This post is about cookies. No, don’t excited. Not the ones you eat. I’m talking about the cookies you use to track website visitors.
You may not think about them very often, but if you’re based in the EU (or technically even if you target EU residents), you’re supposed to be asking for users’ consent before you let them browse your website.
Have you noticed those boxes which pop up on sites asking you to consent to cookies? They’ve become pretty common these days. I can assure you that most websites aren’t asking because they’re kind and value transparency. They’re asking because they have to…and you might have to too..
In this post, I want to touch a little bit on the cookie consent law, who it affects, and how you can implement cookie consent in your WordPress site to stay compliant,
What is the Cookie Consent Law?
Cookie consent comes from the EU Directive 2002/58/EC. The directive, which all member nations adopted, essentially tasked individual governments with setting up laws supporting cookie consent. With a few exceptions, the laws generally require you to get informed consent from users for any non-essential cookies.
Essential cookies would be things like ensuring safety during online banking. Non-essential cookies are basically anything that’s not integral to the functioning of the website. AKA all ad tracking cookies.
Technically, the law applies to any websites based in or targeting EU member states. Now, because of the difficulties of enforcement, you probably don’t need to care if you’re outside the EU. But if you’re based in the EU, you should be taking this law seriously. Though they don’t seem to be a frequent occurrence, there have been some very real fines handed out as a result of the laws.
What counts as informed consent?
- Whether or not the cookies are essential
- What type of cookies you use (I like thin mints!)
- Whether only you or third-parties can access cookie information
- That the cookie will not be used for other purposes
- How users can withdraw their consent (the easiest way is leaving your site!)
Most sites typically inform users by a simple notification bar with consent buttons and a link to more information. Another popular way is small windows that slide out like this example:
Now that you know what you need to do, here are some plugins to help you implement cookie consent in your WordPress site.
Plugins to Add Cookie Consent to WordPress
Thankfully, developers have been hard at work crafting some plugins that make it super simple to implement cookie consent. I imagine the threat of 25,000 Euro fines was especially motivating to some European developers.
Here are your best plugin options for cookie consent:
This is a simple and very professional looking solution. You fill in your country, the services you use on your website (Google Analytics, Facebook buttons, etc) then iubenda automatically generates your unique cookie solution.
Cookiebot offers a highly customizable consent banner to handle user consents and give the users the required possibility to opt in and out of cookie categories, plus an easy way to allow the users to change or withdraw their consent. They offer logging of user-consents in our cloud-driven environment, which are downloadable and can be used as proof. The Cookiebot consent banner offers translations for 44 languages and the ability to change the text on the banner and declaration for any language.
Cookie and online tracking scanner
The Cookiebot scanner performs full monthly scans to detect all tracking (cookies, HTML5 Local Storage, Flash Local Shared Object, Silverlight Isolated Storage, IndexedDB, ultrasound beacons, pixel tags and more), as well as detection of where data is being sent to and wherein the source code the cookie-setting script can be found. The scanner generates a cookie declaration with descriptions of every cookie found on your website.
Cookiebot offers a cookie declaration with the automatic categorization of your cookies (strictly necessary, preferences, statistics, marketing) as well as purpose descriptions of each cookie. We maintain a global cookie repository with descriptions of the purpose of commonly used third-party cookies. From this global repository, Cookiebot creates a local repository after the first scan of a website. This is used to describe both first- and third-party cookies.
GDPR Cookie Consent
The GDPR Cookie Consent plugin by WebToffee helps add a cookie consent notification on WordPress websites in a simple and easy way. The consent bar can be used to inform the users of the cookie usage and take their informed and explicit consent for using them. It also gives great customization options for the website owners on how they want the consent bar to look and options available to the users
This plugin helps block all the non-necessary cookies of the website until the users have given their consent. It is highly flexible and is compatible with other plugins including many popular multilingual and cache plugins. You can also find the free version of this GDPR WordPress plugin to help comply with the GDPR Cookie Law.
The coolest features of the premium plugin include the following:
- Automatic scan of the cookies used on the website
- Automatic script blocking until the user consent
- Show consent bar only for the EU
- Categorize cookies to give users granular control
- Maintain an audit of the consent
- Consent withdrawal
Cookie Consent didn’t get especially creative with their name, but they offer a really easy way to stay on the right side of the law. Just activate the plugin and you’ll automatically have a cookie consent box like the example I showed above.
If you do want to configure things differently, you can:
- Have the box automatically disappear after a certain amount of time, or require users to click the close button
- Offer a “close” button or just an “X”
- Option to show the notice on the first page only
- Change the position – top, bottom, or floating
There’s a reason this plugin has 70,000 active installs and a 4.8 star rating.
Ilmenite Cookie Consent
Whereas Cookie Consent implemented a box, Ilmenite Cookie Consent utilizes a design that mimics a notification bar. You can see a design example in the image above.
There’s literally only one setting (the link). If you want customization – try something else. If you want lightweight and minimalist, use this plugin.
Responsive Cookie Consent
In my opinion, Responsive Cookie Consent has the best designed consent form out of any of these plugins. It also utilizes a notification bar style consent box for desktop users, though the responsive mobile version sort of blends a bar with a box:
In the settings panel, you can:
- Choose whether you want it to only display on the front page or not
- Customize the message
- Customize the button text
- Change fonts, widths, and colors
- Set the link to your cookie consent policy
This plugin is great for a good-looking and fully customizable design.
EU Cookie Law
EU Cookie Law notifies your users with a floating bar at the bottom of the page by default.
However, the plugin lets you change the position of the box, as well as the message text and colors.
Because EU Cookie Law is specifically designed to meet Italian cookie laws, it also has several other features that go above and beyond the other plugins:
- Choose criteria for user consent: clicking, scrolling, or navigation
- Option to automatically block scripts if users don’t give consent (think hard before using this feature!)
- Shortcode to display a full list of cookies
All these are pretty advanced features that you won’t find in the above plugins.
Cookie Notice by dFactory
With 200,000+ installs, Cookie Notice by dFactory has the most activate installs of any plugin on this list. It’s also got an impressive 4.9 star rating.
Why so popular? Probably because it offers features like:
- Editable messages
- Customizable positioning for the notification box
- Cookie expirations
- Automatic accept cookies on scroll
- Option to refuse functional cookies
If you’re in the European Union and haven’t already implemented a cookie consent notice, you should definitely consider it. If you’re running any type of third party ads or tracking, you probably need to get consent to follow the law. Given that most WordPress webmasters I know use at least Google Analytics, you don’t want to risk anything.
So, create a cookie consent page (here’s a link to a template for the consent page!), install one of these plugins, and breathe easy knowing that you’re on the right side of the regulations.