GDPR – Google Opt-out + Facebook Pixel Opt-out

Privacy GDPR DSGVO

THIS ARTICLE FROM 2018 MAY BE OUT OF DATE
According to our information (as of May 2020), no pure opt-out option is permitted for such tracking; instead, prior user consent (opt-in) is required before activating such tracking codes.

Quelle: https://www.facebook.com/raschwenke/photos/a.262537600529100/2081665648616277/?type=3&theater

See also 2022/FB PIXEL collects disease data: https://www.heise.de/news/Facebook-Pixel-US-Krankenhaeuser-sammelten-unwissentlich-sensible-Daten-7144502.html


The whole discussion about tracking with Analytics & Co in the context of the new data protection rules should not be discussed here. Many things are still unclear and disputed (and will change again with the planned ePrivacy Directive) but the prevailing opinion seems to be that under certain conditions Goolge Analytics and Facebook “pixel” conversion tracking MOMENTAN even after 25.5. 2018 is still permitted, provided that an opt-out option is offered in the privacy statements. This is only about the opt-out codes on the website (no guarantee):

Google Analytics

Here is the code as recommended by Google:

1. code

Paste the following script over the Google Analytics script (applies to all pages):

<script>
var gaProperty = 'UA-XXXXXXXXXX-X'; //auf korrekte ID achten!!!!

var disableStr = 'ga-disable-' + gaProperty;

if (document.cookie.indexOf(disableStr + '=true') > -1) {
window[disableStr] = true;
}

function gaOptout() {
document.cookie = disableStr + '=true; expires=Thu, 31 Dec 2099 23:59:59 UTC; path=/';
window[disableStr] = true;
}
</script>

2. link

Copy the following code in your privacy policy to where you want the user to opt-out of Google Analytics:

<a onclick="alert('Google Analytics wurde deaktiviert');" href="javascript:gaOptout()">Google Analytics deaktivieren</a>

ProcessWire developers can easily import the link into a Hanna-Code ShortCode:

!HannaCode:optOut_GoogleAnalytics_de:eyJuYW1lIjoib3B0T3V0X0dvb2dsZUFuYWx5dGljc19kZSIsInR5cGUiOiIwIiwiY29kZSI6IjxhIGNsYXNzPVwidWstYnV0dG9uIHVrLW1hcmdpbi10b3AgdWstbWFyZ2luLWJvdHRvbVwiIG9uY2xpY2s9XCJhbGVydCgnR29vZ2xlIEFuYWx5dGljcyB3dXJkZSBkZWFrdGl2aWVydCcpO1wiIGhyZWY9XCJqYXZhc2NyaXB0OmdhT3B0b3V0KClcIj5Hb29nbGUgQW5hbHl0aWNzIGRlYWt0aXZpZXJlbjxcL2E+In0=/!HannaCode


Facebook “Pixel” Tracking

For us, suitable suggestions to suppress Facebook Pixel, we have not found on the web so far. We are considering building such a code analogous to the Analytics code above. If an opt-out cookie is found, the Facebook code is simply not loaded. A page refresh (or change to another page) is then still necessary for this to run. It’s certainly not elegant. But first a solution until something better comes. In the browser console you can see what the code does.

The code is only roughly tested, we don’t have a use case at the moment (Facebook Pixel tracking is not used by us or our customers). So feedback is welcome to improve this code even more. Conceivable would be the alternative use of HTML5 browser databases or additionally of sessions (if a user generally forbids cookies).

DISCLAIMER: This is not legal advice. Whether the code really meets the requirements of the GDPR must now be shown by practice – and smart lawyers.

Comments and suggestions for improvement welcome to info@tba-berlin.de.

Of course we would be happy about a backlink.

1. code

Insert the following script in the source code where you have your entire tracking code, e.g. at the Analytics code (applies to all pages):

<script>
// Facebook Pixel mit Datenschutz OPT OUT per Cookie (analog zu Analytics)
var fp_disableStr = 'fb-pixel-is-disabled';

if (document.cookie.indexOf(disableStr + '=true') > -1) {
window[fp_disableStr] = true;
console.log("Facebook-Pixel ist deaktiviert - Cookie erkannt");

} else {

// kein Cookie gefunden Facebook Code laden;
// Achtung, unten den korrekten Pixel-Code einsetzen!!!!
// --------------------------------------------------------------------

!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,'script','https://connect.facebook.net/en_US/fbevents.js');
fbq('init', 'XXXXXXXXXXXXXXXXXXXXX'); // Insert your pixel ID here.
fbq('track', 'PageView');

// --------------------------------------------------------------------
console.log("Facebook-Pixel Code geladen");
}

function fpOptout() {
document.cookie = fp_disableStr + '=true; expires=Thu, 31 Dec 2099 23:59:59 UTC; path=/';
window[fp_disableStr] = true;
console.log("Facebook-Pixel ist jetzt deaktiviert - Page Refresh nötig");
location.reload();
}
</script>

2. link

Copy the following code in your privacy policy to where you want the user to opt-out of Facebook Pixel:

<a onclick="alert('Die Facebook-Pixel-Funktionen wurden deaktiviert - Die Seite neu laden');" href="javascript:fpOptout()">Facebook-Pixel-Funktionen deaktivieren</a>

ProcessWire developers can easily import the link into a Hanna-Code ShortCode:

!HannaCode:optOut_facebookPixel_de:eyJuYW1lIjoib3B0T3V0X2ZhY2Vib29rUGl4ZWxfZGUiLCJ0eXBlIjoiMCIsImNvZGUiOiI8YSBjbGFzcz1cInVrLWJ1dHRvbiB1ay1tYXJnaW4tdG9wIHVrLW1hcmdpbi1ib3R0b21cIiBvbmNsaWNrPVwiYWxlcnQoJ0RpZSBGYWNlYm9vay1QaXhlbC1GdW5rdGlvbmVuIHd1cmRlbiBkZWFrdGl2aWVydCAtIERpZSBTZWl0ZSBuZXUgbGFkZW4nKTtcIiBocmVmPVwiamF2YXNjcmlwdDpmcE9wdG91dCgpXCI+RmFjZWJvb2stUGl4ZWwtRnVua3Rpb25lbiBkZWFrdGl2aWVyZW48XC9hPiJ9/!HannaCode


Comment

So, ironically, cookie technology is used here to remember the opt-out. Cookies? There was something, wasn’t there?

So the very cautious user who has cookies completely turned off will not benefit. However, this careful user will usually use browser plug-ins like “noscript” or “uBlock Origin” (or suitable ad blockers on iOS), which completely suppress all this tracking stuff anyway.

Much better than Javascript and browser plug-ins would be, you could already set in the browser, what you want to track and what not. We are convinced that this is where the journey will take us in the long term.

DISCLAIMER: The TBA-Berlin is not a law firm. The content provided here is for general information purposes only and does not constitute legal advice. We recommend that you seek independent legal advice before taking or refraining from taking any action based on the content provided here.

TBA-Berlin makes no representations or warranties, express or implied, as to the accuracy, adequacy, validity, reliability, availability or completeness of the information referenced herein. Your use or reliance on any information contained herein is for your personal use and solely at your own risk.

Categories

Carl D. Erling, Berlin, CTO
Carl D. Erling, CTO

More news

The worst passwords

It’s an old article, but curiously still relevant in 2023: in 2014, the American software company Splash Data published a list of the currently most popular and therefore most insecure passwords on the internet. And what about your passwords?

Continue reading »