GDPR and Ads Plugins

Hello guys,

So I’ve been reading all threads regarding GDPR here on Meta, and even if the topic is “kind of dead” (because the craze already passed), I can’t seem to find any comment regarding the mix of GDPR compliance on Discourse and the usage of Ads (and for that matter, I can’t seem to find the Official AdSense Plugin topic, even though it is indexed on Google).

So I’ve been reading everything I can find, like this excellent guide from DiscourseHosting regarding what we can do to be compliant with that legislation (regardless of where you host, since it is very likely that you will get EU users) and since the most data that Discourse uses it does from Registered users, it is true that if you put a field asking to acknowledge your TOS and Data Policy (like that article recommends) you are covered.

However, Ads from, for example, AdSense, are displayed regardless of being logged-in or not and if you are using Google Analytics you are also kind of sending data to Google (although I couldn’t find which data they get specifically, but IPs for sure to get the “where are your users from” data).

So… should a Discourse installation that has AdSense (or any other Ad Platform), given that those use cookies or any other browser data to show you “relevant ads” have one of those nice to the eyes and user (please note the sarcasm) pop-ups that make you choose what to use or acknowledge said usage before you can even read the forum? Similar to the Guest Gate Plugin, maybe?

Reaching out to the Community to see the experiences you guys have with this and if that is really necessary (I think it is, but then again, no one seemed to stress that back in 2018 when all the topics regarding GDPR where open).


1 Like

My own understanding is that you are right. You SHOULD probably have one of these “nice” popup if you use AdSense.

It seems like the logical thing to do but then that would take me to the “how” part. Maybe a modified version of the Guest Gate? Since it already has parameters like “show only once”, etc.

However, it does seem necessary to store in the DB which users agreed, maybe?


Found this post with a similar doubt, but seems to have gone forgotten.

I don’t think that any Discourse Site with Ads should run without a “Cookie Validation” warning, given the current law. Something like Cookie Script may work, but I want to hear from the minds behind Discourse to see if that “breaks too much the flow/experience”.

Given the intrinsic nature of this being attached to the Ad Plugin, I’m moving this to the proper Category.