EU Cookie Directive – feedback on this solution (on Joomla! 2.5)

[chrisjg]

Hi all,

Please visit my online playground ( http://kissjoomla.stempsite.co.uk ) where I have setup a possible solution for the upcoming EU cookie directive [becomes UK law to get users explicit consent before storing non-essential cookies] on 26th May 2012. It is a Joomla! 2.5 install with only the session cookie being set on arrival (apparently this is OK, for now).

Any feedback on this possible solution would be appreciated, but especially:

1. Is it easy for non-tech people to use?
2. Is it unobtrusive, but not invisible to visitors?
3. It it too obtrusive?
4. Would you be put off a website using this solution?

Additional: In a real site there would be a link to the cookie policy that would list all cookies, their function and other info. (like which parts of the site will not function without accepting cookies).

The reason for testing this solution is because Joomla! site admins are not necessarily coders or particularly technical. They would not be able to hack the code of every Joomla! module/component to find where the cookie is set and put some code around it to enable accept/decline solutions like the Wolf Software one http://jpecr.dev.wolf-software.com/

They download and install an add-on or extension and enable the functionality and move on. No thought given to cookies, and without the ability to find them.

This solution assumes new modules/components do have cookies, and the site admin has to manually set it to no-cookies if there are none, I will be adding an admin side nag screen to prompt the review, and to update the module/component and cookie info to the cookies policy (automatically adds module name and states a cookie is set, but not any details)

Hopefully this will be enough for most admins.

So, whatever your thoughts on this law, your feedback about this possible solution is appreciated.

Chris.

[austinseven]

Hi This is exactly what I need, works perfectly as far as I can see from your test site. Do you have it packed for normal installation on Joomla 2.5 and if so, can I have a copy? And would it be possible to convert it to work with Joomla 1.5 and if so – I’d like a copy of that as well. Only other Joomla solution I have seen adds visitors to user groups – not that helpful when you dont have members just visitors. And it involves an amount of hacking. Thx

[chrisjg]

@austinseven

I have not packaged it up as a module yet, want to finish it to a release standard first.

Basically this solution is a login/logout hack – the accept button actually logs the visitor in as a default user (assigned to a group that has access rights to anything that “has cookies” – defined by a View Access Level), this is the only extra that they get above public visitors.

The block button simply logs them out.

But visitors don’t see this as a login, as they don’t give out any information or register with the site.

As soon as I am happy with it I will let you know and you can have a copy. I have not worked with Joomla 1.5, so I will not be converting it – someone else might. I plan to release it on github, so it can be forked and converted.

My plan is to have it ready by 18th May 2012 – 1 week before the directive becomes UK law – hopefully this will give people time to install and test it in the wild.

Chris.

[JeninaB]

It look good, but I need a solution, alas. So please let me know when it’s there – and thank you!

[chrisjg]

I have now created a joomla module

You can get the installation zip file from:

http://kisswebdesign.co.uk/support/joomla/modules/cookiechoice/mod_cookiechoice.zip

Or see the whole project at:

https://github.com/KISS-Web-Design/mod_cookiechoice

Chris.

[wesleyw]

Is there any possibility of a version of this for Joomla 1.5 at all?

Wes

[chrisjg]

Sorry Wes,

there are too many differences between the Joomla 1.5 and 1.6+ versions – and I don’t have the knowledge about 1.5 to customise the module.

But feel free to fork it and change it yourself – or get someone else who knows joomla 1.5 to change it.

Chris.

[mhetherington]

Seems there’s no need to update to explicitly get users to opt-in to cookie usage anymore (http://speckyboy.com/2012/05/28/the-ico-amends-the-eu-cookie-law-to-allow-implied-consent/) though you’ll need to update your privacy policy. Ho-hum, god bless the ICO. *facepalm*

[chrisjg]

Yes, I saw the new guidelines on Friday 25th May – nothing like leaving it until the last minute to clarify things.

The issue of tracking-advertising-cookies that are used across multiple sites to gather ‘user preferences for more relevant adverts’ (so called BAD cookies) still exists though, so an opt-in/out for those are probably still required (because they are intrusive, non-essential, etc), but the ICO has not given any specifics – but for most sites using session and analytical cookies can rely on the implied consent of the user (with the relevant cookie policy).

Even then the ICO will only do anything if people complain about a site, and the first step is to ‘inform and help them comply’.

Chris.

[Author]

Posts