Cookie Consent Code Issues


#1

I used cookieconsent.insites.com to make the Cookie Consent button which after some adjustment the following code works.

<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css" />
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
  "palette": {
    "popup": {
      "background": "#eaf7f7",
      "text": "#5c7291"
    },
    "button": {
      "background": "transparent",
      "border": "#0965ed",
      "text": "#0965ed"
    }
  },
  "content": {
    "dismiss": "Accept Cookies",
    "href": "https://www.stevenredhead.com/Cookie.html"
  }
})});
</script>

can be seen on my site https://www.stevenredhead.com

This code enables a cookie consent bar but only has two links; 'accept cookies' and 'Learn More'. GDPR regulations state that an opt-out or decline button is also added; I obtained the code from cookieconsent.insites.com but can't figure out where to add this;

"Disabling cookies should be done with the callback hook "(https://cookieconsent.insites.com/documentation/javascript-api/#hooks):

onInitialise: function (status) {
  var type = this.options.type;
  var didConsent = this.hasConsented();
  if (type == 'opt-in' && didConsent) {
    // enable cookies
  }
  if (type == 'opt-out' && !didConsent) {
    // disable cookies
  }
},
 
onStatusChange: function(status, chosenBefore) {
  var type = this.options.type;
  var didConsent = this.hasConsented();
  if (type == 'opt-in' && didConsent) {
    // enable cookies
  }
  if (type == 'opt-out' && !didConsent) {
    // disable cookies
  }
},
 
onRevokeChoice: function() {
  var type = this.options.type;
  if (type == 'opt-in') {
    // disable cookies
  }
  if (type == 'opt-out') {
    // enable cookies
  }
},

There is also a link to callback hook mentioned above, https://cookieconsent.insites.com/documentation/javascript-api/#hooks

Any advice where to place the Disabling cookies code would be great. I tried quite a few placement options within the webpage but couldn't get success with my limited knowledge.

There also seems to be addition hooks at the #hooks link above, so I am unsure which of these to chose and where to place them; or if they are to be used to modify the decline text.

Any ideas would be most welcome.


#2

On my sites the user either accepts cookies or leaves; when I added my cookie consent code that was the way it worked.

If you want to allow the user to disable cookies I would think you need to add a lot more code to disable cookies especially as some from companies like Google come from off site. Most sites I vist do not allow you to disable cookies; in fact I have never seen one with that option.

A couple of quotes from a cookie code site:

This is the approach used by most websites, and appears to be sufficient in the UK. Other countries have stricter rules and may warrant one of the stricter solutions.
This is also the easiest approach for website owners to implement, as it simply requires you add some code to your existing pages. It provides your users with no direct control over cookies, other than through their own browser settings.

This approach gives users the ability to opt out of cookies if they wish. It is more involved to implement, and will require that you modify parts of your site that use cookies to disable them when so instructed.

I think it is all a waste of time as somebody doing something bad will just put up the buttons and do whatever they want anyway. Do you ever check if cookies were not set or do you just assume they weren't?


#3

Out of interest using an online checker I can not find any cookies being set on your site

Also your dropdown navigation does not work very well on Microsoft Edge


#4

Thank you for the feedback Rubble.

The new EU law that came into force yesterday require a 'decline' link on the cookie consent window. All EU based websites or websites targeting EU countries must have this 'decline' cookies option. Extreme penalties for non compliance are in force.

The first part of the code for the above basic accept cookies works well, it is the extra code that adds the decline option that I have no idea where to add in the site. I tried to add to different parts of the page code without success. In order to be compliant with EU regulations I am keep to figure out how to use the decline code.

I got the same result about cookies if only looking a my site pages, but these pages link to third parties link social media, youtube videos, and Amazon so when using a cookie checker that follows usage through the site cookies show up. The external links all generate a new page, so the original source page is still present.

