Tag: cookies

There’s been quite some cookie talk lately on this blog and one reason why is that I have as CEO of my little startup been looking for a cookie consent banner which costs nothing for my website.

So why only now. Well, I did only have essential cookies on my website until recently which didn’t require cookie consent. I had inserted a banner and notice. However, I started adding YouTube videos and Chat, which came packaged with an analytics engine, Zoho SalesIQ.

So when one of my Linkedin Connections was kind enough to point this out, I responded without thinking, that only essential cookies are used…… I was feeling just a bit little stupid when I realised that I’d been so deep in getting my business out to market, that I’d actually missed the privacy thing, which is not good, after all my business is about GDPR compliance!

So I was on a mission, install a cookie consent banner with a preference centre on my website, catch was that I had not budget for this. I am after all a small business, and all these small costs add up to something more. And not all small business have funding for extra overheads. I wanted to find something which I could recommend to my customers/partners, many are SMBs, so they have (1) a free option, and (2) paying option.

Criteria for SMB as I see it is:

1. There must be a free option
2. It must work on all websites, e.g. even OneSpace, Wix, one.com
3. It must be easy to setup without too much technical know-how.

Most cookie banner solutions cost money, and you can expect to pay circa €9 per month. However, there are some free ones out there, with restrictions such as a single domain. But this is good enough for most of my customers.

On a technical level it needs to work on all types of websites, e.g. mine is hosted on one.com, and some which I came across and tested didn’t work because they required that I install code in the Header html, and I don’t have access to this. I can only insert code within the page/footer).

Ease of setup, was not great. I spent 2 days looking/testing suitable cookie consent banner. Of those I found, I tested 8, and became extremely frustrated because IMHO this should be EASY, but it was most certainly not. I am not technophobia, and do have a decent level of competence to make this work. But it required javascript, and of all I tested only 2 came close, and only one met the technical criteria for the SMB and the cost criteria. That was Termly.

Now, I still say there is no excuse for how the Guardian’s banner was configured, they have money to pay techie to do this work, but for a small business, setting up a cookie consent banner is not reasonable. If 2 days work is required to find/test and install one. That is why I have written this blogpost. If you’re an SMB you don’t need to waste time looking. Carry on reading for an alternative to Termly later on….

It doesn’t stop here. I then checked this blog to look at cookies. This blog was originally setup by myself in 2007, and cookies weren’t a big thing then. Even since, I haven’t given a thought to my musings on this blog, and that a cookie consent banner is necessary, because I wanted to believe that Article 2 applied, household exception. However, now we are many Authors, and unfortunately WordPress downloads over 80 cookies! Even though this is a personal blog, now for many, we needed to fix this -now that I’m on a cookie kill drive, and starting to hate these little blighters!

Now if your business website is using WordPress you must upgrade to Business to get the Plugin for free, and this should be easy to install, although I haven’t tried yet, because this is a personal blog, and I don’t intend to upgrade at a monthly subscription of €35 just to get my hands on a cookie consent banner. I checked some other cookie banner options. I received a tip on Metomic from a privacy Connection, and I liked it, wish I’d found before. But when it scanned this virtualshadows blog it reported there were no cookies, which is a lie. It could be that it is a not on its own domain. But Metomic looks easy to use, is free, and could be worth testing as an alternative to Termly. I may even replace Termly with Metomic, but it does require some code in the website Header, not sure if this is required or optional.

As it looks now, unless I find a free cookie banner, this blog will be migrated to another platform. Criteria, it must be free of cost, and free of cookies.

My takeaway from the last 3 days…. is that the cookie consent banner has pulled me -a single-man resource in my business- from product development and from revenue generating activities. GDPR has in practice blocked innovation and growth. I became angry and frustrated, not only by the activity, but at the thought that every small business out there which requires a cookie consent banner will find it just too difficult to fix, and they don’t have budget to pay someone else to do this as the larger organisations have.

I am seeing more and more the new type cookie banner, which basically informs you of non-essential cookies, i.e. it is not required for the essential ones which is great, however…. there is some creative engineering active which is not compliant with GDPR. I am accepting non-essential cookies, for whatever the reason on my side, but this is because on the cookie side, opt-out is not set as a default. Let’s take a single example.

I was visiting the Guardian newspaper this morning and it got me thinking again about cookies. Privacy by design as a default is about ensuring that the user needs to do nothing to protect his/her privacy, data protection by default in the GDPR is based on this concept. However, what I found on the Guardian website, was most definitely not opt-in, it was opt-out, and the Guardian newspaper is British, still part of the EU?

What I observed was a very interesting technique to discourage the visitor to opt-out. When I first arrived on the Guardian newspaper website the following notice pops up on the Cookie Banner, which looks good.

We and our partners use your information – collected through cookies and similar technologies – to improve your experience on our site, analyse how you use it and show you personalised advertising.

But then it continues with the following. The default I’m OK with that is not what I would expect unless by default all cookies are in opt-out mode. But at this stage I really have no idea. My expectation as a privacy guy is that opt-out is the default setting.

However, when clicking on Options, the following message is displayed, and it still is not clear if cookies are loaded onto the visitors device as a default or not, the Off booleans are not selected, nothing is.

I went to the cookie notice and found that in fact the default was that cookies are downloaded as a default, and it is necessary to go through to another site to configure.

And this is what got me thinking. Non essential cookies as a default should be switched off, i.e. opt-out. And it should not be more difficult to opt-out than to opt-in.

This clarification on the use of consent came out last week, and provides no surprises for those working daily with GDPR compliance. What is noteworthy though is the mention on the use of “cookie walls”.

What is a cookie wall then?

One of the principle factors that one should keep returning to when thinking about compliance with GDPR is a single word CHOICE. Those who have attended any training I’ve delivered will hear my voice in their head now… CHOICE IS A HUMAN RIGHT. Now if there is no choice, then it is not compliant with GDPR, and the use of cookie walls is a good example.

A cookie wall is whereby it is impossible to use a website without accepting ALL cookies. In fact the website will not work unless all cookies are downloaded. There must be a choice. Take a look at UK’s .ICO website for an example, and here you can even find the toolkit to make this possible on your website!