Without permission, we may not write cookies to the hard disk of our reader. Because it belongs to her, not to us. By accessing our site, she has already implicitly given her consent to store our technically necessary cookies. Because they are technically necessary to read our post. But she must explicitly permit us to save the other cookies on her computer before we are going to do so. Moreover, we must have enabled her to query what these cookies are for before we offer her to answer our request. That’s the meaning if we talk about properly used cookies.
For this, bootScore offers us a configurable cookie approval dialogue evaluated by the bsCookie-plugin:
Solution
- Download bsCookie.
- Install the zip file via the plugin management of your WordPress backend.
- Determine the cookies you want to install on your reader’s computer.1
- Assign each of these cookies to one of the groups ‘necessary’2, ‘advertising’ or ‘analytics’.
- In the dialog ‘Appearance/Widgets’ drag a widget ‘Customer HTML’ into the widget group Footer‑4.
- Enter the script lines into that sub-widget as offered by bsCookie documentation.
- For each of your plugins add an entry into the corresponding section.
- Link your privacy page into the dialog by replacing #yourprivacypolicy accordingly.
- Translate the texts into the language of your site (or create an additional entry according to your multilingual strategy).
Background
Asking for permission to write cookies via a dialogue is only one side of the coin. Cookies can also store (personal) (identification) data. So, the respective web server can ask for that information and hand it over to third parties. Hence, we must mention such cookies in our data protection concept additionally. To enable our readers to call this page directly from the cookie consent dialogue, the bsCookie dialogue text contains a link whose value #yourprivacypolice we should aling accordingly.
It has become a good tradition to group cookies functionally and to ask once for the complete group whether we may file the respective cookies. That’s legally not necessary: We could also let the use of cookies agree or disagree quite generally.3 Or we could make every single cookie selectable or deselectable — which would overload the dialogue.
However, at first, we need to know which cookies our site writes and what the cookies actually do. Our browsers can support us. For example, by means of its ‘Privacy and Security’ dialog. Or with the help of a browser plugin4, which shows directly for each called site/page, which cookies have been written by it. But what our cookies do, we have to determine separately.
Once we have grouped our cookies functionally, we only need to create the appropriate groups as sections in the bsCookie dialog. Then we must insert for each cookie — associated with that group — an entry in the respective section. For the three common groups ‘necessary’, ‘advertising’, and ‘analytics’ bsCookie already provides the respective code. If these groups fit our needs, it is sufficient for us to describe the cookies in and with the single entries. Assuming we wanted to get permission to write the three cookies necessaryBsCookie, advertisingBsCookie, and analizingBsCookie, the JavaScript code of the bsCookie consent dialogue should look like this:
<script>
// Init
window.addEventListener('load', function () {
// obtain plugin
var cc = initCookieConsent();
// run plugin with your configuration
cc.run({
current_lang: 'en',
autoclear_cookies: true,
page_scripts: true,
languages: {
'en': {
consent_modal: {
title: 'Cookie Consent Request',
description:
'We use cookies to remember and reuse your preferences for future visits. By clicking “Accept all”, you permit us to use all cookies, technically necessary as well as functionally helpful. By clicking “necessary only”, you forbid us to use the functionally helpful, but technically not necessary cookies. For a more detailed consent, visit <a data-bs-toggle="modal" href="#bs-cookie-modal">Cookie Settings</a>.',
primary_btn: {
text: 'accept all',
role: 'accept_all'
},
secondary_btn: {
text: 'necessary only',
role: 'accept_necessary'
}
},
settings_modal: {
title: 'Cookie settings',
save_settings_btn: 'Save settings',
accept_all_btn: 'accept all',
reject_all_btn: 'necessary only',
close_btn_label: 'close',
cookie_table_headers: [
{ col1: 'Name' },
{ col2: 'Domain' },
{ col3: 'Expiration' },
{ col4: 'Description' }
],
blocks: [
{
title: 'Cookie usage',
description:
'We use cookies to provide core website functions and to enhance your reading experience. For each category, you can choose to use them or not. For more details about cookies and other sensitive data, please read our <a href="https://karsten-reincke.de/datenschutz">Privacy Policy</a>.'
