-
Notifications
You must be signed in to change notification settings - Fork 213
Cookie consent
European Union regulations require website users to give informed consent to some data our app stores on their machine. This includes, for example, cookies, and HTML 5 local storage. Google Maps and New Relic are big calorific jars of delicious cookies. Rails also has some cookies.
In UK websites, consent is often requested by pop-up banners, or by small print on the website.
We need to catalogue a few realistic options, discuss them among our team, and agree one with the client.
Follow the links to examples of cookie consent in action
(please add your suggestions; review and edit those posted here)
Are our users sufficiently well informed to look for our cookie policy, and delete or disable unwanted cookies in their browser? Do our cookies meet the conditions to be exempt from the consent requirement?
London's Open Data Institute has a simple banner at the top of the page with "This website uses cookies to provide you with the best experience. Continue Read more" The continue button hides the banner.
The ODI code is probably open source, though I haven't seen it yet.
The British Information Commissioner has a non-scrolling banner that overlays the bottom of the viewport.
"We have placed cookies on your computer to help make this website better. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue." "Don't show this message again"
The "don't show" link hides the banner
In this prototype we have linked a Javascript modal dialog to the 'rack-policy' gem, so that every user has to accept cookies. We can be sure we comply with the law since a user always has to accept or reject to see the page.
Another, perhaps a little less intrusive, way to present the user with the choice to accept or reject cookies is by displaying an alert. In this demonstration we have placed the alert in the header section of the page. This can easily be moved down to the footer for a lesser effect.
British phone company BT uses proprietary code to show a slider, which a user moves to choose necessary, functional and targeting cookies. The user needs to scroll below the fold to find the link to the cookie setting slider.
Q: Do the EU regulations require that people give explicit consent and if they don't, that we have to disable cookies?
A: Yes, but there are exemptions for some functional and first party cookies.
Q: Do we have to list each cookie's name and what it does?
A: We think no
Q: Do the exemptions apply to us?
A: LocalSupport cookies are probably exempt: they are generally session cookies, and only for logged in users. (We will probably add a persistent cookie to track cookie consent!) However, our site also sets third party persistent cookies from New Relic (analytics) and Google (maps): we still need informed consent for those.