Complying with the EU Cookie Law

In October 2009 the European Union adopted a directive which updated their existing law on electronic privacy. The directive compels EU member nations to update their own laws to on electronic privacy. Specifically it targets the use of tracking cookies by websites. The following is a quote from the EU Directive.

“Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.”

We’re going to look at what websites should do to be in compliance with the new laws, or do you even need to be compliant. We’ll walk through implementing a few solutions to providing users with cookie notifications. We’ll also look at creating a “Cookie Policy” web page.

When to Comply with the Cookie Law

Just about every website today is setting cookies. If your website is not directly setting cookies, than a 3rd party used by your website, like Google or Facebook is setting cookies. However, the European Cookie Laws really only apply to websites hosted in a European company, or if the website is owned by a European company. If your website specifically targets users in Europe it could apply as well. But let’s say you have a website for your business in Dallas Texas, and it’s hosted on a server Chicago. The European Cookie Law really does not apply to you, and you probably don’t need to adjust your website. If your website appeals to a broad number of international users, you may want to be safe and update your website.

If you want to test your website, there’s several online tools available. I like the Cookie Law test at Sitebeam.net. The test is very complete and they provide a very detailed break down of the findings.

How to Comply with the EU Cookie Law

There’s two components needed for compliance. A popup to alert the user that the site uses cookies and way for the user to acknowledge this. The second component is a page on your website providing details of how your website uses cookies.

When it comes to creating a popup for users, you don’t want it to disrupt the look and feel of your site or be very invasive. But it needs to be visible and mobile friendly. I used the Cookie Consent library from Silktide. Its very lightweight and very minimal. The javascript is hosted on Cloudflare so that makes it even easier. If your theme supports adding in custom javascript, add it there. If it doesn’t, you can manually edit the header.php for your theme and add it there.

<!-- Begin Cookie Consent plugin by Silktide - http://silktide.com/cookieconsent -->
<script type="text/javascript">
    window.cookieconsent_options = {"message":"This website uses cookies to ensure you get the best experience on our website","dismiss":"Got it!","learnMore":"More info","link":"http://wireandfrost.com/cookiepolicy","theme":"dark-bottom"};
</script>

<script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js"></script>
<!-- End Cookie Consent plugin -->

If you would prefer to just use a plugin to handle this functionality, there several very good free plugins that provide Cookie Consent. DFactory’s Cookie Consent plugin is widely used and works very well.

Creating a Cookie Policy Page

The other recommended step is to create a Cookie Policy Page.  This should be a static page on your site that provides all the details of the Cookies used on your site, and it should be provided in an easy to understand format. You should include the following information on your Cookie Policy Page:

  • A description of what cookies are and how they are used.
  • The types of cookies you use. For example, “We use Google Analytics to track how our website is used. We also use Google Adsense to place advertising on our web pages. Google uses to cookies to provided targeted advertisements to you.
  • A brief description of how the user can control cookies in their browser.

You should link to the Cookie Policy Page in the footer of every page in your website. You should also include a link in your Cookie Consent popup. You can look at Wire & Frost’s Cookie Policy Page for an example.

Hopefully this gives you a good overview of the European Cookie Laws, and some tools you can you use to keep your website compliant.

 

I’m an avid Technologist, while I do work on architecting solutions that span from the desktop to the data center, my passion is Web Infrastructure.

Tags:

We will be happy to hear your thoughts

      Leave a reply