-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pixel Opt In : EU Privacy Compliance & GDPR #301
Comments
Hi @blindpenguin and @crudolf, To confirm if I understood correctly, you want to opt-out (not to track user information by pixel), but still using plugin to sync product and manage your business on Facebook page, is that correct? Thank you. |
The website visitor needs to be able to opt-in. If i let facebook track users without their explicit consent, then there is the possibility to receive a cease-and-desist warning. It's only about the Pixel functionality. Everything else is fine. One possibility could be to show a modal or notification bar. Ideally with customizeable text. Only if the visitor clicks on "yes" or "i agree", then tracking is allowed. There is a huge post on linkedin about this, where the legal stuff is explained in detail: The regulatory pitfalls of the Facebook Pixel |
Hi @blindpenguin and @crudolf, Thanks for flag this. I will mark this as feature request and forward your legal concern to our pixel team. Thank you. |
Hello, You are correct. Our plugin did pass our own legal team and they noted the same thing. We do advise you during the setup of our plugin to seek out ways to provide this notice to users in the EU, though it's easy to miss. Unfortunately our plugin does not provide a consent notice in it's current functionality, but there are wordpress plugins that do provide this functionality out there, and I'd encourage you to explore using those and seeing if they can be customized to cover the case of the Facebook pixel as well. For example just a few: I don't think we will ever get around to implementing this notice in our own plugin, but I will leave this open for others to jump in and recommend potential solutions (or perhaps send us a pull request). |
Just flagging, we are thinking about adding opt-out functionality based on how many users would be affected. It seems it's a great deal more than we originally thought, and it's affecting all of our plugins, not just WooCommerce. We're having some internal discussions now, I'll update if there's any news. |
Hello All, I have updates on this issue from the broader Facebook org on GDPR. I'm not allowed to give out any details about this solution at this time, but when it becomes public I'll update this thread and close it. www.facebook.com/business/GDPR has more information about our general policy here. |
Hi Dmitri, Any update on this. Thanks, Ian. |
Hi Ian, Nothing concrete. We are exploring different solutions for compliance and there's lots of internal discussion. An update of the plugin may be required to be compliant. We should have further clarity about this closer to the GDPR deadline. |
Wouldn't the plugin legally need opt-in functionality, where the pixel tracking code isn't enqueued on the front end of the site unless the visitor has given explicit permission to do so? Maybe a better solution would be a simple filter that allowed us to conditionally enqueue the tracking code ourselves, based on our own opt-in implementation. There's little need for multiple plugins having their own notifications, when you can wrap it up into one on your own site and handle your tracking pixels via custom code. |
Rummaging through the source, found this filter 'facebook_for_woocommerce_integration_pixel_enabled': add_filter('facebook_for_woocommerce_integration_pixel_enabled', '__return_false'); |
Same here, we just need the sync as the pixel needs user opt-in. |
Hi All, Regarding legal concerns, see the image I posted earlier of the pixel step, which links to this page. I think our GDPR policy, www.facebook.com/business/GDPR, has also been updated. As @addedlovely said, that filter can be used to build your own opt-in solutions, but we will not be taking action on this to implement opt-in behavior. However, we welcome your pull requests if you need additional filters/features to facilitate building those solutions. I would also look into using |
@dmitridr Do I understand your last post right?
Obviously this is not a good "solution", as this makes it quite hard for users to use this plugin. Not everyone is a developer and can implement a custom solution. It is also not good to "force" opt-in plugin developers to specifically target this plugin.
As you can imagin the opt-in rate will be about 0%. So for most users a checkbox to just disable the pixel would be the most easiest way. |
Hi, For the avoidance of doubt, is Facebook operating as a data controller or a data processor with regards to the Pixel application? Thanks, |
Yes I think your understanding is mostly correct: The filter given above does allow enabling/disabling the pixel, the line pasted by @addedlovely can be used to disable the pixel with the WP plugin editor. But as you say disabling won't work through JS, we're happy to review your pull request to add that functionality. If you send us a pull request for a checkbox to disable the pixel... we would be happy to consider that as well. @LuciStan My opinion as a dev : FB is mostly a data controller, I imagine this applies to the pixel as well. I would encourage you to read FB's official stance and draw your own conclusions though, there may be something I'm missing. |
Is there a way we can add the suggested line to the Child-Theme? add_filter('facebook_for_woocommerce_integration_pixel_enabled', '__return_false');(for security reasons I have WP editor disabled but can access via secure FTP) |
@sanderkie You can just add it to your functions.php. Maybe set the priority a little higher:
|
So do we need to ask for consent to use the pixel or not? @dmitridr said: Is this still the case? |
I came back against the integration with Iubenda Cookie Solution. There was some changes in facebook-for-woocommerce code, so my solution is not working anymore. I have investigated and I think it can be resolved in an alternative way: Iubenda allows you to block Javascript code in two ways:
The first solution is difficult to apply on this plugin, because there is nothing that allows you to insert arbitrary code before and after the pixel script. So this could be a feature request: add a parameter for the HTML code to be inserted before and after that of the pixel. Solution 2:
Here, however, a problem arises: the event code (e.g. Iubenda allows you to define a prerequisite for scripts like this:
Here, however, another problem arises: the same code is applied both to the part of the script that loads the Pixel from Facebook and to that of the actions, so in this case no script is loaded because the part of the script that loads Here comes the second feature request: distinguish the filter This would allow you to correctly handle the script with Iubenda with something like:
This example is for Iubenda, but a lot of other cookie blocking solution uses the same logic, so I think it will be applicable to other cookie management scripts. What do you think? |
Hello all, Follow some example of code for various cookie block solutions: Example for Iubenda:
Example for Cookie Bot:
Example for Cookie Script:
Now we have anothe problem: some events are enqueued in Woocomerce js and so cannot be change using this method (as reported in #1268). In order to make this work for all events we need to change I've made also a pull request with this changes: #1274 |
Hi Fabio, 1- is the problem solved or as we read something still doesn't work? Thanks so much |
Ciao @emporio3
Problem is not solved, but I've found out a possible workaround
Which version of the plugin are you using? If you are using a version released before July 2019 (I think it was 1.9.x), the old modify is working.
