I don’t usually write about government policy or legal changes, but some laws directly affect the web while still leaving webmasters scratching their heads. With that in mind, meet the EU Cookie Directive.
A few years back, the European Union decided to mandate that all websites operating from EU member states should have to obtain consent from users before deploying cookies. While compliance has been easy for some, others have found it to be a real headache.
In this post I will explain the directive and what you need to do with your site to comply. I will also cover a selection of quality WordPress plugins that provide a solution.
What is the Directive?
It’s actually not a new law – the European Union just changed an old law. In 2009, the EU amended its E-Privacy Directive to require cookie consent.
EU member states technically had until 25 May 2011 to make sure that their own laws were in line with the directive. Each member state has the freedom to craft their own specific legal statutes so long as their laws meet the overall criteria set by the EU.
There’s a lot of legal mumbo-jumbo associated with it. But I’m not going to go into great depth on all of the wonderful judicial theory and legal specifications surrounding the directive – I am not a legal expert and this article should not be taken as official legal advice.
That said, I have done a good bit of reading on the directive and I want to give you a WordPress user’s view on how to comply – without the hassle.
You know that cookies are key to running various important parts of your website – you might say that they’re delicious (sorry, I couldn’t help myself). All that the directive means is that you must obtain consent from your visitors to use cookies – users have to say “okay” before you feed them some fresh-baked virtual sweet treats.
Why Should You Follow the Directive?
Penalties for disobeying the directive will vary by country. In the UK, you face the possibility of a fine, but that is unlikely as long as you make an effort to comply.
The directive offers you an opportunity to be more open and honest with your visitors about what kinds of files you use on your site. Many people are understandably concerned about privacy and security – complying with the directive gives you a chance to explain to them how you use cookies to enhance their browsing experience.
The UK Information Commissioner’s Office explains that the directive doesn’t even require that much from you:
The use of cookies and similar technologies has for some time been commonplace and cookies in particular are important in the provision of many online services. Using such technologies is not, therefore, prohibited by the Regulations but they do require that people are told about cookies and given the choice as to which of their online activities are monitored in this way.
What Initial Steps Should You Take?
Even if you ultimately want to find a WordPress plugin to efficiently ensure compliance, it is still a good idea to gain an understanding of the first few steps you should take.
The UK Information Commissioner’s Office recommends that you start with a cookie audit – you should find out what cookies your site is using, because that will enable you to make informed decisions regarding compliance. This is as much for your own education as it is for your visitors’ privacy.
What if you don’t know how to do a cookie audit of your own? No need to worry – CookieCert provides free cookie audits for your website.
You should also consider whether you need explicit or implied consent. Basically, explicit consent is where visitors must actively click on an agreement saying that it is okay for your website to use cookies. Implied consent would involve notifying your users that your site includes cookies – if they continue navigating, you can assume that they’re fine with it.
Which one should you rely on, explicit or implied consent? That depends on what kind of data your cookies deal with.
For example, if they store someone’s personal health care information, you should probably get explicit consent. But if your cookies simply remember login details for a discussion forum then it is probably safe to use implied consent.
WordPress Plugins
That’s a lot to deal with, and unless you are running a website for a large company that fears legal liability, you probably don’t want to spend days on end trying to comply with some EU laws. Luckily for you, WordPress is here to save the day.
As is often the case, the WordPress community has stepped up to the plate with some handy plugins that will help you follow the directive.
EU Cookie Law Compliance Plugin by CookieCert
CookieCert’s plugin is designed to quickly make your site compliant with the directive. It obtains explicit consent by asking users if they will allow your site to create cookies.
It also does another cool thing – once you get a cookie audit at CookieCert.com, the plugin will link to a unique page that details all of the cookies that your site uses.
With a rating of 3.6 out of 5 stars in the WordPress plugin directory, it has been downloaded almost 4,000 times.
EU Cookie Directive
This plugin easily notifies users that your site is using cookies. It was made by Kino Creative, a Newcastle-based web design company.
It has been downloaded over 4,300 times and has a rating of 3.8 out of 5 stars.
EU Cookie Law Compliance
Zafrira created this handy plugin for compliance and it gives you substantial control. The plugin generates a pop-up message that welcomes visitors to your site and asks for approval or denial to store cookies on the computer. Then you get to set which scripts are run based on approval or denial.
An additional feature that it boasts is integration with Google Analytics. Normally, if you cannot run cookies then you are left hanging on this front. But with this plugin you can enable a cookie-free version of Google Analytics that will store the hits of the visitor session.
You should note that it doesn’t automatically disable cookies in WordPress – you will have to work on the back end to set up javascript commands to halt cookie use when visitors choose to browse without them. If you cannot do this on your own, the Zafrira support team can help – for a price, of course.
With over 10,000 downloads and a rating of four out of five stars, this is one of the more popular plugins for complying with the directive.
Where To Go From Here?
Surveys have shown that a majority of people do not know how cookies work – much like a car, users want their websites to function, to get them places – but they don’t always understand what is going on “under the hood.”
The directive’s goal is to educate those people. Whether you think it is a half-baked dud of a scheme or an innovative start to Internet openness, the EU Cookie Directive was passed with the aim of informing users what kinds of cookies and similar files were being used on the sites they browse.
Compliance will help avert the possibility of legal troubles down the road, and it will enable communication with your visitors.
While complying with the directive presents potential problems, I am happy to say that WordPress once again reveals its utility – coders have stepped to the plate to craft plugins that face the issue of compliance head on so that you can sleep safe at night. After all, who doesn’t want that?
marco
what about Ginger?
https://wordpress.org/plugins/ginger/
is really simple, 2 click, and is eu compliant in opt-in or opt-out mode
banner completely configured, and supported and updated frequently
Bobby
You should try bootcooker, http://bootcooker.com
FrankE
Hi Tom, this post seems to be a bit outdated to me. Each end every plug-in you are suggesting has not been updated within the last year or so and they are not compliant to the actual WP-Versions. So what are we to do with this kind of information?
Tom Ewer
Hey Frank,
This post is actually over two months old. Although those plugins haven’t been updated recently, none of them are marked as broken with the latest version of WordPress, and they were all working fine as of the time of publication.
Cheers,
Tom
WeePie Plugins
Hi Franke,
We’ve developed an up-to-date (compliant with the most recent WordPress version), flexible and advanced WordPress plugin to comply with the cookie law: WeePie Cookie Allow!
More details on: http://codecanyon.net/item/weepie-cookie-allow-eu-cookie-law-compliance-plugin/10342528
@Tom: Maybe you can add our plugin to you article?
eMarcel
Great post.
How do I know if I have to implement this cookie thing on my blog?
My website is hosted from US and I don’t have any magic in my wordpress blog. Do I still have to install cookies plugin?
Cheers!
eMarcel
Tom Ewer
If your website operates from the US then you don’t need to worry about this.
Sven
Hi Tom (hopefully read by eMarcel),
thanks for the good article!
But your statement about US-hosted WP might be just misunderstood or plain wrong.
This EU-regulation applies for websites “consumed” in the EU, independently from where they run on servers.
There is surely an accepted “grey area” if the odd EU-visitor stumbles on a website with content designed for the US.
But if a US-run website is tailored for european visitors or Analytics show a good part of visitors coming from the EU than those regulations apply (for those EU visitors)…
For business websites that can very quickly become expensive if competitors send you an “Abmahnung” by their lawyers. (plus a few more things which can happen)
Cheers,
Sven
Tom Ewer
Hi Sven,
This is an EU directive, and the EU has no influence over US-owned websites. What do you think the repercussions would be?
Cheers,
Tom