On the 26th May 2012 all UK business websites should be compliant with the EU Cookie Directive or they may face a fine. If you aren’t compliant yet – don’t worry! It’s not difficult or expensive. You can get it sorted on WordPress in a few minutes with a free plugin that’s easy to install.
The information below tells you all about cookies, the Cookie Directive and how you can make sure you are compliant. If you know the basics just skip down to the juicy implementation stuff!
- What is a cookie?
- What are functional reasons for using a cookie?
- What are tracking reasons for using a cookie?
- Are cookies dangerous?
- What is the Cookie Directive?
- How do I know which cookies I have on my site?
- What should the opt-in message include?
- How do I make sure my WordPress website or blog is compliant?
- Installing Cookillian
A cookie is data stored by a website in a browser, which is sent back to the website by the browser. They are a way for websites to remember things and are used for both functional reasons and tracking reasons.
What are the tracking reasons for using a Cookie?
Some companies use tracking or performance cookies to find out how people are using their website. The most common cookies used for this purpose are Google Analytics cookies. This information can be used for a variety of reasons, including:
- Finding out how many people visit a site to make sure the bandwidth you have can cope with the number of visitors you expect to get.
- Finding out which web browsers and devices people are using to make sure their website is suitable for a majority of users.
- Understanding how people use the website to make improvements for website users and resolve any problems quickly.
- Some companies use this information for marketing and revenue purposes e.g. telling potential advertisers how many people visit their website or using it to develop their own advertising and marketing campaigns.
Are cookies dangerous?
No. Cookies can’t be used to spread computer viruses or malware. The concerns about cookies are to do with privacy.
What is the Cookie Directive?
The Cookie Directive is a law that requires all business websites to disclose which cookies they use, and explicitly gain permission to use them from you website visitors. In May 2011 the Cookie Directive became law and applies to all European countries including the UK. UK business websites must be compliant by 26th May 2012 (that’s this Saturday) or you might face a fine.
How do I know if I need an opt-in for cookies on my site?
To find out if you need an opt-in for cookies you need to answer two questions:
1. Is it a business site or a personal site? Only business sites need cookie opt-ins.
2. What do the cookies on your site do? If you only have functional cookies that are essential for users to be able use your site you don’t need an opt-in form. If you have tracking cookies you must have an opt-in form.
How do I know which cookies I have on my site?
You can find out which cookies are running on your site using the Firefox browser. Open a tab with your website on it and in the browser menu bar go to Tools > Page Info. Click on Security and then the View Cookies button.
What should the opt-in message include?
If possible include a Yes/No button so it’s quick and easy for people to opt-in or opt-out.
This is the text on the Mariposa website (click on the image to enlarge):
How do I make sure my WordPress website or blog is compliant?
If you are using WordPress there are plugins that can do most of the work for you. I’ve tried the three most popular and Cookillian seems to be the best choice because you have more control over what the plugin does and I’m confident that I am compliant. Most importantly it doesn’t place any cookies in the browser until a user opts-in or opts-out, which ensures no data is collected without consent. Alternative plugins are CookieCert and EU Cookie Directive.
Cookillian is a free plugin, but you can donate to the creator via the Cookillian WordPress Plugin page.
(Note: You need PHP 5.3.0 for Cookillian to work, if you get an error get in touch with your hosting provider and ask them to upgrade your account to PHP 5.3.0 or higher. The hosting provider for Bright by Design did it within 2 hours of my request.)
1. Go to Plugins > Add New and search for ‘Cookillian’ and then Install Now and Activate Plugin (alternatively download and upload manually)
2. Go to Settings > Cookies
3. Adjust the Cookillian settings as follows:
Auto-add cookies – Keep this checked
GeoLocation Service – If you get high volumes of traffic from Europe take a look at the CloudFlare option, otherwise keep it as geoPlugin
Countries – You need to check boxes against all EU Member Countries. There’s a full list of EU Member countries on the europa.eu website
Show Alert – Set to automatic
Alert Content – Default uses the text in the Alert Heading and Alert Text boxes. Custom allows you to create your own content in HTML. If you’re not sure use Default.
4. Delete the Google Analytics code from where it was previously stored in your website. This might be in header.php (Appearance > Editor) or if you’re using the Thesis theme it should be in Thesis > Site Options under Stat & Tracking Scripts.
If you’re not sure which code to delete ask someone who’s familiar with WordPress and Google Analytics to do it for you.
5. To test that Cookillian is working correctly visit your website in the Firefox browser.
Check Opt-Out: Select your NO option. View cookies for the page (Tools > Page Info – Security – View Cookies) and the only cookie should be cookillian_opt_out. (unless you have functional cookies (link) running)
In View Cookies clear all your cookies and revisit the page.
Check Opt-In: This time select your YES option. View cookies for the page again and this time you should see cookillian_opt_in and your tracking cookies, e.g. for Google Analytics this is _utma, _utmb, _utmc_ and utmz.
And you’re done!!! With all this talk of cookies I think it’s time for a well deserved cuppa and a biscuit!
If you have any other questions leave them in the comments below or email me firstname.lastname@example.org and I’ll do my very best to answer them.