I searched the forum and googled (a lot), but I could not find a solution on how to implement the strict German privacy law regarding cookie opt-in/usage in/with ghost.
This is not (only) about cookies set by ghost but by other 3rd party plugins and services (e.g. YouTube, Twitter, Facebook,google analytic, Amazon, etc.) used on the site.
In Germany the user needs to opt-in to the cookie usage and he needs to give consent for the usage of 3rd party cookies.
He needs to ,at least, be able to choose between “essential” cookies (which are needed for basic site functionality) and others (to play embedded YouTube video, show tweeds, make use of google analytic,…)
As long he does not make a selection the site needs to be either blocked (which is obviously not preferred ) or can’t set any cookie at all while the user uses the site.
If non-essential cookies are denied by the user, 3rd party cookies can’t be used while he is using the site.
Essentially this means that embedded 3rd party plugins/services need be to disabled by ghost depending on the user’s cookie selection.
E.g.:If the user denies 3rd party cookie in the cookie selection, embedded YouTube videos need to be “replaced” with some static image until the user allows 3rd cookies.
Same would be true for something like google analytics,which would need to be disabled until the user “allows” the usage of 3rd party cookies.
Does anyone know how to achieve this in/with ghost?
Without something like this a blogger in Germany would be exposed to cases-and-desist orders including a money penalty.
An example for this for Wordpress would be borlabs.io cookie plugin.