• 95 results
  • 1
  • 2
Avatar image for rorie
#1 Posted by Rorie (5194 posts) -

Hey all,

We are rolling out some changes to the websites to ensure that we’re in compliance with the new General Data Protection Regulations that we’re required to conform to in Europe. If you don’t know what the GDPR is, it is “a law applicable to the EU area that gives people control over how their data may be collected and used by the sites they visit and the companies they work with to provide tracking, advertising, or other services.”

If you’re in the areas affected by the GDPR you will begin to see a popup when you visit the site today. The black popup asks you to approve of our use of cookies and data collection on the site. These cookies are required for the site to function; among other functions, they keep you logged in, track your viewing stats so that you can resume videos and podcasts from the position you left when you return to the site, allow us to figure out how many people are watching which videos, and help us serve ads. These cookies have always been part of the terms of use for the website, so not much has changed here, except that now we ask you to explicitly accept these cookies in order to continue using the site. The black banner notice will stay up until you accept CBSi’s Cookie & Data Policy.

In addition, you can click the Manage Settings/Options button to manage privacy settings for third-party cookies. If you wish to opt-out of these cookies, you may do so via the “Opt-out” button on this page. This is a separate action from accepting the CBSi cookies.

The GDPR requires us to offer a method to change your settings at all times, so the Manage Settings button must remain in position permanently. We are looking into making this less obtrusive but don’t have an ETA on that at the moment.

Staff
Avatar image for soulcake
#2 Edited by soulcake (2278 posts) -

Always great when you try to opt out from a thrid party add company and get a redirect to a Russian site written in XML or some other obscure thing.

Avatar image for martin256
#3 Posted by Martin256 (13 posts) -

Why are you collecting data for ads for premium users? :( I have an adblocker, but still.

Avatar image for rorie
#4 Posted by Rorie (5194 posts) -

Why are you collecting data for ads for premium users? :( I have an adblocker, but still.

That was just an example of a possible use. I don't know the specifics of data collection for Premium users but obviously we need to do this for free users.

Staff
Avatar image for hassun
#5 Edited by hassun (9452 posts) -

I haven't seen a pop-up of any kind but all the videos have stopped loading. Are these things related?

No Caption Provided

Avatar image for civraz
#6 Edited by Civraz (409 posts) -

I'm not in Europe and just noticed this as well.

@hassun said:

I haven't seen a pop-up of any kind but all the videos have stopped loading. Are these things related?

No Caption Provided

Avatar image for rorie
#7 Posted by Rorie (5194 posts) -

@civraz: @hassun: What browser are you using? Have you tried another one?

Staff
Avatar image for martin256
#8 Edited by Martin256 (13 posts) -

@rorie: Would just be nice to not be tracked for ads etc. when I pay. Looks like I was not since all the boxes were ticked... or at least a lot of them... so many that it was hard to see... and it is not even possible to opt out of all of them without going to a bunch of third party websites?

*sigh* Why did the EU not come up with something like GDPR sooner *sigh* :(

Avatar image for mike83
#9 Posted by Mike83 (31 posts) -

Just accepted this then used my adblocker to block the 'Manage Settings' floating bar thing. All looking good now :)

Avatar image for civraz
#10 Posted by Civraz (409 posts) -

@rorie: Firefox. Works in Chrome. Tried disabling all extensions to no avail.

Avatar image for bicycle_repairman
#11 Edited by Bicycle_Repairman (633 posts) -

To be honest this wasn't the hell that @jeff promised us on the bombcast. to be fair, i didn't get the popup on the mobile phone. Just reading some text and then a simple opt out option (which i used). only slight negative is the manage settings button always on screen as Rorie mentioned. But overall not that bad of an experience (assuming i did really opt out of everything possible when i pressed the opt out button). Long live GDPR! Always nice when the EU uses its power for something benefiting its citizens directly.

