GDPR Cookie Consent for Your WordPress Blog
The new General Data Protection Regulation (GDPR) has a Cookie Consent component which can be quite confusing and is more complex than I initially thought.
There are more requirements than the old European Union Cookie Consent law and most web businesses have got this almost completely wrong.
After attending a Workshop about this last weekend, I am now a lot more educated on the exact requirements of the GDPR when it applies to Cookie Consent.
More importantly, I now can tell you exactly what you need to do in order to be 100% GDPR Compliant when it comes to the use of Cookies on your website.
What are the GDPR Cookie Consent Requirements?
The GDPR requires that explicit consent must be provided by the visitor to your website. No longer is just letting your site visitors know that you use cookies acceptable.
GDPR Cookie Consent regulations say (according to Cookie Law):
- Implied consent is no longer sufficient. Consent must be given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu. Simply visiting a site doesn’t count as consent.
- ‘By using this site, you accept cookies’ messages are also not sufficient for the same reasons. If there is no genuine and free choice, then there is no valid consent. You must make it possible to both accept or reject cookies. This means:
- It must be as easy to withdraw consent as it is to give it. If organisations want to tell people to block cookies if they don’t give their consent, they must make them accept cookies first.
- Sites will need to provide an opt-out option. Even after getting valid consent, sites must give people the option to change their mind. If you ask for consent through opt-in boxes in a settings menu, users must always be able to return to that menu to adjust their preferences.
With all of this in mind, you can see that some of the current solutions, even those I initially recommended in my blog post here, are not good enough to meet the GDPR requirements shown above.
Cookie Consent Examples
The best way to understand this is to show you what non-compliant Cookie Consent looks like and what 100% GDPR Compliant Cookie Consent looks like.
Here are 2 examples:
Non-Compliant Cookie Consent Example – A2Hosting.com Website
100% GDPR Compliant Cookie Consent Example – SiteGround.com Webiste
To get a more in-depth understanding, watch the Video I created below now:
100% GDPR Cookie Consent Solutions
With all the “solutions” being offered for GDPR Compliance it is hard to understand what to choose.
This becomes especially tough when you are being told you are getting a 100% solution, when in most cases you aren’t.
I previously recommended the WordPress plugin GDPR Fix (and I still do).
This is a great GDPR Compliance plugin and it does almost everything, but it falls short on Cookies (just like 90% of the solutions out there right now).
Its no surprise, this is a complex issue.
Cookie Scanning and the provisions which are required for Cookies by the GDPR are quite complex.
There are three (3) services which are offering 100% GDPR Compliant solutions.
All 3 of these services provide almost the exact same level of service.
The difference comes in Pricing.
All 3 services have a Free Offering, but the two things these free services do not provide are customization and GEO Location specific targeting.
The GEO Feature is a huge one for me.
I want only those people who live in the European Union (EU) to receive the Cookie Consent banner and request for consent.
I do not want to show this cookie consent banner to those who live everywhere else in the world as this can cut down on conversions and turn visitors away.
CookieBot provides this for just $10 per month (if you have under a 100 page website).
OneTrust offers this for $30 per month.
iUbenda is about the same.
After testing all 3, I highly recommend using CookieBot (get a 1 Month Free Trial here).
They have an easy to use system and an easy to use WordPress plugin with Cookie Declaration built in.
I am actively using CookieBot here on the Starter Academy and love the setup and integration so far.
You can see the Starter Academy Cookie Policy (generated at iUbenda) and Cookie Declaration Page (created by CookieBot) here.
Learn how to Install and Setup CookieBot on Your WordPress Blog in the Video below:
WordPress, Affiliate Links, and Cookies
The one thing I discovered after having my site scanned for Cookies by CookieBot, was the huge amount of Cookies that were being created by Affiliate Links on my site.
I use the Pretty Links plugin and if you look at my Cookie Declaration page, you will see there are huge numbers of cookies for affiliate links. Links I don’t even use on this site, but have built into Pretty links for use on other sites.
Plus, I have tons of cookies that are still being implemented even though I deleted plugins or services previously.
Because of this I am doing 2 things to clean up my site and clean up my cookies.
First, I am working on moving all of my Affiliate links off of my blog and into a GDPR Compliant link shortening service called PixelMe.
PixelMe has a GEO IP Detection system built into its service and it allows me to keep my links and their cookies, offsite.
Is this something you need to do?
No. But it is something I want to do in order to clean up my site’s cookies.
Second, I am digging into my WordPress database and cleaning out all old plugin and service data.
I do not want old cookies on my site from services I am not using.
In order to do this effectively, I have discovered a great free WordPress plugin called WP Sweep.
I previously used both WP Optimize and WP Rocket for database optimization.
While both do a great job (and I use WP Rocket for speed optimization on this site now), WP Sweep will dig in and delete the residue left behind by old plugins, services, users, and more.
Conclusion
While there are a lot of GDPR Cookie Consent solutions being touted as being 100% Compliant, most are not.
If you want to be 100% GDPR Compliant, then I highly recommend using a combination of my GDPR Recommendations for data protection and consent outlined in my blog post here and CookieBot as shown above for 100% GDPR Compliance.
If you have any questions or comments, please post them below.
