Helping webmasters comply with the EU cookie law
Switch branches/tags
Nothing to show
Clone or download
Latest commit 820e37a Nov 25, 2016
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
js Update consent.js Mar 16, 2016
README.md Added license. Close #4 Nov 25, 2016
cookies.html Code refactoring, easier to work with Dec 31, 2014
demo.html Code refactoring, easier to work with Dec 31, 2014

README.md

Helping webmasters comply with the EU cookie law

Why?

The EU passed a law some years ago that required all websites to warn about the dangers of cookies. I'm not going to comment on it here; if you want my opinion, please read this blogpost

It is now being enforced and some people are being fined, so it requires urgent action

What does this mean for me?

What this law means for developers is that some Analytics cookies can't be set unless the user grants consent. Every country has a different interpretation of the EU directive, but in Spain, just displaying a "cookie banner" is not enough. No cookies can be set until the user takes action. This is a real PITA, especially for small sites.

This script helps webmasters track user action. Using the Spanish interpretation (page 22), consent is either:

  • The user scrolls the webpage, while the notice is visible
  • The user clicks on any link on the page

By using this script, webmasters can add all their cookie-dependent code in just one place: doConsent()

Does it affect me?

The directive affects all websites which are based in the EU or have a significant amount (vague legal term) of visits coming from the EU.

The Spanish interpretation of the directive establishes that personal pages which do not offer commercial services are not affected by the law. I, however, prefer to include the banner nevertheless.

I am not a lawyer, so this is not legal advice.

Demo

  1. Clone this project
  2. Open demo.html in your browser
  3. Open your javascript console
  4. See how the cookie is set when the user closes the box, scrolls or clicks on a link

Tip: Chrome does not allow local files to set cookies, so this demo won't work on Chrome.

You can see an online demo at my own page, which uses this same javascript

To implement it in production

  • All HTML files in your site must include the cookieBanner div.
  • All HTML files must include consent.js and jQuery, which is used to detect scrolling and adding listeners to links: <script src="http://code.jquery.com/jquery-1.11.0.min.js"></script> <script src="js/consent.js"></script>
  • Edit js/consent.js and customize code with any XXX comment

Optional:

  • Move the <style> section into your production CSS file.
  • Change the name of the div on the HTML files and consent.js
  • Change the cookie expiry date, currently set to 1 year
  • Remove console.log() function calls
  • Edit cookies.html as the page name which is safe to browse without giving consent (read below)
  • Change the banner text and links. The default is more or less safe for EU regulations, but IANAL.

How does it work?

The cookie div is hidden by default with CSS and will be displayed, if needed, by consent.js. The script:

  • Will first check if there is a consent cookie. Otherwise (i.e. first visit of the user) the banner will be displayed.
  • If the cookie grants consent, the script will execute the doConsent() function.
  • If the cookie denies consent, no script will be executed.

How to grant consent?

The law establishes the following user actions:

  • Scroll the page. Feel free to edit the code and add a minimum scrolling length if it is required by your country.
  • Click on a link (which does not belong to the class noconsent, see below)

These two actions can be derived from the former:

  • Close the banner, since the user will actually click on a link.
  • Clicking on a link which belongs to the class allowConsent will re-set the grant cookie. Useful to grant consent after denying it first.

What does not grant consent?

  • Scrolling on a page whose name is cookies.html. It is not detailed in the law, but I feel that clicking on the link which displays the cookie policy shouldn't be interpreted as granting permission. Feel free to change the name in the code.
  • Clicking on a link which belongs to the class noconsent. You can notice that the link to cookies.html is one of these.

Pull requests and comments will be very welcome!

Donations

If this project saved you some time, please donate to the EFF so they can fight against stupid laws.

License

ISC License

Copyright (c) 2014-2016, Carlos Fenollosa (carlos.fenollosa@gmail.com)

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.