I’m going to assume you know what I mean by the new cookie regulations. Anyway, they came into force on the 26th May 2012 although the ICO (Information Commissioner’s Office) is saying that it has no plans to fine people immediately. Instead they will instigate action when a user complains via a webpage that the ICO have not yet set up. Even then they are more likely to ask you to make changes before going as far as fining you. Never-the-less, there is a potential $500,000 so it’s important that if the changes do apply to you, to do something about it. Of course, you can also complain about the law.
There are a number of plugins currently available in the WordPress.org repository which can assist you with meeting the requirements and I’ve looked at each to see what they offer and what they lack.
Because of the last minute change to the ICO’s requirements I’ve taken the opportunity to update this article, including adding a number of additional plugins that may assist.
Initially, the ICO required that EU visitors to a UK website should have the option to opt-out of non-essential cookies. However, this has now changed so that you can provide an assumed opt-in but only if you have a clear link on your site to a detailed policy. This policy should list the cookies used and why they are used, amongst other things.
Not surprisingly, the plugins use a number of different approaches but there are also varying levels of difficulty for implementing. When considering which option to use you need to, obviously, ensure that you meet ICO requirements but also implement something that’s not likely to cause you to loose visitors! In addition the following are worth considering…
- If providing an on-screen opt-in/out, does the cookie prompt only appear to visitors from EU countries? This will mean that non-EU visitors won’t be bothered by it
- Is it being actively supported? It’s always worth looking at a plugins’ forum entries to see if the developer is responding to queries
- Are there known issues? Again, looking at the support forum will help
- Does the developer use this plugin on their own site? Always a good sign as they are likely to experience any issues too and want to fix them.
Below I’ve performed a quick review of the plugins that I’ve found (all are free and available from WordPress.org). I’ve separated them into 4 sections depending on their approach. If you think I’ve missed any please let me know.
Prompted Opt-in/Opt-Out Plugins
These plugins present an option to visitors to opt-in and, optionally, opt-out of using cookies.
Cookie Confirm is a WordPress implementation of the free Cookie Consent script. What sets this apart is its ability to allow people to opt-out based on selection of a number of categories – for instance the visitor can easily opt-out of advertising cookies but retain analytics cookies.
There are a few options to alter the output, including the messages, but not much else. Sadly, this is where this plugin falls down – the documentation (including the Cookie Consent website) is plentiful but just me confused. For a long time I wasn’t sure if this would actually stop the cookies or was just a front-end to prompt the user.
As there are no options to view which cookies this controls, or rather doesn’t, then I can’t really recommend it. Simplicity is one thing but when implementing something for your site so that you abide by legislation you have to know that you’ve got it right. With no cookie information provided by this plugin, there’s no way of knowing.
This is also quite a new plugin so I don’t yet know how well it’s being supported.
This plugin automates a script provided by Civic UK. However, both the plugin and the script from the Civic UK website appear to have slightly different options, so I’d look at both to decided which to implement (assuming you’re happy with adding code to your site rather than simply activate a plugin).
Cookie Control displays a pop-up on your website allowing your visitors decide whether to keep cookies or not. This minimises down if the visitor wants to make the choice later or even if they went the ability to change their mind later. You can also specify which countries the visitor must be from for any of this to activate.
Code is also provided to add to scripts that leave cookies so that this can be controlled. In other words, manual intervention is required and this isn’t one for the non-developer!
There doesn’t appear to be any outstanding issues with the plugin, however, although the developer doesn’t appear to be supporting it much via the WordPress forum.
This plugin has been created by CookieCert, a website that provides independant certificates of cookie confirmation. Basically, their site audits yours and their site displays the cookies used along with other information. If their information is wrong (as it is for this site) you can pay them to perform a full audit. Therefore, don’t expect this plugin to be much more than an advert for the site.
There appears to be no way to view and adjust which cookies are controlled by this plugin. Also, although the confirmation messages appear at the top, as with the ICO website, it relies on you adding a widget to your site to activate this. The widget will appear empty but if you’ve styled your widgets, for example, to have borders around them you’ll end up with an empty box drawn on the screen. This is a weird way of doing it. Indeed, nothing will appear on your site until you go into the plugins’ settings screens and save – even if you don’t change any of the defaults. This, to me, suggests sloppy programming.
The option that appears at the top of the screen doesn’t like the WordPress Admin Bar – if you have that switched on then the cookie prompt will be hidden. I suspect other screen overlays will have the same problem.
There is no option to say you don’t want cookies – by default, not choosing anything will ape this behaviour but you will have the bar on the screen permantently. This is a potential annoyance to visitors.
Lastly, there appears to be no targeting of just visitors from the EU so this will appear to everybody.
There are a few issues being reported in the forum, but support seems to be a bit lacklustre with the last query being resolved by the plugin author some time ago.
EU Cookie Directive
Now this is more the kind of plugin that I was after. It mirrors the output that the ICO have on their own site – a discreet banner appears at the top of your site asking the user if they wish to accept cookies or not. If they don’t then they are cleared and not retained. A dashboard widget and an administration option will track cookies as they are found on your site so that you can decided whether they should be included or not. You can also label them so you know what they’re for!
The hardest thing is to identify what each cookie is for – I often found a search on Google told me though. Now I don’t know if I was doing anything wrong but I struggled to get new cookies to save – I’d add them on but they’d then disappear. If this is genuinely the case then this would render this plugin useless.
One thing missing is the ability to target visitors from specific countries so, as it stands, this will show for everyone.