Avatar image for lanerobertlane
#12 Edited by lanerobertlane (272 posts) -

Hey @rorie. We've had "cookie banners" on websites in the EU for years now, usually they're just a small line of text, like these:

No Caption Provided
No Caption Provided
No Caption Provided

Usually, you click "Read / Learn More" to get the thing that takes up half the page to explain how and why they're used and explain that you can go to the settings menu to change it.

I know you you're not used to seeing these outside of the EU, but this is the usual implementation (and the GDPR cookie section is just following through on the existing EU Cookie Law) and they don't need to take up a third of the screen. I know lawyer's will be lawyer's, but maybe in your next "constructive conversation" with them you could point this out to them in the name of the User Experience?

I guess you've already had conversations about this, but I thought if I at least typed this out, you can print it out any and all constructive user feedback and throw it on a lawyer's desk.

Also:

No Caption Provided

This one's just for you.

Avatar image for rorie
#13 Posted by Rorie (5194 posts) -

@lanerobertlane: Unfortunately this is a CBS-wide implementation that we didn't have a huge amount of control over. But I know there's a lot of...strong feedback flowing uphill about the way this looks right now. Sorry for the trouble and hopefully it'll be cut down in size at some point.

Staff
Avatar image for lanerobertlane
#14 Posted by lanerobertlane (272 posts) -

@rorie: It's no problem, and nowhere near as annoying as the hundreds of e-mails asking if i still want to be on a mailing list I forgot about 10 years ago. I just wanted to be able to provide feedback you can use, more than wanting to complain about it.

Avatar image for alternate
#15 Edited by alternate (2874 posts) -

That bar wasn't as bad as Jeff suggested. I have seen worse. Not tried it on mobile tho.

Not seen anyone else have a visible button to change preferences though. Are you sure it needs to be permanently visible and not just always available in the account prefs? Your lawyers might be being over cautious. The next few weeks should make things clearer as everyone implements it.

Avatar image for martin256
#16 Edited by Martin256 (13 posts) -

@rorie Sorry, I'm just a bit frustrated. GB is one of the few sites I pay for and really appreciate. Would be nice if that also meant not being tracked for ads. Anyway, I'll shut up now. You probably have enough to do as it is already.

Avatar image for clush
#17 Posted by clush (685 posts) -

I'll take a little floating button over being profiled by unknown third parties any day.

Avatar image for alistercat
#18 Posted by AlisterCat (7985 posts) -

I only saw the pop up when I logged out and turned off my ad blocker. It wasn't so bad but I'm also at 1440p so it appeared really small.

Avatar image for tomeric
#19 Posted by tomeric (2 posts) -

I don't usually post on GiantBomb, even though I've been a premium subscriber for several years, but as we've been working on GDPR compliance for a couple of months, and as a European, I'm a little bit disappointed in your implementation.

  1. You're required to get explicit permission to use cookies. This means that all the ad services that are now checked by default should be unchecked by default and I have to give you explicit permission to share my information with those parties.
  2. Most of the cookies described in the "Necessary Cookies" section are not necessary at all and are sharing personally identifiable information (like my IP-address) with 3rd parties without permission.
  3. It must be possible to use the website without agreeing with your cookie notice and continued usage of the site does not count as explicit permission.
  4. The privacy policy must be concise and transparent. It is neither right now. I can't see how my personal information is being used at all and I also don't know how long you will keep my data in your system (just a vague "time period reasonably necessary").

I know you probably have to follow CBS in this and have little say in the matter, and I also understand that I must come across as an entitled European jerk, but I did expect better from you guys :(.

Avatar image for rorie
#20 Posted by Rorie (5194 posts) -

@civraz said:

@rorie: Firefox. Works in Chrome. Tried disabling all extensions to no avail.

Hmm, it's working for me in FF but we'll poke around. Sorry for the trouble.

Staff
Avatar image for civraz
#21 Posted by Civraz (409 posts) -

@rorie: Ah, no worries. Just trying to help. I think I saw another user with a similar issue at the end this bug thread, as well.

Avatar image for abczyx
#22 Posted by abczyx (49 posts) -
No Caption Provided

...to be fair, I think it's me.

