I’m building a super straight forward EU Cookie Tool so that customers/random people can copy paste the code into their webpages/sites.
The caveat is that everything needs to be pure JS and inline, rather than in the head section etc, just to make it super easy to use for regular people.
It’s pretty much there but now I need it to create a cookie to remember that they chose to accept the Cookies and hide itself if they reload the page or come back later.
JS Fiddle here;
Actually, why isn’t using jQuery a viable solution? Using it on your site to make it easier for you to code has nothing to do with the code you are providing. If you’ll consider it, here is a nice clean solution that does use local storage with a cookie fallback.
‘stupid-eu-law=accept-cookies; expires=Mon, 31 Dec 2525 23:59:59 UTC; path=/’;
into the onclick property of the button, eg:
onclick=”setVisibility(‘cookies-notify’, ‘none’);document.cookie =
‘stupid-eu-law=accept-cookies; expires=Mon, 31 Dec 2525 23:59:59 UTC; path=/’;”
it will set the following cookie:
Send for: Any kind of connection
Accessible to script: Yes
Created: Tuesday, 1 May 2012 20:09:15
Expires: Monday, 31 December 2525 23:59:59
the Created date will change, but the rest is fixed
if you want some useful js cookie functions check out http://jsfiddle.net/chrisjg/bbVuq/1/
I have used these for a long time, in many places. They are pretty standard ways of writing, reading and deleting cookies in js. Hope you find them useful, and/or learn from them.
I only set the cookie, I did not add the code for checking it –
shows how to write, delete and check for cookie.
is your original, with the added functionality to test if the cookie is present or not (and lets you delete it)
The accept button must be shown before any cookies are set on the site, so every cookie that is being written via your site must have some code around it to only write it if the ‘accept-cookies’ cookie is set.
You must also have a simple and obvious way for people to change their mind and stop accepting cookies.
http://kissjoomla.stempsite.co.uk/ is a potential solution I am working on for the Joomla CMS – still needs a little work for full compliance though.
Because of the complexities of the law there are no quick and easy solutions, other than don’t write cookies, or use any other code on your site that sets cookies.
It is a nice idea to have a ‘drop-in’ solution for this, but I think you would needs to put loads of caveats with your solution – and tutorials, code examples, etc. on how to ‘find and isolate’ each cookie (is it set with js or php for instance).
I don’t want to put you off, but if you are going to release this as a solution to the EU directive then you need to think carefully about who you are releasing it to (coders, content managers, site owner who just copy/pastes) and make sure you do not offer any compliance guarantees, either explicitly or implied.
I am not a lawyer, but have read pretty much all the documentation from the ICO and EU about this directive. It is horrible and very dry.
is a good link to the ICO, and it links to a guidance document that is a “must read” for any UK based solution.
Totally agree, it has not been properly thought out.
Mostly it not enforcable, the ICO employs around 350 people – even if all of them were checking website compliance they would be swamped.
The ICO are not even sure what compliance is yet, or what it will be in a years time!
Dave Evans, Group Manager for Business & Industry at the Information Commissioner’s Office (ICO), was interviewed in April this year – these are couple of his answers (full interview http://econsultancy.com/uk/blog/9610-q-a-the-ico-s-dave-evans-on-eu-cookie-law-compliance )
We don’t know what compliance will look like in a year’s time.
There are lots of gaps here, and we want people to fill them with good practice. We can then point to examples of this and everyone will have a greater understanding of what is required.
We hope that this will pick up over the next month or so.
Will ‘implied consent’ solutions be enough in some cases?
The law does allow us some leeway, and if a company’s revenue would drop if it went for a strict opt-in, then we could look at different ways of educating users and gaining consent.
Just because analytics cookies are caught by this law doesn’t mean a strict opt-in is necessary. It could, in some cases, be seen as an essential part of the relationship.
If it looks like an organisation has put enough information there, and it is clearly visible, such that it wouldn’t be likely that users would miss it, then it’s unlikely we would take that [complaint] further.
My thoughts, for what they are worth (IANAL):
2. State that “We are working towards a compliant solution for the EU e-privacy directive 2009/136/EN”
3. Providing you are not a big-bussiness, simply wait and see what the ICO says in a couple of months time.
This is what I am advising my small business and hobby/personal site clients to do.
You must be logged in to reply to this topic.