I’ve just loaded the forum and got the new intrusive modal by OneTrust asking for consent about cookies, designed to be extremely boring and unintelligible for non-tech people to manage them to click on “accept all even when I’m not aware of what all of these means and that’s not aligned with the GDPR consent”, but anyway.
So I went through the process to uncheck (!) all the options. I want to highlight this fact: checks should be DISABLED by default, according to the GDPR. All of those categories (except one) were ENABLED by default.
But what I found tremendously incoherent and even hypocritical was the “Strictly Necessary Cookies” category:
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Note the “strictly necessary” part of the name. Please, explain me how the f*** analytics are strictly necessary to run a service. Here’s a hint: they are not.
I express my direct rejection for this data to be collected and processed, since it’s not strictly necessary to the service to run in any technical sense. I want to express my concerns about this nonsensical GDRP consent modal window —suposedly by a specialized company— which doesn’t align with the actual regulation.
Nice! Recently I saw a variant where everything off was a blue toggle (like on Apple devices, it being on) while it being gray meant off (EDIT: it was at Phoronix). The other annoying thing is that websites fail to work when you don’t accept the cookie (which is illegal). Many major websites even do that…
Please let me quickly address these concerns from the teams working on the project, and if you have any more questions or thoughts please share them and I will follow-up with the team.
First of all thank you for pointing out the Google Analytics in the strictly necessary category, this is an oversight and one we will be correcting. We have chosen to do the implementation of Google Analytics without involving personal data and we do not provide personalised content or targeted advertising without the prior consent of our customers (which we obtain through the cookie banner only when customers tick the Social Media box). In any case, we are in the process of setting up and configuring the categories of Cookies in a more understandable way.
I will make sure to keep you updated on this process Questions? You know how to find me
Thanks for replying, @Monica.Ciovica. Hope it doesn’t take long for the team.
Here’s a short version to ease you the process:
(legal) Checks shouldn’t be enabled by default
(legal) Google Analytics in the Strictly Necessary Cookies category
(ethical) Should be a don’t accept any button at the same level as the accept all button.
Fair enough. Now I want to raise the question. If the forum is a community, it’s not a product, and vice versa. If it’s not a product, it shouldn’t need analytics at all, right? Therefore, is the forum a community or a product?
But I do remember that analytical cookies are (legally) seen as functional cookies as they help Fairphone optimize the website. For this you do not need opt-in and the box can be ticked by default.
Now… whether you want this and if it feels like the right thing to do, also on the forum, and not just on the main website, is an entirely different matter and depends more on how you view your customers, users and guests of your website.
Thank you for the legal reading. I just need to deep more into the GDPR, but I have the feeling that that data should be anonymized to be checked by default (which is exactly the case of Fairphone’s use of GA, as @Monica.Ciovica stated above, but wasn’t properly explained).
Of course, the category of functional cookies should be on by default, the issue was with those other categories.
Privacy is like voting. An individual’s privacy, like an individual’s vote, is usually largely irrelevant to anyone but themselves … but the accumulation of individual privacy or lack thereof, like the accumulation of individual votes, is enormously consequential.
The GA helps us better understand and improve the user journeys on our website and the forum. For example: to improve our customer support journey/support articles, we are looking into the traffic coming from the forum to the page and vice versa. If it appears at some point that people leave a section in the support page for the forum, then that indicates the need for improvement.
Just make a nice and easy to use website where one can quickly find any relevant information. You don’t need any analytics to do that, just use common sense. The analytics stuff might make sense for a company with a billion users where the fraction of a percent is still a lot. But in my opinion it is a complete waste of time and resources for a small company like Fairphone. To stay in business, Fairphone needs to maximize sales and minimize the cost of support. Doing analytics on the website doesn’t contribute any new insights to achieve these goals. Just get rid of them completely.