Avatar image for hassun
#23 Edited by hassun (9452 posts) -

@civraz: @rorie: I'm on Firefox as well, turning off ad/script blockers did not change it.

Using the download option still gives me access to the video on the website.

Avatar image for kindofblue
#24 Posted by KindOfBlue (153 posts) -

Everything seems fine, but is that big Manage Settings -button always gonna be there?

Avatar image for cyborgx7
#25 Posted by cyborgx7 (137 posts) -

Here is a tip for how to deal with GDPR. Don't track people who haven't consented to it. Done. Wasn't that easy?

If features need tracking, ask them wether they are ok with tracking when they want to use that feature.

Avatar image for rorie
#26 Posted by Rorie (5194 posts) -

@hassun said:

@civraz: @rorie: I'm on Firefox as well, turning off ad/script blockers did not change it.

Using the download option still gives me access to the video on the website.

I believe Will might have a fix for this in the works. It might start working again soon but with long loading times; there'll be a more permanent solution when he has time to implement it.

Staff
Avatar image for rorie
#27 Edited by Rorie (5194 posts) -

@kindofblue: We are pushing very hard to have it be less intrusive going forward.

Staff
Avatar image for wemmick
#28 Posted by wemmick (47 posts) -

@tomeric said:

I don't usually post on GiantBomb, even though I've been a premium subscriber for several years, but as we've been working on GDPR compliance for a couple of months, and as a European, I'm a little bit disappointed in your implementation.

  1. You're required to get explicit permission to use cookies. This means that all the ad services that are now checked by default should be unchecked by default and I have to give you explicit permission to share my information with those parties.
  2. Most of the cookies described in the "Necessary Cookies" section are not necessary at all and are sharing personally identifiable information (like my IP-address) with 3rd parties without permission.
  3. It must be possible to use the website without agreeing with your cookie notice and continued usage of the site does not count as explicit permission.
  4. The privacy policy must be concise and transparent. It is neither right now. I can't see how my personal information is being used at all and I also don't know how long you will keep my data in your system (just a vague "time period reasonably necessary").

I know you probably have to follow CBS in this and have little say in the matter, and I also understand that I must come across as an entitled European jerk, but I did expect better from you guys :(.

  1. The ad services in the third-party popup are unrelated to the approval you give on the first black banner. They are checked by default because they are services we've used historically, so that reflects the current state of things.
  2. They are necessary for us to operate and support our sites with basic ad offerings. Naturally that doesn't apply to GB premium folks who won't see any ad-related tracking.
  3. This is pretty standard language and practice across the industry at this point.
  4. I'm afraid I can't speak to the legal language to that level of precision, but in general I'd consider this a "Phase 1" implementation. We are already taking feedback and looking for ways to improve all this, so please keep the feedback coming guys.

Thanks!

Staff
Avatar image for fledeye
#29 Posted by fledeye (228 posts) -

@rorie said:

The black banner notice will stay up until you accept CBSi’s Cookie & Data Policy.

(snip)

In addition, you can click the Manage Settings/Options button to manage privacy settings for third-party cookies. If you wish to opt-out of these cookies, you may do so via the “Opt-out” button on this page. This is a separate action from accepting the CBSi cookies.

The GDPR requires us to offer a method to change your settings at all times, so the Manage Settings button must remain in position permanently.

Hi, another European that’s been dealing with and teaching GDPR in a voluntary organisation for some time.

I’m confused about this as many others are.

Is the “manage settings” button there permanently or not. Near the top of your post you say it will stay until I accept the cookies and then later on you say it’s got to stay there so we can change our preferences at all times. As I’m not going to accept the cookies, will it just be there forever anyway?

And if I don’t accept the cookies am I still going to get the benefits on being a Premium member? I’m never going to accept them as your “necessary cookies“ are not necessary at all. GDPR states that not accepting for my data to be shared shouldn’t affect how I use the site if I don’t accept, but it’s written in such a way to make me doubt.

