Google have recently emailed webmasters who use products such as Adsense and Analytics warning them they must comply with EU website visitor cookie user consent policy by 30th September 2015.
The updated policy is mostly concerned with website operators not obtaining end user consent regarding data collection, sharing and usage. Webmasters must take steps in providing clear information on the site about how cookie data is used.
You’ll have noticed a lot of websites now feature a pop up notification bar along the top or bottom of the webpage telling the user about cookies.
You need to create one for your site.
If you run a website you probably have cookies enabled. In fact, most of the “free internet” we take for granted is supported by targeted display advertising powered by cookies.
It is rare for a website today to not use cookies.
It Could Cost You
If you don’t comply with the policy you might have to answer to the EU.
I’ve heard of business owners facing fines regarding the current EU VAT situation and I wouldn’t like to imagine what will happen to websites not following cookie protocol.
To be fair, I’ve been talking about this since February 2014 when I wrote a post about the biggest shake up in marketing for decades. Although I’ve yet to hear of anyone getting fined over cookie non-compliance, I wouldn’t want to take any chances.
Edit: Heather Burns just tweeted me with info on EU cookie fines. Apparently a Spanish jewellery shop was issued with a fine of €3,500 and a Netherlands public broadcaster was stung with a €25,000 fine:
@SmallBizGeekUK If you’re looking for info on penalties & fines, https://t.co/T5iEykd0cQ
— Heather Burns (@idea15webdesign) September 1, 2015
How else could it cost you? Well, as I mentioned earlier on, Google Adsense runs on cookies. Does your website use Google Adsense?
For the sake of argument, let’s say it does. It’s a possibility you’ll lose your account and any monies owed to you if Google deem you not to be operating in accordance with their policy; and that policy is driven by the EU privacy directive.
What’s a “Directive”?
The problem with directives is that no one really knows how to implement cookie consent or wants to take responsibility.
As long as the results are achieved, a “directive” lets each EU member state provide their own guidance on how to become compliant… which feels like apathy all round.
Google stepped in and ended up releasing their own javascript pop up notification template in 2014 (at http://www.cookiechoices.org) and I used that because it wasn’t detrimental to website performance like some of the others were.
The code Google provided to webmasters wasn’t perfect but a minor javascript tweak fixed it and it became the solution for me. More on that in a minute.
EU “Cookie Law”… WTF?
The cookie requirements are backwards and draconian, and usually the result of elderly, out of touch EU legislators. I know, I know… that sounds ageist.
I’m sure most people agree, that in principle, it’s not a bad idea to be responsible with data usage.
But these technical criteria are off base. It’s not necessarily Google’s fault either.
They have to obey EU law if they want to play in the European sand box so keep that in mind.
One of my EU “jokes” I came up with is to deliberately mispronounce European Union as European Onion, and follow up by saying that if you peal each layer you’ll probably cry.
Here’s a video someone made to help clue you in on the cookie madness:
Ignore Google’s Warning At Your Own Risk
Here’s the part you should pay attention to: this all applies to anyone serving their website to citizens of EU member states.
That pretty much includes everyone, unless you have some kind of geoblocking on your site preventing European users accessing your website.
Although this conversation has been going on for a few years, I’m surprised Google didn’t send their email warning about cookies to webmasters sooner.
This is what I saw in my email inbox the other day: And here’s the body of the email:
Dear Publisher, We want to let you know about a new policy about obtaining EU end-users’ consent that reflects regulatory and best practice guidance.
It clarifies your duty to obtain end-user consent when you use products like Google AdSense, DoubleClick for Publishers and DoubleClick Ad Exchange.
Please review our new EU user consent policy as soon as possible. This requires that you obtain EU end users’ consent to the storing and accessing of cookies and other information, and to the data collection, sharing and usage that takes place when you use Google products.
It does not affect any provisions on data ownership in your contract.
Please ensure that you comply with this policy as soon as possible, and not later than 30 September 2015. If your site or app does not have a compliant consent mechanism, you should implement one now.
To make this process easier for you, we have compiled some helpful resources at cookiechoices.org.
This policy change is being made in response to best practice and regulatory requirements issued by the European data protection authorities. These requirements are reflected in changes that have been recently made on Google’s own websites.
Thank you in advance for your understanding and cooperation. Regards, The Google Policy Team
This was presented in my Adsense account when I logged in to check earnings: This is certainly not news to me although it appears many others are either unaware or turning a blind eye.
