Cookies and Privacy Policy
As much as I am for privacy, the cookie consent crap is bad on so many levels. The implementation is most of the time unclear and the recommendation is always an overly broad, expensive third-party service. I get it, paying lawyers to (maybe) understand the law and write copy and update cookie databases costs money, but their plans are often ridiculous, counting sessions/page hits, "protects" only 50 webpages and so on. But we have to follow the law, so no questions asked (shrug emoji).
Here are some entry-level solutions and resources if you would rather not buy a lifelong subscription of commercial services.
Cookie Scanner
https://coding-freaks.com/cookie-scanner – scanner and resources to deal with
https://app.termsfeed.com/ – Partially privacy compliance tools (scanner, banner generator etc)? Pricing
Cookie Consent Banner
🍪 https://github.com/orestbida/cookieconsent – Open-Source JavaScript solution, without any backend, if you want to roll your own (only if you don't use Google or some other invasive tracking stuff, also not content log, just a call back to save that yourself)
🍪 https://www.cookieconsent.com/ – another JavaScript-Only solution that only takes care of displaying and interacting with the banner.
Cookie consent banner checklist
- Use clear and simple language for the cookie notice.
- Briefly explain the purpose of cookies used.
- If the website uses third-party cookies, then mention that in the banner.
- Provide both ‘Accept’ and ‘Reject’ buttons prominently on the banner, so users have a free choice.
- You may also add a close button to dismiss the banner without setting cookies.
- Include a ‘Customize’ button so users can give granular consent for specific cookie categories.
- Show a cookie list on the second layer (Preference center) of the banner for complete transparency.
- Include a link to Cookie Policy or Privacy Policy (that has a cookie clause).
- Add a revisit widget so users can easily change their cookie preference or withdraw consent.
- Avoid using dark patterns that mislead or trick users into giving consent.
https://www.cookieyes.com/blog/gdpr-cookie-consent-banner-examples/#Cookieconsen-3
Cookie Consent Logging
Article 7(1) of the General Data Protection Regulation (GDPR) states that:
Where the processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to the processing of his or her personal data.
If a website processes the personal data of the EU users, it must be able to show that these people have consented to it. In the case of cookies, the website must keep records to prove that its users have given their consent to store the cookies on their devices.
Cookie Database
https://cookiedatabase.org/ – Everything is probably based on this database :)
API: https://cookiedatabase.org/wp-json/cookiedatabase/v2/
https://coding-freaks.com/cookie-database – another database with API
https://github.com/jkwakman/Open-Cookie-Database – The Open Cookie Database is an effort to describe and categorise all major cookies. All cookie descriptions are saved in a downloadable CSV file.
Cookie Consent Providers
- https://github.com/eibiflo/cf_cookiemanager – free service?!
- https://consent.studio/ – reasonable pricing, 1 week trial period then it's locked
Research
https://github.com/koenberkhout/dark-patterns-project - Tools for the Cookie Dialog Compliance project. Chrome extension + PHP backend using the Fat-Free Framework. Thesis: https://cs.ou.nl/members/hugo/supervision/2022-cookie-dialog-compliance-bsc-thesis.pdf