As other Europeans have said this is a very poor implication and not inline with GDPR or the Data Protection Act of 1998 which still stands in the UK for another few hours.

I’m not having a go at you @rorie, I think you’re marvellous, but CBSi need to be made aware that they might as well not have bothered it’s so bad.

Avatar image for wemmick
#30 Edited by wemmick (47 posts) -

@fledeye said:

And if I don’t accept the cookies am I still going to get the benefits on being a Premium member? I’m never going to accept them as your “necessary cookies“ are not necessary at all. GDPR states that not accepting for my data to be shared shouldn’t affect how I use the site if I don’t accept, but it’s written in such a way to make me doubt.

The "Manage Settings" button is currently there permanently. We are looking for options here to make it less obtrusive - we realize this is less than ideal.

You will need to accept CBSi's use of cookies in order to use the site at all - that lets us keep you logged in, remember your place in videos, etc, so that's pretty critical. The ad-related cookies in the "Necessary Cookies" list are not relevant for premium members.

Staff
Avatar image for tomeric
#31 Posted by tomeric (2 posts) -

@wemmick: As I've said, I've been working on GDPR compliance myself for the past month, and it was a lot of work (more than I expected), so I also understand that this must be very frustrating and cost a lot of developer time that could be spend on improving the site in different ways. I know it feels unfair and I know a lot of people will agree with you when you say that ads require cookies and GiantBomb requires ads to pay the bills, but the law is pretty strict to when you're allowed to use my (and other European's) data without asking explicit information and serving ads is not one of the reasons. Article 6 of the GDPR (Lawfulness of processing) gives you the 6 legal reasons to collect personal data:

  1. When you have explicit consent (opt-in)
  2. When you need to use my data to fulfil a contract I have with you
  3. When there is a legal obligation to collect my data
  4. When my life, or that of someone else is at stake
  5. When my data is needed for a task carried out in the public interest
  6. When my data is needed for a legitimate interest; which is pretty limited. You can for instance collect some information to prevent fraud.

Even if the language of the privacy policy is/was standard, the GDPR actually wants people to read those policies, so they need to be easy to read and not full of legalese.

I understand that everything takes time, and I hope GiantBomb will manage to be GDPR compliant in the future.

Avatar image for deactivated-5b85a38d6c493
#32 Posted by deactivated-5b85a38d6c493 (1990 posts) -

Damn that manage settings button is quite visible. At least I can opt-out from all the third-party bs.

Avatar image for cikame
#33 Posted by cikame (2440 posts) -

Can i allow the cookies that keep me logged in, and not accept the the advertising based ones?
I went into manage settings to attempt this but not sure if i was successful or not.

Avatar image for makyds
#34 Posted by makyds (12 posts) -

dumb question: Im from EU, is there any reason the site hasn't chanced at all for me?

Avatar image for rorie
#35 Posted by Rorie (5194 posts) -

@cikame said:

Can i allow the cookies that keep me logged in, and not accept the the advertising based ones?

I went into manage settings to attempt this but not sure if i was successful or not.

If you're premium, I don't believe we target you with any advertising-based cookies.

Staff
Avatar image for fledeye
#36 Posted by fledeye (228 posts) -

@cikame:

That’s what they are supposed to offer. We are supposed to be able to choose which data CBS can keep and which it can’t. Who can track us and who can’t.

But it seems like it’s all or nothing which is not what GDPR states at all.

It states they can use data to supply a service we have paid for/opted in for, which to my mind is staying logged in and remembering our position in a video etc. But they can’t use our data for anything else or give it to anyone else without permission unless there is a legal reason or personal reason (if they thought you were in danger or dangerous for example).

Avatar image for wemmick
#37 Edited by wemmick (47 posts) -

@tomeric: I suppose it comes down to what you consider "clear and plain language" which is what's required for the consent messaging. We have tried our best to make the language on the Data Policy popup clear and plain, but if we find a way to improve its clarity without sacrificing accuracy, we certainly will.

