Your website, now illegal: how to comply with the EU Cookie Law

4
5488
Image used via CC License from teatime-blog.com
These cookies are less likely to cause headaches for your web-developer. Image used via CC License from teatime-blog.com

A new EU law prohibiting websites from placing cookies without user permission is set to become active in just over a month. Not only will this essentially make statistics derived from cookie-based tracking essentially worthless, it will also mean that websites using Google Analytics for stats gathering will be violating the law once it comes into effect — if they don’t provide a way for users to opt-out of the tracking cookie.

Without going into why this is such a stupid law, there is one solution to make your community compliant with the law while exerting as little effort as possible.

Just Google Analytics

If the only cookie your website sets is for Google Analytics, Wolf Software has a jQuery plugin that will get your sorted out in record time. Note, however, this might not be the case — if you have a Twitter widget, embed YouTube videos or use a Facebook social plugin, each of those sets its own cookie.

To use with WordPress (3rd-party hosted, NOT WordPress.com):

  1. Download the jpecrga plugin from the website
  2. Unzip it.
  3. inside the resulting folder, go to lib/jpecrga
  4. Create a new file there called ga.js
  5. Paste the following code in it:
    jQuery(document).ready( function () {
    jQuery.ws.jpecrga({ gaKey: 'YOUR-GOOGLE-ANALYTICS-KEY-HERE', geolocate: true /*,debug: true*/ }); });
  6. Replace “YOUR-GOOGLE-ANALYTICS-KEY-HERE” with your Google Analytics tracking code (“UA-somethingsomething”). Make sure that it’s enclosed in quotation marks.
  7. Using FTP, upload the entire “lib” directory (with everything inside of it) to your WordPress theme directory. (Often something like yoursite.com/wp-content/themes/YOUR-THEME/.
  8. Edit your theme’s functions.php file. Add the following lines: 
    function enqueue_jpecr() {
    if (!is_admin()){
    wp_enqueue_script('jpecr', get_bloginfo('stylesheet_directory') . '/lib/jpecrga/jpecrga-2.0.2.min.js', array('jquery'));
    wp_enqueue_script('jpecr', get_bloginfo('stylesheet_directory') . '/lib/jpecrga/ga.js', array('jpecr', 'jquery'));
    wp_enqueue_style('jpecr-style', get_bloginfo('stylesheet_directory') . '/lib/jpecrga/jpecrga-default.css');
    }
    }
    add_action('wp_enqueue_scripts', 'enqueue_jpecr');
  9. The third line might change slightly — if there is no “jpecrga-2.0.2.min.js” in your lib/jpecrga directory, update that line to reflect the version of the file that’s there.

That’s it! Make sure to remove any other instances of your Google Analytics tracking code — otherwise, it will still place cookies regardless of whether the user opts-in to them!

Not Just Google Analytics

Unfortunately for you, this is much more difficult. Wolf Software has another package called jConsent that makes this easier by wrapping everything in a pop-up similar to the above jpecrga plugin, but it requires wrapping all your cookie-producing code in a statement like the following:

jQuery(document).ready(function(){
  if (jQuery.ws.core.cookies.read('wsjconsent_consent') == 'true') {
        //We are allowed to present the feature that requires cookies
        // Your code for feature here
  } else {
        //We are not allowed to present the feature that requires cookies
        // Tell the user that they are getting a less-than-perfect experience?
  }
});

This means that whenever you drop an embed code anywhere, you need a code snippet like the above. Installing jConsent is a bit beyond the scope of this tutorial, but it’s really similar to the above — only instead of pasting the first snippet into ga.js, paste the above, echoing out any cookie-setting scripts that would go between the <head> and </head> tags (I.e., Google Analytics tracking code.)

In closing, it won’t be until next year that the ICO considers cracking down on non-compliant websites, and with 95% of UK businesses non-compliant just over a month before the rules come into effect, you’ll be in pretty good company. Getting ahead of the game never hurts, however, and if your community site uses only the basic cookie functionality of Google Analytics for stat tracking, you might as well take the five minutes to install jpecrga.

(Addendum: It’s worth noting YouTube has a “no-cookie” mode, which prevents the site from setting a cookie with embed. To use this, just generate an embed code like you normally would, and select “Enable privacy-enhanced mode”. Alternately, just change all embed links from youtube.com to youtube-nocookie.com. This takes some of the difficulty out of using the jConsent, as the above snippet then only needs to be used for embeds like Twitter widgets and Facebook social plugins.)

4 COMMENTS

  1. Hi,

    Thanks for the inclusion and write up. We also have jpecr which allows for multiple cookies like jconsent but with maybe a cleaner / nicer interface for those who want it. (http://jpecr.dev.wolf-software.com)

    Long term for us I think the best solution is the ‘no-cookie’ mode concept that youtube have, if all sites had a similiar solution life would be a lot easier.

  2. Hi, I followed a link from Wolf Software’s website to this informative post. The YouTube no-cookie mode is a handy tip to note.

    I followed your instructions for adding this code to my WordPress blog hosted on my own domain. But when I updated the functions.php file and checked my website I didn’t get the query bar – I just got the coding that was added to the php file displayed.

    I did follow your step 9 to update the jpecrga-2.0.2.min.js file.

    In step 8 you said to add the code you’ve supplied to the functions.php file, does it need to be placed in any specific place?

    I’ve tried adding it to the beginning, no joy.. then I popped it in at the end… still getting the code displayed instead of the request bar.

    Am I missing a step here?

  3. I’ve implemented the code as mentioned in line 5 and 8, and uploaded the lib directory, but my site still place __umta, __umtb etc cookies. Are there any other application placing & using these cookies?

Leave a Reply