Sunday, October 7, 2012

The European cookie law: solutions

Solutions to the European cookies law

In a previous post, we have seen how different countries have implemented the European directive 2009/136/EC, aka the Cookie Directive. To comply with the local laws of each country, your visitors must be provided with a clear information about how cookies are used on your site (even third-party cookies), and an easy way to consent (or not) to them. We will now see what solutions we can implement to comply with these laws.

Cookies audit

In order to be able to comply with that directive and its transpositions in local laws, the first step to perform is a cookie audit of your site.

Here is a short list of free cookie audit services and solutions:
  • By listing all the trackers set on each page you are browsing, the Ghostery plugin helps you see the invisible web made of the tags, web bugs, pixels and beacons that are included on web pages in order to get an idea of your online behavior. It comes as a plugin for the most used browsers (Firefox, Safari, Google Chrome, Opera, Internet Explorer and iOS).
  • Optanon cookie auditor is a Google Chrome plugin that captures all the cookies being set by the visited site (including third-parties) while you browse.
  • Cookie Cert proposes a free cookie audit, with up to 100 pages audited monthly.
  • The Attacat cookie audit tool, a Google Chrome extension, automatically generates custom cookie information for your privacy policy.

Javascript code and jQuery plugins

  • The cookiesDirective.js provides a mechanism for gaining explicit “consent to cookies” from your users, as well as a facility to prevent the creation of non “necessary” cookies (like those created by third party javascripts such as Google Analytics) before the user has given their consent.
  • cPrompt is a lightweight minimalist javascript implementation that does not rely on the jQuery framework.
  • Cookie control is a very nice and unobtrusive implementation.
  • jConsent is a plugin by Wolf Software to meet the legal requirements of the cookie law. It is free when branded with a Wolf Software link, but offers a debranding license per domain (£25 at the time of writing).
  • jNudge is another plugin by Wolf Software to alert visitors about policies change and inform them of a technology you are using.

Social Share Privacy


Social networks are spying on websites visitors as soon as these sites show a third-party button (like a Facebook Like, a Twitter or a Google+ button). Furthermore, if you are still connected to these social networks, that tracking data can be linked to your real identity.

An interesting solution has been developed for websites editors, showing first a dummy button for the social network action of choice that needs to be clicked to be activated. This way, the visitors are invisible for these networks unless they actively want to interact with them.
That solution comes as a jQuery plugin named Social Share Privacy.

Content Management Systems plugins and modules

Drupal offers a module named Cookie control that can also handle the Google Analytics module, and apply cookie consent restrictions to specified countries or to the whole world.

WordPress proposes many plugins: Cookie Cert, EU Cookie Directive, Cookie Control, Cookie Law Info

Other ways to store data

That directive includes any kind of cookies, whatever the technology used in the background, so zombie cookies cannot be used either if you want to comply with this directive. However, it may be interesting for testing purposes to understand how to set persistent cookies on visitors' devices.

Ever cookie is a javascript API that uses persistent cookies through 13 different mechanisms: standard HTTP cookies, Local Shared Objects (Flash supercookies that can store up to 100kb of data), Silverlight Isolated Storage, PNG images (the data is stored as RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels back out), Web History, HTTP ETags, Web cache, window.name caching, Internet Explorer userData storage, HTML5 Session Storage, HTML5 Local Storage, HTML5 Global Storage, and HTML5 Database Storage via SQLite.

Audience measurement

The most used tool for audience measurement and analyze is Google Analytics, and that solution relies on cookies your visitors will or will not accept. Even if some countries, like France, exempt from prior consent the cookies used to that aim, there are other solutions available to keep tracking your visitors while abiding to the law.

One of them is using Piwik, an open source web analytics software for which cookies support can be disabled, using other heuristics on browser footprint.

Conclusion

In that post, we have seen different solutions to propose a way for your visitors to accept or not cookies from your web site, be they first or third party. Of course, the first step to take is to perform a cookie audit to get an idea of the number of different cookies your site is relying on.

A question is still open regarding affiliation. As most of the affiliation systems rely on cookies to track the visitors you have sent to the merchant sites, implementing that directive without thinking about its implications could lead to an important loss of sales. The wording of the messages explaining the use of the cookies on your site and on the concerned merchant sites to get your visitors' consent is thus very important.

Illustration source: Veggieburgerfan via Wikimedia Commons


Solutions à la Directive des Cookies (in French)
La ley de las cookies: soluciones (in Spanish)
Soluções à diretiva dos cookies (in Portuguese)
Published by
Tags: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)