Staff
Avatar image for jaqen_hghar
#38 Posted by Jaqen_HGhar (1361 posts) -

@rorie This is all fine, the only thing I just don't understand is why that "Manage Settings" button has to be there all the time. Living in Europe I am used to the "Hey, this site uses cookies, press this button if that's OK", and that's it. Press it, it's gone. Never seen a permanent button taking up space like that. So put a +1 on the message to the top about not really needing that button there permanently.

Avatar image for hassun
#39 Posted by hassun (9452 posts) -
Avatar image for rorie
#40 Posted by Rorie (5194 posts) -

@jaqen_hghar: That is definitely part of the feedback that we're trying to send to the people who are able to change that. Apologies for the trouble!

Staff
Avatar image for yani
#42 Posted by yani (428 posts) -

@rorie: Hi Rorie, sorry to add to the avalanche of feedback but had a couple of beers and feel the need to chip in!

I clicked "Mange Settings" then clicked "Opt Out" but am still being pestered by a giant cookie policy pop-up. I would also agree with others that while marketing cookies may be "necessary" for your non-premium business model, they are not required for the website to actually function and therefore EU users should be able to opt out of them. By opting out you should instead serve non-tailored adds to your non-premium customers.

I would also suggest moving the "Manage Settings" to a simple link in the footer, doesn't need to be onscreen at all times and so in your face.

Good luck!

Avatar image for dudeglove
#43 Posted by dudeglove (13503 posts) -

I want to chime in and say that this is a top tier forum title pun.

I work at an IT company and it's been fun the past few days. It's not as if the legal department had two whole years to prepare for this or nothing.

Avatar image for dweep
#44 Edited by Dweep (67 posts) -

@alternate said:

That bar wasn't as bad as Jeff suggested. I have seen worse. Not tried it on mobile tho.

It's difficult to imagine Jeff being upset and using hyperbolic language when describing something that ticks him off ( and usually only happens to be a minor inconvenience for others). Really, it was a bagatelle and it didn't divulge anything that I didn't already know.

Avatar image for cagliostro88
#45 Posted by Cagliostro88 (1236 posts) -

Ok i'm a moron and accepted right away because i'm used to the cookies thing everywhere from years; i have no black bar anymore so is there another way for me to reach the manage the settings options to opt out of some stuff?

Avatar image for wemmick
#46 Edited by wemmick (47 posts) -

@cagliostro88: There should be a "Manage Settings" button that honestly just won't go away. Do you not see that? It should be in the bottom left corner.

Staff
Avatar image for whatshisface
#47 Posted by WhatsHisFace (744 posts) -

@mike83 said:

Just accepted this then used my adblocker to block the 'Manage Settings' floating bar thing. All looking good now :)

Thanks for the tip!

Avatar image for admiralcurtiss
#48 Posted by AdmiralCurtiss (13 posts) -

I have a question. I have not clicked the 'Agree' button, and yet I am logged in and able the use the site. What's going on with that?

Avatar image for dagas
#49 Posted by dagas (3644 posts) -

As a European we have had plenty of mandatory GDPR training at work and it is about much more than accepting cookies but that is a good start. I think most companies even here still don't understand it fully.

Avatar image for chris24680
#50 Edited by chris24680 (61 posts) -

@wemmick:

Hi,

I'm a European software developer, so here's my feedback you didn't ask for:

The ad services in the third-party popup are unrelated to the approval you give on the first black banner. They are checked by default because they are services we've used historically, so that reflects the current state of thing.

To be GDPR compliant data sharing must be opt-in. It doesn't matter what the current state of things is, users must be opted out of data sharing until they themselves have given permission.

They are necessary for us to operate and support our sites with basic ad offerings. Naturally that doesn't apply to GB premium folks who won't see any ad-related tracking.

Providing tailored ads doesn't fall into GDPR acceptable reasons for collecting and sharing data, in fact allowing opting out of ads like these is pretty much one of the main things the regulations are designed to do.

I understand that this seems to be a CBSi developed thing, and the GB team don't have much control over it, but at the moment it's not implemented correctly and isn't compliant.