2

I have been looking around the last few days for cookies and gdpr law, and I have been busy getting OneTrust and GoogleTagManager up and running on our current website and it works just fine!

On our Cookie consent banner, we have a "Reject all Cookies" button and then we do not load our tracking and other 3rd party scripts. We have also added a list of all cookies etc. we use on the site that we receive automatically from onetrust. Necessary cookies for the site to work are loaded even if the user clicks Reject all cookies.

So some problems I have today:

Rectaptcha:

https://measuredcollective.com/gdpr-recaptcha-how-to-stay-compliant-with-gdpr/ https://www.imy.se/en/verksamhet/data-protection/this-applies-accordning-to-gdpr/transfer-of-data-to-a-third-country/

According to these links, we send sensitive information such as IP address to another country. as well as puts cookies on google's own domain google.com

If we decide that the user must ask for consent before using Google ReCaptcha cookies and then a spam/bot allows the possibility to deny these cookies. Then you have to ask if there is any point in using Google ReCaptcha in the first place?

  1. I interpret this as meaning that we cannot use Google Recaptcha and have to change to another Recaptcha solution like hcaptcha.com?

A / B test.

https://help.optimizely.com/Account_Settings/Enable_opt-in_options_for_Optimizely_cookies_and_local_storage

In recent months, we have prepared some things to be A/B tested on the website. We already do not have that many users on the site and have to run our a/b tests for a slightly longer period for better results. Of course, an a/b test uses cookies and these cookies are counted as analytics cookies.

But now that we have "Reject all cookies" or "deny analytics cookies", we lose quite a lot of visitors and it becomes almost impossible to a / b test.

  1. Is a/b test dead for smaller websites in EU?

Local storage

We save personal data when the user orders a service from us, in LocalStorage.

  1. Does the website have to tell users, what and why we save it in LocalStorage?

  2. When a user has clicked "X" on a popup, we save it in LocalStorage so that the user does not have to see the popup every time they come into the page. This is not necessary but improves the user experience. So are it considered necessary cookies or do we have to have the user consent to it?

E P
  • 389
  • 4
  • 16
  • 1
    There are many techniques you can use to make A/B tests more sensitive if you have few users; some are scenario specific. Like logging more specific events, applying transform functions such as winsorizarion, estimating standard error based on history not just SLT, etc. This calculator gives you a sample size baseline, but depending on your scenario you can further improve it with what I mentioned: https://www.statsig.com/calculator —if you don’t have time to work on these adjustments, I’d consider some service that does it for you—will be cheap or free if you have few users anyways. – roim Jul 20 '21 at 21:56

1 Answers1

1

On A/B testing, there are ways to run them without relying on cookies, and instead use a server-server integration that doesn't send any of the user information to 3rd party websites. This is accomplished by having a rules engine run locally on your own server and then only send exposure logs to the analytics service.

If you're curious, one such service with a rule-set based engine is: https://statsig.com.

Disclaimer: I work at Statsig.

slacker
  • 509
  • 2
  • 6