I am working on setting up a new privacy implementation process for new client sites. I am looking to make it as simple, straightforward, and future-proof as possible.
Use case #1:
Typical client is either based in Europe or the USA (I can set the data center in either) but has global reach and customers. A privacy / compliance solution is required that meets GDPR and virtually all the other major rules. For any given client, it is truly possible to have site visitors from the Americas, Europe, Africa, Asia, Australia, etc. It is ideal to have the cookie banner message and terms/cookie/privacy policies be localized to the user region.
Use case #2:
Typical client is based in a specific European country or USA state and almost all site visitors are local to that region as products or services are very specific to that location. In this case, the cookie / terms / privacy policies would follow the general region (e.g. GDPR for Europe) but would also include some verbiage specific to that country or state, as necessary.
My issues:
I thought I could just handle this with the premium version of Complianz, but I am running into some issues and I am not sure I am thinking this through clearly. 🙂
First, I am quite confused by the Complianz documentation on this. They have lots of different versions of instructions for implementation, although the latest seems to be: https://complianz.io/simplified-guide-to-google-consent-mode-v2/ But even that seems to have some errors. FWIW I have contacted their support, and they have been less than helpful- basically telling me they do not support Google Site Kit, and that I have to follow one of the scenarios in their help documentation, but no solid advice.
On the other hand, Google Site Kit gives a pretty straightforward explanation with consent mode and using WP Consent API – and actually recommends using Complianz for "just" the cookie banner piece. https://sitekit.withgoogle.com/documentation/using-site-kit/consent-mode/
It would appear that I have have one of two general options (please, please correct me on this):
- Exclusively use Complianz with no Google Site Kit nor WP Consent API. Choose either Google Tag Manager or direct scripts (e.g. Google Analytics) for statistics. Fiddle with all the settings in Complianz to configure regions, etc.
- Use Google Site Kit with WP Consent API. Use Complianz ONLY for the cookie banner (this could be free version?). Nothing further needed with scripts / GTM as Site Kit is handling.
Questions:
- What am I missing?
- What would be simplest / most universal approach?
- What is current best practice?
- For use case #1, if I write all my own cookie / terms / privacy policy templates (with legal looking over them of course) that cover as many of the major global privacy laws as is practical, do I need to have more than one version of the cookie banner, consent options, and policies for different global visitors?
- Other advice / resources?
All ideas and advice appreciated… thanks
.