Written by Sven Berg Ryen, Leader of the GDPR audit team at Ramsalt Lab

EU Cookie Compliance, one of the top 100 Drupal modules, is a Drupal module that offers a cookie consent banner with various features, making it more convenient for your site to become GDPR compliant. GDPR is the new data privacy regulation that came into effect on 25 May 2018 and it sets out to bolster the rights citizens of the EU have over their data which is held by companies. Ramsalt Lab is currently supporting and maintaining the module as part of our GDPR audit services.

Does your site have traffic from EU? Then you need to ask for consent

According to GDPR, if you have any traffic from EU citizens on your site, you need to ask for consent before you, or third-party scripts, process any of their personal data.

One recurring GDPR feature request we’ve seen over the past few years has been to allow granularity in the cookie compliance consent, so that the user could accept or decline various cookie categories. This feature has now been added to the recently released versions 8.x-1.6 and 7.x-1.29. You can find the new consent method on the module settings page. To enable this feature, select “Opt-in with categories” as the consent method.

In this blog post, you can learn how to configure the EU Cookie Compliance banner to use GDPR categories, as well as how to use the categories in your code to track the user only when they give consent.

The different GDPR consent methods that the EU Cookie Compliance supports.

GDPR consent banner configuration

Choosing this consent method reveals an expanded set of fields named “Cookie Categories” that you can find beneath the “Consent method” options. Here you can set up your cookie categories and configure how the banner behaves. Let’s first look at the categories:

Field for GDPR cookie categories showing configuration where 4 categories are entered

Categories are entered using the following pattern: “key|label|description”. The description is optional. The above setup will result in the following EU Cookie Compliance consent banner:

The resulting GDPR cookie banner, with the categories "Strictly necessary", "Performance", "Functional" and "Advertising" showing.

This will result in a fairly large GDPR consent banner. Note that the banner appearance in EU Cookie Compliance is based on a Drupal theme template, so you could always create a theme specific template and for example place the descriptions on the same line as the title, or perhaps have the descriptions appear on hover if space is a concern. By default, the banner has two buttons when you use the category consent method: “Save preferences” and “Accept all cookies”.

Below the text field for cookie consent categories are some additional options. The first option, which is on by default allows you to replace the “Agree” button with the two “Save preferences” and “Accept all cookies” buttons. In addition to labeling the buttons, you can also choose to make the first option compulsory by choosing “Tick the first checkbox and mark it read-only”. You can also choose to “Tick all category checkboxes by default” to make it more convenient for the user to opt-in to cookie usage under GDPR.

Screenshot showing the configuration options for the cookie banner with categories.

Limit scripts and white-list cookies per category

When you're using this consent method, you can prefix the white-listed cookies and scripts you want to run only when the user has given consent. Simply prefixing the field entries with the category key will do the trick. For example:

To limit scripts based on category

If the category key is advertising: "advertising:path/to/the/script.js"

To white liste cookies based on category

If the category key is functional: "functional:cookie-name"

Note that only when consent is given for a category, will the prefixed cookie be white-listed.

Code usage

In order to let your site and javascript comply with the cookie preferences set by the visitor, you may have to write some custom code. Although EU Cookie Compliance has some options to whitelist cookies and block scripts, not all scripts are added to the page source using the standard Drupal methods and can be altered through f.ex hook_js_alter in Drupal 7 (which is what the module attempts to do).

EU Cookie Compliance has for years had a method you can call to check if the user has agreed to store cookies and processing their personal data:

Drupal.eu_cookie_compliance.hasAgreed()

This function will return true when consent is given, and false when the user has declined processing of their data.

With the newly introduced categories, you can call the same function with a parameter:

Drupal.eu_cookie_compliance.hasAgreed(category)

Where ‘category’ is one of the category keys that you have defined on the EU Cookie Compliance module settings page, for example:

if (Drupal.eu_cookie_compliance.hasAgreed('performance')) {
  // Load scripts that deal with performance.
}

Conclusion

Many high profile sites allow visitors to choose among categories when the visitors give consent to the processing of private data through cookies in their browser. Now your site can do offer the same granularity if you use a recent version of the EU Cookie Compliance module.

If you need help setting up your GDPR cookie banner, or have questions about how your site can become GDPR compliant, you can always get in touch with us at Ramsalt Lab through our contact page.

 

Written by Sven Berg Ryen
Developer and Leader of the GDPR audit team at Ramsalt Lab


Sven Berg Ryen

Share this post

Siste nyheter