Select Page

 

 

 

 

 

 

 

 

 

GDPR and Cookies

For most website owners, the advent of the GDPR has signalled confusion and bewilderment. The ICO website https://ico.org.uk/ is often difficult to grasp, particularly for those who are not familiar with the terminology. The page “Where does consent apply for cookies?”  poses three questions:

  1. Are you using cookies or similar technologies?
  2. Is the cookie necessary for the transmission of the communication?
  3. Is the cookie “strictly necessary”?

So, if you have had your website built by a third party you probably have the following questions:

  1. what is a cookie?
  2. does my website use cookies?
  3. and how do I tell?

What is a cookie?

Cookies are small pieces of information, normally consisting of just letters and numbers, which online services provide when users visit them. Software on the user’s device (for example a web browser) can store cookies and send them back to the website next time they visit.

How are cookies used?

Cookies are a specific technology that store information between website visits. They are used in numerous ways, such as:

  • remembering what’s in a shopping basket when shopping for goods online;
  • supporting users to log in to a website;
  • analysing traffic to a website; or
  • tracking users’ browsing behaviour.

Cookies can be useful because they allow a website to recognise a user’s device. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Without cookies, or some other similar method, websites would have no way of ‘remembering’ anything about visitors, such as how many items are in a shopping basket or whether they are logged in.

For further reading please see the ICO website (the above information was taken from their website page “What are cookies and similar technologies“)

How can I tell if my website uses cookies

The short answer is … it does, but how do you tell what they are? There are three main ways of identifying what cookies are being used:

  1. Browser Extension
  2. Online Tools
  3. Development Console

Browser Extensions

Google Chrome has a browser extension called “Cookie Inspector” which  lists all the cookies that a website uses in its developers console in a new tab “cookies”.

Development Console

In Google Chrome, select  More tools > Developer tools. This will open up the developer console in Google Chrome. 

In the Application tab under Storage the cookies installed by the webpage on the browser by different domains can be seen.

Online Tools

One of the free online tools that identifies cookies used on a website is  CookieServe, which displays the cookies used on any domain.

Typical “Cookie Serve” Response

Adding a compliant cookie consent script to your website.

The Tarteaucitron script

The “Tarteaucitron script” is a GDPR-compliant open-source tag manager. It is very light and recommended and used by the CNIL (French national agency for data protection).

It allows not only to automatically position tags or markers associated with different services (audience measurement, social networks…), in the same way as Google Tag Manager, but also to collect the explicit consent (or refusal) of the visitor for the use of these tags and associated cookies.

Script Declaration

  1. <script type=“text/javascript” src=“https://cdn.jsdelivr.net/gh/AmauriC/tarteaucitron.js@V1.2/tarteaucitron.min.js”></script>
  2. <script type=“text/javascript”>
  3. tarteaucitron.init({
  4. “privacyUrl”: “https://yourprivacystatementurl.com“, /* Privacy policy url */
  5. “hashtag”: “#tarteaucitron”, /* Open the panel with this hashtag */
  6. “cookieName”: “tartaucitron”, /* Cookie name */
  7. “orientation”: “bottom”, /* Banner position (top – bottom) */
  8. “showAlertSmall”: true, /* Show the small banner on bottom right */
  9. “cookieslist”: true, /* Show the cookie list */
  10. “adblocker”: false, /* Show a Warning if an adblocker is detected */
  11. “AcceptAllCta” : true, /* Show the accept all button when highPrivacy on */
  12. “highPrivacy”: false, /* Disable auto consent */
  13. “handleBrowserDNTRequest”: false, /* If Do Not Track == 1, accept all */
  14. “removeCredit”: false, /* Remove credit link */
  15. “moreInfoLink”: true, /* Show more info link */
  16. //”cookieDomain”: “.my-multisite-domaine.fr” /* Shared cookie for subdomain */
  17. });
  18. </script>

Dialog box

Once consent has been given (or refused), a box is displayed at the bottom of the site, indicating the number of active cookies and allowing you to view the list and manage the consents.

To only have this displayed on the privacy policy page. the following CSS needs to be placed in the child theme. This additional CSS section allows you to hide it anywhere else (replace XXXX with the ID of your privacy page):

 

  1. body:not(.page-id-XXXX) #tarteaucitronAlertSmall {
  2. display: none !important;
  3. }

Adding Services

Individual services need to be added into the script depending on services used. The appropriate code for each cookie can be found here.

All acknowledgements to pavenum for coding presented above.