What’s the Deal with Cookie Consent Notices?
Surely you’ve seen them many times. They show up as banners at the top or bottom of webpages or as distracting popups. Virtually every website based in the EU is supposed to display them. What am I referring to? Cookie consent notices.
Have you ever wondered why some sites display a cookie consent notice? Do you know whether or not your site should be displaying such a notice? Maybe you know that your site probably should have a notice displayed, but you haven’t gotten around to setting one up.
In this article, I’ll help you figure out if you need to display a notice, explain what the notice should include, and show you how easy it is to add a cookie consent notice to your WordPress site.
But before we dig into the details, let’s set the stage. Why do these consent notices even exist and what is their purpose?
What Is the Cookie Law?
In May 2011, a European Union (EU) Directive was adopted by all EU member countries to protect consumer privacy online. This piece of privacy legislation requires that covered websites:
- Let users know if they are using cookies
The law is enforced by governing bodies in the EU, and therefore cannot apply unilaterally to everyone. If you live outside of the EU, have a website hosted on a server outside of the EU, and are targeting consumers anywhere other than the EU, you don’t need a cookie consent notice.
Who Does the Cookie Law Apply To?
- Any person or organization that is physically located in the EU and has a website
- Any website that targets EU consumers
Not all Cookies are Created Equal
Even if your site is based in the EU and targets EU consumers, you still might not need a cookie consent notice (but you probably do). It all depends on the type of cookies your site uses.
The Cookie Law distinguishes between two different kinds of cookies: Session cookies and persistent cookies.
- Session cookies are the cookies that are strictly required for website functionality and don’t track user activity once the browser window is closed. Examples of session cookies include faceted search filter cookies, user authentication cookies, cookies that enable shopping cart functionality, and cookies used to enable playback of multimedia content.
- Persistent cookies are cookies used to track user behavior even after they have moved on from your site or closed the browser window. Cookies used by analytics programs and advertising tracking cookies are the most common types of persistent cookies.
Sites that make exclusive use of session cookies do not require a cookie consent notice. However, sites that make use of any persistent cookies do require a cookie consent notice.
The cookies used by the WordPress core are session cookies. So, it’s theoretically possible to run a WordPress site that doesn’t require cookie consent.
In reality, you would be very hard-pressed to find a WordPress site that only uses session cookies.
Use any sort of analytics program, display advertisements or affiliate links, use a single sign-on authentication system, or track visitors in any other way, and your site is using almost certainly using persistent cookies.
In short, if your website is based in the EU or if you are targeting consumers in the EU, and your site uses even a single persistent cookie, you need to display a cookie consent notice.
You might be wondering to yourself: “Well, what if I don’t want to do this? Who’s going to make me?”
Unless your site is quite popular, abuses user data in some way, or someone complains to a governing authority, there’s a good chance nothing will happen if you don’t comply. However, failure to comply can include a sizeable fine, and the cost of complying is incredibly low–at least for WordPress users.
Better safe than sorry, right?
How to Comply with The Cookie Law
To comply with the law you need to do three things:
- Let users know that you’re using cookies
- Provide a link where they can learn more about how you use the data you gather
Some websites go a bit over the top and even let you manage cookie preferences. This sort of feature is certainly not required by the law, and I would question whether it could possibly be worth the time and effort.
There are two types of consent that websites can gather: Implied consent and explicit opt-in consent.
The legislation applies whether a user is on a computer, smartphone, tablet, or any other device. So when you set up a cookie notice it’s important to make sure that the notice appears and functions appropriately on all devices.
As with virtually all WordPress website features, there’s a plugin for handling cookie consent notices. Actually, there are many, many, many plugins available to handle cookie consent notices.
Here are few that are particularly popular, highly-rated, or uniquely interesting to get your search for the perfect cookie consent plugin started.
This plugin adds a new Cookie Notice option in the Settings menu. From that page you can craft a cookie notice message, set button text, create a Read more link, control placement of the notice, decide whether or not to gather implied consent on scroll, set color options, give users the ability refuse to accept non-functional cookies (although this option requires advanced cookie and WordPress knowledge), and more.
This plugin is a good option for websites that want to be able to control every aspect of the cookie consent notice and want to offer advanced features, such as the ability to block non-functional cookies like analytics and advertisement tracking cookies.
This plugin adds a new Cookie Law Info item as a primary menu link in the Admin menu. The options page for the plugin is simple and self-explanatory. Place the notification bar in the header or footer and select from various animation and auto-hide behavior options. In addition, this plugin provides full control over all colors applied to the notification bar including all button colors and styles.
One interesting feature offered by this plugin is the ability to select a First Page Only option which causes the notification to only be displayed on the first page the user visits. If paired with a clear implied consent message, this setting could be used to create a cookie consent notice that was as low-profile and minimally disruptive as possible.
You couldn’t possibly make cookie consent notices any easier than Easy WordPress Cookies Popup. So easy that it might actually be too easy.
Activate this plugin and then go to Settings > Cookie Notification to configure plugin settings. The only settings include the ability to customize the cookie notification message and the ability to position the message at the top or bottom of the site. The notification is only displayed on the user’s first page view after reaching your site, so make sure to include a clear implied consent message.
This plugin’s settings page can be found by going to Settings > WP Cookie Banner. Available options include a range of preset notification banner cookie duration periods, banner display timeout options, fully customizable cookie banner CSS, and the ability to customize the banner message.
Once the settings are applied, the notification is only displayed a single time even if the banner times out before the user has a chance to read the message. So be sure to set a banner timeout duration that is long enough for visitors to notice and read the displayed message. Also, while the default styling is really very nice, if you want to change anything you will need to be familiar with CSS since all styling settings have to be modified by manually adjusting the plugin CSS.
How the Cookie Crumbles
Websites that use persistent cookies and are based in the EU or target EU consumers should display a cookie consent notice to site visitors. Using an implied consent method to gather user consent is acceptable, and there are many good plugin options in the WordPress Plugin Directory that can be used to easily and quickly create an attractive and informative cookie consent notice.