Hello again @allenyang, thanks for your answer, but this is not about your understanding or mine, it’s just as-it’s-now is not compliant.
Basically what the GPDR looks to accomplish with the new cookie consent it’s the fact that the user has to have the option to control the cookies that’s using the website.
As said two times what makes it compliant it’s the fact that the user HAS TO BE ABLE TO NAVIGATE on the website even if he doesn’t want to use any particular cookie such as analytics or others. For example: If I’m using an analytical plugin to track users experience for SEO or any other purposes, the user can’t deny that particular cookie/consent.
What Bubble plugin does is inform that the website is using cookies and forcing to accept EVERYTHING that’s running on the website. That’s not compliant. I suggest you to check with the legal department and you will see what I’m talking about.
As said before we did an external audit, and we got advised on this, and that’s the reason I’m writing on this thread.
We can’t use external cookies consent because we can’t control which cookies are used from all the elements that running in Bubble background such as plugins or unknown sources.
We can’t add an advice saying using this website requires to accept ALL THE COOKIES because that’s the exact reason why GDPR changed cookie policies (plus that even us as “platform” we don’t know exactly which or how many cookies are running in our site).
- Receive users consent before you use any cookies except strictly necessary cookies: This condition isn’t meet. Bubble will use all the cookies, no matters if the user gives the consent before.
Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received: This condition isn’t meet. We don’t know how many cookies actually is using our bubble app because many plugins can use/add/modify cookies, and we don’t know what cookies bubble is using in the background.
Document and store consent received from users: Where is the consent stored in Bubble? How user can access/see/modify this?
Allow users to access your service even if they refuse to allow the use of certain cookies: This condition isn’t meet. As explained before in the example. If any user don’t want to allow the analytics in my website he has no-opt to decline these cookies, he is forced to accept all.
Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place: Same question in 3*
I can understand you don’t want to enter in legal situation but IMHO If I’m planning to use Bubble as a platform in EU I need to be 100% sure this is GDPR compliant with guarantees otherwise I can be fined for not being compliant at all. I’m actually very unsecure and uncomfortable with this because I’m very sure this will not work. It’s something as the “bubble builder” can’t change or use external services. Sometimes I feel Bubble gives answers without committing or giving a 100% guarantee for the companies/individuals that are using Bubble as a platform.