GDPR, EllisLab, and ExpressionEngine
5/23/2018 / By Derek Jones
ExpressionEngine 7.5 has been Released! Learn More!
5/23/2018 / By Derek Jones
The European Union’s General Data Protection Regulation (GDPR), a sprawling set of regulations designed with the intent on protecting privacy rights, becomes enforceable on May 25, 2018. You’ve seen the emails, the blog posts, and probably have made changes to your own site (or are still wondering what to do). Here’s what we’ve done:
ExpressionEngine, for its part, has always been compliant out-of-the-box. For instance:
But that’s only part of the story. As a site builder and operator, what you do with PII is in your hands. And you must be capable of responding to specific GDPR requests. For many web sites, and the folks who build them, making sure that you’re operating in a compliant way can be difficult and take a lot of time. If you’re a company or developer already on a tight budget, it’s a pain, and a burden of time and money you have to buy from somewhere else.
If you’ve felt frustrated, wondering if these unproven regulations will actually improve things, you’re not alone. Already the companies that can afford it—arguably the ones for whom these laws are directed—are taking measures to minimize their exposure. Others are simply preventing EU visitors from using their sites, and forbidding their use in their terms of service. That approach doesn’t do anyone any good. Ultimately, time will tell, and only after the laws have been litigated and proven in the courts will we know if it’s working, or even how some of the regulations will be interpreted and enforced.
In the mean time, we like to obey the laws of the land and are sure you do too. And it’s always nice when that’s easy to do. It’s your responsibility, but we feel we should do more than tell you that you’re on your own. Or leave you to wade into MySQL to comply with an esoteric request. So we are committed to making ExpressionEngine the easiest CMS to comply with GDPR and similar regulations revolving around user privacy. Including but not limited to:
Here’s a quick example: the consent tools we’ve built for you. Some features of your site process PII, and that requires specific and clear consent, that can be easily withdrawn. We have built a new module with simple tags that will let you capture consent for anything you need, and honor the user’s wishes throughout your site. It’s what we’re using right now on our site and will soon be available for you too. For example, if you require cookie consent, before adding Google Analytics’ script, you can check to see if the user allows you to set “performance” cookies:
{if consent:ee:cookies_performance}
<!-- Google Analytics -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-XXXXX-Y', 'auto');
ga('send', 'pageview');
</script>
<!-- End Google Analytics -->
{/if}
This is just the tip of the iceberg, and we’ll be blogging and posting educational tips and tricks on using these new features as time goes on. Thanks for sticking to the end of this read. It was a small wall of text, and still less than 1% of the length of the GDPR. It’s our aim to help keep building on the web fun, even in the face of 55,000+ words of new regulations that aren’t easily digestible for most professionals.
Packet Tide owns and develops ExpressionEngine. © Packet Tide, All Rights Reserved.