be sure about point 3.
Your google analytics script need to be called with the “annoymization IP” variable set to true.

GA offers the possibility of IP anonymization, but as said, currently our GA plugin for OJS does not enable that option by default so yes: if you like to monitor your visits with GA (did you know about Matomo or Plausible?) you can integrate it via “custom headers” plugin or adding your JS in your theme.

Future:

As far as the PKP plugin for GA needs to be updated (to comply with the new API and GDPR), is now mater of discussion in the Technical Committee.

Cheers,
m.


PD: Even GA tells they anonymize the data to be GDPR, we still need to analyze the traffic to ensure the original IP is not sent to USA datacenters.

thanks for your detailed answer. I believe the ip is anonymous precisely of him. in fact if you see on this site it reports that it is ok

Schermata 2022-03-25 alle 14.57.30

Hi @simgiallorosso

What service are you using to check if your site is GDPR-compliant?

Cheers,
m.

this and this

hello I put the anonymous ip on ga.
I have a cookie that I can’t get my cookie solution to recognize.
cookie name OJSSID.
First found URL: Alpine and Mediterranean Quaternary
Cookie purpose description: Unclassified
Initiator: Webserver Source: amq.aiqua.it
Data is sent to: Italy (adequate) Adequate country under GDPR (EU) Blocked until accepted by user: No

how can i block it in advance?

Hello little update.
on some sites made with ojs I am using the free cookieyes service.
you?
is there any news on the update of the ojs to be directly in compliance with the gdpr?

There might be some bigger scale work soon (months instead of years) to solve the most central problems. Can not talk about it much yet, but stay tuned.

thank you so much.

I’ll be waiting for new communications here then