However, documentation and support appears to be non-existent and some people have reported issues with users’ choices not being saved. I initially saw this on Internet Explorer but I can’t now re-create it.
Cookillian displays a configurable box at the top of your site which allows users to state whether they do or don’t want their cookies to be saved.
An options screen allows you to set the messages that are displayed and view statistics on how people decided. By default the message will only appear to UK visitors but you can choose additional countries – it would be nice if there was a simple way to choose all EU countries.
There is an additional options screen that lists the cookies found on the site and you can choose what should be done with each, as well as the ability to label them (so you can remember what they’re for!). You can also use wildcards as well which is excellent. Like EU Cookie Directive, it shows new cookies on the dashboard which is a good prompter to know that a decision has to be made about its use.
The cookie prompt does not appear when you’re signed in so make sure you sign out of your site to test it – I’m not sure what user level you need for this not to appear but I’m assuming it’s administrator. In fact I find the on-screen prompt quite large compared to others, but at least there’s no excuse for not seeing it 😉
It’s all worth noting that you need PHP 5.3 or better for this to work.
Earlier issues with caching plugins have been resolved (as of version 1.1) which means I can now heartily recommend this plugin if you wish to add opt-out to your website.
Assumed Opt-In Plugins
If you’re implementing the newer variation of the ICO regulation and want to simply direct visitors to your policy then this is a great way to ensure that it’s visible. There are lots of configuration options and the developer is very open to suggests for improvement.
This uses a different approach, in that any visitor receives a message overlaid onto the screen asking them to accept cookies. If they say no any cookies are deleted and they are redirected to another URL of your choice.
Basically, a “accept cookies or leave” option. It does abide by the ICO regulations but isn’t going to do much for your visitor count.
This plugin has a few basic options but the resulting output looks excellent. It has a choice of a drop-down box to prompt visitors or a light-box window. Unfortunately the latter wouldn’t work on my site.
The plugin is quite new so it’s early days as to how the developer will support this.
I have to say, I love the look of this but I want a little more control over any solution that I implement – after all you don’t want to implement one option and then have to chang latter, forcing existing visitors to opt-in again. The fact that the window option doesn’t work is worrying too.
Shows the content of a specified page as a pop-up in the middle of the screen. You can then accept or decline – the latter will exit you out to a website of your choice.
What this allows you to do is to add an opt-out feature to your site meaning that you don’t have to worry about tracking the right cookies, etc – if users don’t want to have cookies saved they simply don’t use your site.
Like Cookie Warning I wouldn’t recommend this type of action as it’s only likely to impact visitor numbers.
Cookie Information Plugins
If none of them take your fancy I’ve written my own script which you can add to your own site for free.
Cookie cat provides a shortcode that will list out the cookies found on your site along with a suitable category (i.e. which type of cookie they are), description and duration. This sounds great, except for 2 problems…
- It provides this extra information via a provided database. This database is rather light and adding things onto it is not easy – you have to change an XML file but this is written over regularly by an updated version from the author’s website.
- For this to work you have to install a second plugin that adds a load of other shortcodes to your WordPress installation – simply put, I don’t want this.
So, great idea but poorly implemented. A shame, because all of that cookie data would have made a very good policy.
This is a new plugin to the repository and adds a shortcode of [cookies] to your system. Adding this to a page lists all of the Cookies for your site along with the contents.
It’s simply but maybe a little too simple – I’d like to not show the cookie contents.
These are plugins that provide any other kind of assistance in meeting the ICO requirements.
As mentioned in my review of Cookillian, Do Not Track is an option being added to newer browsers. Once selected compatible websites will prevent tracking. Now, this doesn’t assist with the EU regulations but certainly adds a level of privacy to your site that will be appreciated by some users. WP DoNotTrack, not surprisingly, adds this functionality to your site.
Like some of the previous plugins it isn’t a case of “install and forget” as you have to provide an appropriate list of what you should or shouldn’t allow. It’s quite a bit of effort and reasonably technical.
This plugin attempts to use a different approach by not using an “obtrusive popup”. The author believes that if you follow the DCMS website then you must therefore be compliant. This plugin therefore adds a footer link to your site which takes you to a page providing basic privacy information.
Except, this is all rubbish. The government admitted last week that their websites were not compliant and wouldn’t be before the ICO cut-off.
If the author of this plugin simply read the details on the ICO site then he would know that this plugin will NOT provide compliance, even since the relaxation of their rules. A link to a policy in the footer is not suitable, nor is the policy that this plugin generates.
Personally, I’d suggest going to the same sources and creating your own page – that way you’ll have more control over the output.
This all comes down to the approach you wish to use. Assuming you either want to have an assumed opt-in policy or a prompted opt-in/opt-out then I’d recommend the following…
- Prompted Opt-in/Opt-out – Cookillian
- Assumed Opt-in – Cookie Law Info
You can’t go wrong with either – they’re bristling with features, are easy to implement and both developers are really helpful.
There are 27 countries in the EU. Their names and 2-letter ISO country codes are…
AT – Austria
BE – Belgium
BG – Bulgaria
CY – Cyprus
CZ – Czech Republic
DK – Denmark
EE – Estonia
FI – Finland
FR – France
DE – Germany
GR – Greece
HU – Hungary
IE – Ireland
IT – Italy
LV – Latvia
LT – Lithuania
LU – Luxembourg
MT – Malta
NL – Netherlands
PO – Poland
PT – Portugal
RO – Romania
SK – Slovakia
SL – Slovenia
ES – Spain
SE – Sweden
GB – United Kingdom