}, {
title: 'Necessary',
description:
'These cookies are essential for our website. Without them, the website would not work properly',
toggle: {
value: 'necessary',
enabled: true,
readonly: true // cookie categories with readonly=true are all treated as "necessary cookies"
},
cookie_table: [
{
col1: 'bs_cookie_settings',
col2: 'bootScore.me',
col3: 'deleted if your session becomes invalid',
col4:
'cookie into which bootScore and the plugin bsCookies stores your cookie preferences',
is_regex: false
},
{
col1: 'necessaryBsCookie',
col2: 'https://karsten-reincke.de',
col3: 'next 100 days',
col4: 'demo cookie of "pimp your BootScore"',
is_regex: false
},
]
}, {
title: 'Analytics',
description:
'These cookies allow the website to remember the choices you have made in the past',
toggle: {
value: 'analytics', // your cookie category
enabled: false,
readonly: false
},
cookie_table: [ // list of all expected cookies
{
col1: 'analizingBsCookie',
col2: 'https://karsten-reincke.de',
col3: 'next 10 Days',
col4: 'demo cookie of "pimp your BootScore"',
is_regex: false
}
]
}, {
title: 'Advertising',
description:
'These cookies collect information about how you use the website, which pages you visited and which links you clicked on. All data is anonymized and cannot be used to identify you',
toggle: {
value: 'advertising',
enabled: false,
readonly: false
},
cookie_table: [ // list of all expected cookies
{
col1: 'advertisingBsCookie',
col2: 'https://karsten-reincke.de',
col3: '2 weeks',
col4: 'demo cookie of pimp your BootScore',
is_regex: false
}
]
}, {
title: 'More information',
description:
'For further questions concerning our data management, feel free to <a href="https://karsten-reincke.de/impressum">contact us</a>.',
},
]
}
}
}
});
});
</script>Entering the information into the code of the cookie consent dialogue is one thing. Activating the code is another. To do that, we put the customized bs-cookie-settings JavaScript code into a Custom HTML element that we added to the Footer 4 widget. In principle, we could embed the Custom HTML element in other widgets as well. However, bsCookie suggests Footer 4 because the JavaScript code should be embedded at the end of a page. Anyway, all pages using a template containing the Footer 4 widget will then display the cookie. That’s the method of how we solve the problem of ‘deep links’.5
That left us with three final tasks:
- First, we will often want to linguistically customize our consent dialogue as well. For that purpose, we can modify the JavaScript code mentioned above.
- Secondly, we will have to adjust the appearance of the dialog. By default6, the dialog is placed transparently over the existing text. This prevents our visitors from properly reading the one or the other. We can visually design the consent dialog by adding the following lines to our file _bscore_custom.scss:
// design the bsCookie-Dialog #c-inr { border-color: darkblue; border-width: 2px; border-style: solid; background-color: #eef; color: blue($color: #000000); padding: 5px; } #c-p-bn { border-color: darkblue; } #c-s-bn { border-color: darkblue; } - Third, we need to implement the semantics of the cookie consent dialog. If we want to walk the talk, we need to implement our ‘storing the cookie JavaScript code’ in a way that it writes only the technically necessary cookies without consent, and that it otherwise stores only the cookies from the groups for which there is consent.
I will take up this last point in a separate post …
[contextBscPrivacy]
- We have to keep in mind that our plugins can also try to store cookies. So it’s not enough to just look for the corresponding JavaScript commands in our own posts and pages [↩]
- Cookies that we assign to this group will lastly be placed on our reader’s hard drive even without explicit consent, precisely because they are technically necessary. So we must be able to prove if necessary that these cookies are indeed technically necessary. [↩]
- However, greater granularity is in our interest. Because if a reader doesn’t want one thing — e.g. advertising — she could still allow the other — e.g. analytics. That way, we would still learn at least a part of what we hoped to learn overall. [↩]
- e.g. with the Cookie Editor [↩]
- We must keep in mind that our readers could directly call links to deeper embedded pages. Even in this case, we may only write cookies, if we are allowed to do so. [↩]
- at least up to bsCookies, version 5.3.0 [↩]