Set reasonable default lifetimes for all mtm_consent_* and matomo_ignore cookie #23012
Labels
Enhancement
For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
triaged
Comments
peterbo
added
Enhancement
randy-innocraft
added
triaged
and removed
To Triage
|
Hi @peterbo, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Consent-Cookies and matomo_ignore cookies are set for a lifetime of 30 years or even without any expiration time (https://matomo.org/faq/general/faq_146/). You can set the lifetime of the consent cookies as a second method parameter, but there should be a sane default lifetime set to e.g. 13 to 20 months. The different regulators demand different lifetimes for the cookies, but also for consent cookies, these are mostly 6 to 13 months. See https://iapp.org/media/pdf/resource_center/CNIL_ICO_chart.pdf
The CNIL for example states "As a best practice, the French regulator considers that consent given to cookies should be valid for six months but emphasizes that there is no perfect “one size fits all” answer to this question.".
U.K. regulation: "The maximum possible technical duration of a cookie (e.g., “31/12/9999”) would not be regarded as proportionate in any circumstances."
The lifetime of the matomo_ignore cookie can't be changed at all as far as i know. This should also have a reasonable default lifetime.
Your Environment
The text was updated successfully, but these errors were encountered: