Ensuring GDPR compliance in apps presents unique challenges. The following are the most common issues we've found:
This issue comes up when there is a lack of alignment between an app's declared cookie categorization and its actual behavior.
Wix currently blocks cookies that don't align with the site's consent policy. However, if your app includes an iframe extension or an embedded script extension, you must categorize your app's cookies on your own. For embedded scripts, make sure to categorize your cookies correctly in your app dashboard.
Categorizing your iframe or embedded script app incorrectly can lead site owners to uninstall your app and leave negative reviews due to lack of compliance.
Test your app for compliance and update the categorization as necessary.
Note: Apps with an iframe extension or embedded script extension, must categorize their cookies correctly. For embedded scripts, make sure to categorize your cookies correctly in your app dashboard.
This issue comes up when an app initiates scripts before checking the visitor's consent.
Sometimes apps inadvertently initiate scripts before obtaining and confirming user consent, due to improper handling of default settings or lack of a comprehensive consent management system. This often occurs when scripts are embedded directly into the app's codebase and executed as soon as the app loads.
Loading scripts prematurely can lead site owners to uninstall your app and leave negative reviews due to lack of compliance.
To address this issue, you need to implement consent gates that hold off on executing these scripts until the user has explicitly granted permission, ensuring both user privacy and legal compliance.
This issue comes up when an app loads cookies and trackers that don't align with the visitor's consent - particularly apps with an iFrame extension.
Apps might load cookies and trackers that do not align with a visitor's consent due to misconfigurations in their consent management systems or lack of thorough auditing of third-party dependencies. These issues can arise when default settings permit trackers to activate before consent preferences are checked or updated, causing discrepancies between user intentions and actual data practices. Additionally, third-party services integrated into apps might introduce additional cookies or trackers that aren’t immediately apparent to developers, leading to unintentional data collection.
Loading cookies and trackers that don't align with the visitor's consent can lead site owners to uninstall your app and leave negative reviews due to lack of compliance.
To ensure alignment with consent, apps must employ rigorous checks, thorough auditing of all cookies and trackers, and dynamic consent updating mechanisms to prevent any unauthorized data tracking.
Make sure to check the visitor's consent policy at the start of each session, build mechanisms to prevent loading any cookies and trackers that don't align with a visitor's consent, and listen to and comply with any policy changes during a session.
Note: Apps with an iframe extension or embedded script extension should follow the instructions in Implement Cookie Consent Requirements to check the visitor's consent policy.