Yes, the menu is a bit excessive, the function was there so I used it, it seems to get jumpy if reused a few times. I need to resolve that at some stage, too many links could be the issue.


#5

I would like to know how to use the decline cookie code I posted above due to the strict adherence to the EU law that so many sites followed.

There are many sites yesterday showing the cookie consent for with a decline link in order to comply with the EU regulations that came into force on May 25.
This is an example: http://www.wired.co.uk/article/cookies-made-simple

It seems there is another requirement that some sites don't have yet that there should be a means to accept or decline cookies at a later date, this is an example; http://www.bbc.com/usingthebbc/cookies/how-can-i-change-my-bbc-cookie-settings/

This is an example of a request on the cooking policy for the user to confirm intentions regarding cookies shown at the bottom of this page; https://www.wufoo.com/cookie-policy/

Some sites have a permanent link at the bottom of the site, like this one, click the bottom left C icon: https://gdprprivacypolicy.org/ref/13

I tried many sets of codes but there are scanty instructions that don't suffice if personal knowledge is limited.

Any ideas on where to place the decline code I posted initially would be most helpful.


#6

I've not seen any mention so far with what I've read about any exemptions for session cookies so I can't see how any site that relies on sessions can comply with the law. I read this morning an article which appears to say that banning or deleting members of a given site who refuse consent could also fall foul of the GDPR. IANAL but I can't see how it's possible for any site unless they server purely static pages, with no server-side language at all to not fall foul of the GDPR


#7

Thank you for the information @sredhead I did not know that was implemented. I still think it is a can of worms and not really workable.


#8

I think this is because it is quite complicated and is different in each case: A forum post

You will see where the code has"// disable cookies" you need to find some way of disabling them and the offsite ones will be the worst.


#9

IANAL either but AIUI the "decline" option is only required for cookies that are not necessary to actually make your site work, such as google analytics -- otherwise a mere notice would suffice. If you do have such tracking services on your site however, you'll have to check the respective APIs how to opt out; for example. with GA it might look like this:

// Include before GA code
var cookiesAccepted = window.localStorage.cookiesAccepted

if (cookiesAccepted === undefined) {
  // Use a proper cookie layer here
  window.localStorage.cookiesAccepted = window.confirm('Do you accept tracking cookies?')
} else if (cookiesAccepted !== 'true') {
  window['ga-disable-UA-your-ID'] = true
}

An opt-out link would work the same way -- set a flag in the local storage or, well, a cookie.

Be careful -- it's questionable whether such a "take it or leave it approach" is actually GDPR-compliant.


#10

Its a pain as I have been in two minds about keeping my sites going for a while but had a renewal notification come through a couple of days ago that I paid for the year. If the renewal came through today I would not have bothered.

My wording was incorrect: I do not deny anybody access; but if they view the site they accept cookies ( they have been warned I use cookies ) unless they want to turn them off in their browser.

As I said in a previous post; will the majority of web users check to make sure the site didn't drop a cookie even though they clicked the no cookies button?


#11

What seems really ridiculous is that the cookie consent actually places a cookie onto the users device in order not to keep showing the consent window every time the site is accessed, typical.

I did have the notion like you that compliance is a pain for individual sites that don't have the backing of a company I.T. staff, my questioning thought is could this be an effort to get rid of independent sites - in order to control the content on the internet, I'm in a conspiracy mood after fighting with this issue of adding a cookie consent with the little personal knowledge I have.

I was able to get the accept consent working, but still no success with the option of the decline button.


#12

Hi, what exactly would you like to happen when a user clicks the "decline" link? In the Wired example you posted above, users are directed to a page which explains how to deactivate cookies in their browser. Is this the kind of thing you are aiming for?


#13

Thank you for your response Pullo.

From the responses advice above, for the user to be able to disable all cookies seems extremely complicated, I think the option you mentioned is best. Although some major sites have this function.