For the actual version I've made this changes:
(this example is for Iubenda, change it according to your cookie blocking solution)
in
In short I've removed the I tested this workaround with the Iubenda plugin and it works correctly, I submitted a pull request to include this change in the I hope I was helpful |
Thanks so much as usual |
Hi, Am I correct to notice that this filter is no longer blocking the pixel?
In de log-file I can still see the queries and responses to and from FB. |
It's still working for me. The queries you're seeing in the log may be the backend FB integration (product sync etc). For anyone using the GDPR Cookie Consent (CCPA Ready) plugin, the following will act as an opt-in and only enable the pixel if non-essential cookie consent is given.
|
Hi @brrrm
@beanslel is correct! In v2.0+ we can now use the server to server pixel tracking API. This will record events in your debug log but wouldn't be loading a pixel on the front end if you have still disabled that like previously. Cheers, |
@beanslel Tks, your solution works. |
I'm getting problems when combining this with cached pages, using Varnish for example. this is my scenario:
What I think that could be a solution, just an ideia, not tested. Instead of add the scripts direct on the page, we need a JS Hook to check if this can be done or not and only after that we add the script source and all the rest to start up the Pixel or any other third party application. Like this using WP JS Hooks:
Without checking the user consent on the server side, there is no problem creating caches on the server or using a CDN, the Pixel will be on the HTML but only injected on the page after checking it on the client side, according to user consent. |
It looks like this issue can be closed given the results of the discussion. @edirpedro if you still are encountering problem with the implementation please create a separate issue that will be focused on the pixel in the context of cached sites. |
#301 (comment) this is still an issue. Huge one. Did you find a way to work around this? |
Sharing my idea here.
Don't know if there's other javascript injected from this plugin into the page body (then executing before GTM). That won't work. |
@mircobabini No solution here, if you use a cache service like Varnish or a CDN, you will not conform to GPDR ever. The option to disable this injection is restricted to the server side! |
@edirpedro so, the only GDPR compliant way is to rely on GTM (injected scripts based on consent conditions) completely. Nothing generated by the server and put into the page body (cached). |
@mircobabini yes, Meta wants to track the user even when it revokes the Pixel, that's the poor solution they provide at the documentation |
@edirpedro yeah. So the idea is to never block the Pixel library to load, but adding the |
@mircobabini a workaround could be using the plugin to serve the Data Feed only, just disabling it |
@edirpedro disabling that integration makes that plugin almost useless though (if you are relying on their pixel integration which is pretty complex to replicate). I came up with a partially working solution (for Iubenda).
<?php
/**
* Priority lower than Iubenda inline enqueue
*/
add_action( 'wp_enqueue_scripts', function(){
wp_register_script( "fbq-pixel-earlier", ' ' );// phpcs:ignore WordPress.WP.EnqueuedResourceParameters.NotInFooter,WordPress.WP.EnqueuedResourceParameters.MissingVersion
wp_enqueue_script( "fbq-pixel-earlier" );
wp_add_inline_script(
"fbq-pixel-earlier",
"!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,'script','https://connect.facebook.net/en_US/fbevents.js');
window.fbq && window.fbq('consent', 'revoke');",
'after'
);
}, 9 );
} else if (preference.purposes) {
if (preference.purposes[4] === true) {
window.fbq && window.fbq('consent', 'grant');
} RESULTS When given (at least "Measurement"): Hacky but working. |
Hello there,
i just got my new terms & conditions and was informed, that Facebook Pixel needs an opt in according to german law. Just like the european cookie notice. It isn't allowed to track anything unless the customer agrees to it.
Are there settings or something like that available for it?
Thanks
The text was updated successfully, but these errors were encountered: