GDPR Cookies Banner

[ddfridley]

The site needs a banner that pops up to allow the user to accept cookies, before cookies are used on the web site, and does not enable certain cookie classes if the user does not accept them.

• I suggest vanilla-cookieconsent as the component to implement consent. It works with our version or React and supports GDPR requirements. If we find issues or need things, we should try to work with that project, so that it can be a shared resource.
• Democracylab designers should be consulted for color and other changes, but we should avoid going outside the bounds of what the component supports.
• CookieConsent.run will need to be customized for democracylab. You can investigate the cookies we use by opening democracylab.org in chrome, opening the developers' console, and going to the Application tab
  
• civictechprojects/views.py Is the place where the google analytics and hotjar scripts are loaded - these are what generate most of the cookies that we use. These will have to be removed, and then conditionally loaded in react code
• In views.py is also python's csrf cookie @ensure_csrf_cookie It is left for investigation how to prevent this from loading until after the users accepts the cookie banner.
• common/components/mount-components.js should be the place where we add <CookieTailor onAccept={acceptFunction}/> to the possible apps.
• run function needs to load the cookie generating scripts, if the appropriate category has been selected.
• There is an error message about not being able to connect with doubleclick.net - doubleclick.net is used for google ads. We need to allow it in the content security policy, and do what google requires to enable google ads if the user allows. (some investigation is needed for the). See this thread for how to support google consent [Docs]: how to configure google consent mode orestbida/cookieconsent#669

Test cases

• When the user first visits the site, but has not accepted the banner, check that no cookies have been loaded. (may need to clear cookies before this test)
• If only mandatory cookies are accepted, only the csrf cookie is set.
• If statistics cookies are accepted, then google analytics and hotjar cookies are set
• If other cookies have been discovered in doing this, the need to be properly categorized and tested.
• User should be able to login, close the window, open a new one, and find they are still logged in.
• An API needs to be implemented to save consent information.

[ddfridley]

@aish-where-ya Hi, I'm helping with development focus for DemocarcyLab. We've created a DemocracyLab Dashboard and would like to update the status of this issue.

• Are you still working on it? If so, what are the next steps, or what challenges are there to moving forward?
• Or is this still an issue/should we close it?
• Or, if you just aren't available to work on it anymore, please let me know, and/or unassign yourself
• Or, I'm the one who wrote the issue, if there's anything I can help with let me know.
• Or, something else?

Thanks.

[ddfridley]

The description has been updated to suggest vanilla-cookieconsent, because the old suggestion turned out to require a newer version of React.