A "decline" button that goes to a page with the instructions how to deactivate and clear cookies could be one option. I have a cookie policy bar with a Learn More link that goes to the cookie policy which contains links for all major browsers instructions to delete or deactivate cookies.

I feel that as the regulations requires specifically a decline button that is an additional button to the learn more button and accept button that goes specifically to the section of the cookie policy dealing with how to delete and deactivate cookies could be the best short term option, until code becomes available to be in more strict in line with the regulations.

I would also like to also disable GA as shown above but not sure specifically where to enter the code into the existing code shown above.

Any ideas would be welcome.


#14

Hi,

What do you mean by "disable all cookies"?
Which sites have this function?

Sounds like you're covered then, no?

Tracking code:

var gaProperty = 'your-property-id';
var disableStr = 'ga-disable-' + gaProperty;
if (document.cookie.indexOf(disableStr + '=true') > -1) {
    window[disableStr] = true;
}
function gaOptout() {
    document.cookie = disableStr + '=true; expires=Thu, 31 Dec 2099 23:59:59 UTC; path=/';
    window[disableStr] = true;
    alert('Tracking is now deactivated');
}
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
        (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
    m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

ga('create', 'your-property-id', 'auto');
ga('set', 'anonymizeIp', true);
ga('send', 'pageview');

HTML:

<p>Click here to set opt-out cookie: <a href="javascript:gaOptout()"><strong>Deactivate Google Analytics</strong></a></p>

#15

@Pullo on the code @sredhead is using ( insites )there is this option:

  1. Opt-out
    You tell your users that you use cookies, and give them one button to disable cookies, and another to dismiss the message.

This approach gives users the ability to opt out of cookies if they wish. It is more involved to implement, and will require that you modify parts of your site that use cookies to disable them when so instructed.

This is what the OP wants to implement. As I said in a previous post I have not see any sites so far with this option.


#16

The Local newpaper (thelocal.it) has a decline button. I'm not convinced it works though...


#17

That is what I mentioned in a previous post - does anybody check?


#18

If you scroll down the cookie policy of wufoo they appear to have a section that covers the option to consent or not consent to cookies. On wufoo's main page they have a cookie consent at the bottom of the page that states' " I agree to use of cookies for these purposes." with 'Yes' or 'No' buttons. https://www.wufoo.com/cookie-policy/ not sure what action the 'No' button would create.

https://www.cookiebot.com/en/ has a paid option that gives a cookie consent where there is a requirement to tick each cookie option, but this would really make a webpage took ugly and uninviting.

I have seen over sites with the decline button, but I didn't keep the link.


#19

I have just come across a site with 10 options under cookie consent!

This is the first option and shortest; now do I want on or off as those are the options and it is currently set to on?

Information storage and access
The storage of information, or access to information that is already stored, on your device such as advertising identifiers, device identifiers, cookies, and similar technologies.


#20

Thank you for the GA code Pullo I am not too sure where to pace the Tracking Code, or the exact location to place the HTML to get the necessary effect. I thought that putting any code to negate GA that as an option it is not necessary to use Google Webmaster anyway?

I saw a number of sites with Decline cookies button, not sure how functional the button was.

Some interesting Cookie notifications I've seen that look like they are trying to comply;
https://www.express.co.uk/news/uk & https://www.dailystar.co.uk/ have the same consent.

The Mirror newspaper, and FT have a manage cookies button that creates a pop-up with options to accept or decline each type of cookie on their site. https://www.mirror.co.uk/ and https://www.ft.com/

One site with a Cookie Compromise button gives options to alter cookie settings. https://www.rcoa.ac.uk/rcoa-and-fpm-website-cookie-notice

Today I found another headache is that: "Under the GDPR, if a contact of yours is an EU citizen, they need to be given notice that you're using cookies to track them (in a language they can understand), and they need to consent to being tracked by cookies." I tried to add the Google translate code to my cookie policy page in numerous places all without success.

This is getting like trying to knit with spaghetti.