Guest Posted March 30, 2021 Share Posted March 30, 2021 (edited) Has anyone found a free or low-cost GDPR-compliance solution that works with a small Squarespace site, that is actually compliant with GDPR legal requirements? After spending the afternoon reading, it doesn't appear that the [cookie banner] GDPR solution that Squarespace makes available to its own customers is compliant. Interestingly, it is also not the one they use for their own corporate website(s). A cookie banner alone does not meet GDPR requirements. There must be valid, documented, reversible and renewable consent. Consent must be obtained prior to processing, and be transparent and customizable by the site visitor (i.e. necessary cookies, other cookies listed by type). Someone who gave consent must be able to revoke consent. "Documentation" means a secure consent repository/database so that we, as site operators, can provide proof that consent was obtained. The database needs to store a record of each user's consent, including how they consented, exactly what they consented to, and the date/time they gave their consent. Another issue is that a GDPR-compliant site's privacy policy needs to be transparent. Something as basic as the data collected on a Squarespace form - where and how is it stored and processed? If someone who submitted a form wants their data deleted - how does one do that? Since I am not an expert in GDPR, there may be other requirements that I missed. My "solution" for the past 3 years has been to turn off all cookies and explicitly state that the site is not intended for site visitors from the EU. This goes against the purpose of the website, and is not a satisfactory solution by any measure. Edited March 30, 2021 by Lis7 typo Link to comment
ArmusZero Posted March 31, 2021 Share Posted March 31, 2021 (edited) 6 hours ago, Lis7 said: Has anyone found a free or low-cost GDPR-compliance solution that works with a small Squarespace site, that is actually compliant with GDPR legal requirements? After spending the afternoon reading, it doesn't appear that the [cookie banner] GDPR solution that Squarespace makes available to its own customers is compliant. Interestingly, it is also not the one they use for their own corporate website(s). A cookie banner alone does not meet GDPR requirements. There must be valid, documented, reversible and renewable consent. Consent must be obtained prior to processing, and be transparent and customizable by the site visitor (i.e. necessary cookies, other cookies listed by type). Someone who gave consent must be able to revoke consent. "Documentation" means a secure consent repository/database so that we, as site operators, can provide proof that consent was obtained. The database needs to store a record of each user's consent, including how they consented, exactly what they consented to, and the date/time they gave their consent. Another issue is that a GDPR-compliant site's privacy policy needs to be transparent. Something as basic as the data collected on a Squarespace form - where and how is it stored and processed? If someone who submitted a form wants their data deleted - how does one do that? Since I am not an expert in GDPR, there may be other requirements that I missed. My "solution" for the past 3 years has been to turn off all cookies and explicitly state that the site is not intended for site visitors from the EU. This goes against the purpose of the website, and is not a satisfactory solution by any measure. So far no, I've asked to square space several times for almost more than a year and the answer has always been the same "use our cookies banner" or something that implies that ,but as you and I know that isn't enough Edited March 31, 2021 by ArmusZero Beyondspace and gcart 2 Link to comment
Zaskar Posted December 31, 2021 Share Posted December 31, 2021 Hi I am also searching for a solution. This is not a feature nice to have. From 01.01.2022 on the new requirements for extended cookie banner takes place in the EU. Try to implement "Cookiebot". They provide a script that has be loaded at first directly after the <head> tag. I take this code and placed it via code injection. So far no problems. But I open the website the new cookie dialog does not appear! Hier e the code I Inject: <script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="ecd23f64-c412-40fd-8b9e-3091b3641c29" data-blockingmode="auto" type="text/javascript"></script> Needless to say, if these requirements are not met, a fine can be levied or the website can be warned off. Actually, I would expect Squarespace to provide their own DSGVO compliant solution here. Does anyone know why the inserted code is not displayed? Or has someone used another tool and knows how to implement it. I am grateful for help. Cheers Stefan gcart 1 Link to comment
creedon Posted December 31, 2021 Share Posted December 31, 2021 @Zaskar Is the code installed now? If not please install it again. Please post the URL for a page on your site where we can see your issue. If your site is not public please set up a site-wide password, if you've not already done so. Post the password here. Adding a site-wide password does not allow anyone to alter your site. It only allows those with the password to see your site. Please read the documentation at the link provided to understand how it works. Please read the documentation at the link provided on how to share a link to your site to understand how it works. A link to the backend of the your site won’t work for us, i.e. a url that contains /config/. We can then take a look at your issue. Find my contributions useful? Please like, upvote, mark my answer as the best ( solution ), and see my profile. Thanks for your support! I am a Squarespace ( and other technological things ) consultant open for new projects. Link to comment
Guest Posted January 16, 2022 Share Posted January 16, 2022 Resurrecting this thread, cookie policy is not enough. Per GDPR you are the data controller and squarespace, being a SaaS, is the data processor. Some thoughts (I created a ticket at least two months ago but they never replied to it): Is there a document between you and squarespace describing what they will store and how it will be stored? This is important because squarespace is storing website data in their database. Per GDPR, processing must ensure security and protect against unauthorized or unlawful processing. Which personal data will be stored in the squarespace databases? All personal data processing should be fair and have legitimate reason GDPR has six types of Legitimate Purposes of processing personal data. You need to find which ones fit your case. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment