feat: Missing GDPR Compliance Guide
AmitMY opened this issue · comments
Plugin(s)
- Analytics
- App
- App Check
- Authentication
- Crashlytics
- Cloud Firestore
- Cloud Messaging
- Cloud Storage
- Performance
- Remote Config
Current problem
The analytics package has the following code which runs in the app:
await FirebaseAnalytics.setEnabled({enabled: false});
When integrating firebase analytics, users must grant explicit informed consent, so this needs to be the default behavior, to disallow sending anything.
Preferred solution
Developer must set up this in the beginning of the execution:
await FirebaseAnalytics.setEnabled({enabled: false});
(unless it could be that on iOS/Android you send crash events regardless, in that case, there should be an environment flag that starts it as false)
- Every time the developer logs an event, when analytics is not enabled, it should be added to an event queue.
- If at any point
FirebaseAnalytics
becomes enabled (let's say, user clicked "accept") all events should be sent to the server, ideally with their original timing
Alternative options
Developers can implement such a behavior by wrapping around FirebaseAnalytics
with their own service, but, it is not trivial to handle startTrace
and stopTrace
for example.
Additional context
https://secureprivacy.ai/blog/google-analytics-4-gdpr-compliance
Before submitting
- I have read and followed the feature request guidelines.
- I have attached links to possibly related issues and discussions.
I think you are looking for the setConsent
method. So this issue should be a duplicate of #518.
Yes! that is mostly it.
I'm not sure if that covers some sort of an "event queue" though, where events/pageviews before the relevant consent wait to be sent
I think so. I am closing this issue as a duplicate of #518 . If it turns out that you were looking for something else, we can reopen this issue.