I know plenty of Adsense publishers who have told me outright they intend to ignore the warnings because they “don’t agree” with it.
I don’t agree either. But I also don’t want my Adsense account banned. Do you?
I also don’t want to fall foul of the UK’s ICO, responsible for implementing data protection and the EU directives.
But You Don’t Use Adsense
Even if you’re not an Adsense user, there’s a good chance you use Analytics or other tools like Facebook and Twitter, also using cookies.
Making your site as compliant as possible by at least writing cookie and privacy policies for your website should be your agenda if you haven’t already done so.
Small Biz Geek has no cookie based display advertising, but it does use Google Analytics to track anonymous statistical visitor data and I need to make this clear to visitors.
My point is, a stitch in time saves nine so make hay while the sun shines!
Website Trust Signals
By the way, I suspect page ranking and trust signals have a slight correlation with sites providing transparency and disclosure.
If you have pages about terms and conditions, cookies and privacy I believe your site looks more trustworthy to both visitors and search engines.
That is only my opinion though.
Cookie Consent WordPress Plugin
If you’re a WordPress user, you’re in luck. I have used a plugin called UK Cookie Consent on Small Biz Geek and so far it works well.
Cookie Consent Javascript
Whether it’s pop up notification bars or information disclosure, templates are available.
A few solutions have popped up over the last year or so but the one I tried initially slowed down my website and caused me to lose traffic.
There are WordPress plugins that can handle this if you want to go that route.
If you want to use Google’s own javascript pop up, this means a little bit of manual labour. I prefer this to relying on plugins but I could change my mind.
Please be aware they appear to have removed the code from the present day version of www.cookiechoices.org although it is still obtainable in the cached web archive from September 2014.
The video below is me doing a run through of the javascript method:
1) Add Code to Website Head
Add the following code to your website’s head section on each page.
If you use WordPress, this is relatively easy since there is one area in your dashboard where you paste it:
The first thing you’ll notice about the code is that it references a javascript file called cookiechoices.js in the root of your website.
Remember that filename because you’ll be downloading, modifying and copying this in your websites public html folder, where your site’s index file is stored.
The second thing worth noting is that you can customise the message that appears to site visitors as well as directing them to a page where they can “learn more” about cookies.
It’s important you send them to a webpage about the cookies and data you use on your site.
2) Get Javascript File & Add to Site Root
The javascript we saw in the website code above can be downloaded as a ZIP archive here.
Once you have it, open it in something like Dreamweaver or Notepad++ because you’ll be making a few changes for aesthetic reasons.
The appearance of the notification bar itself is controlled mainly with padding and colours. Search for the following code to alter CSS:
The other change is what I consider the most important, since it answers a frustrating question many webmasters implementing Google’s javascript have asked.
The question is: “Why does the pop up notification keep reappearing on other pages on my website when the user has already said they’re okay with cookies and clicked close?”
The answer is: because the javascript is not setting the cookie on the root domain of the website, only pages. This can be observed in the following code, which is how it is out of the box:
All we need to add is path=/;
on the last line, so it looks like this instead:
If you want the cookiechoices.js raw code you can get it below. The global path for setting the cookie has been added already so need for you to do anything:
3) Create Privacy Policy & Cookie Disclosure
There are a number of free tools online for creating a privacy policy.
One such tool is Free Privacy Policy Generator which will ask you to specify certain criteria by checking boxes before producing the privacy policy. You could download the text and then edit/reword it as you see fit.
Check out my own privacy policy for Small Biz Geek and you’ll see it is pretty straightforward.
As far as I am concerned you can copy and paste it for your own site. I don’t think legal boilerplate is something Google worries about in terms of duplicate content violations.
Analysis
As for as cookies go, it’s stupid that we have to be so explicit about informing users.
If website visitors decide to switch cookies off, it will mean your Adsense ads will not serve personal ads and Analytics will not know about certain visitors.
Privacy and data may be an issue where it is abused but these EU webmaster requirements are adding the wrong kind of friction to the general internet user experience.
I’ve been reading comments from the perspective of end users/consumers and many of them think the pop ups are annoying (especially when the pop up keeps coming back because the permission cookie hasn’t been set globally on the root URL, as mentioned earlier).
The Google “Cookie Choices” website is in fact an ultimatum and one I suggest you accept if you want your website operations to run smoothly.
While the EU fines are rare, I would hate to be looking over my shoulder at my Google Adsense account.
It looks like the EU is out of touch and you’re out of time.
Add Your Thoughts