Data insights
28. maj 2023
Proper Cookie Consent in WordPress 101
This blog post is based on the fact that I experienced a number of companies that seemed not to understand why we could not “just quickly” set up a GDPR compliant solution in 30 minutes when they had just found a plugin themselves that fixed everything.
At Morningtrain, we use Cookiebot’s software solution to provide compliant blocking and declaration of cookies. That is why I am focusing specifically on setting up Cookiebot in this blog post.
Setting up Cookiebot does not take 5 minutes
It is true that you can insert Cookiebot’s script directly into your file. You can also find several plugins that do it for you, including one from Cookiebot itself.
However, it is important to understand what this setup actually does.
If you simply insert a script or use a plugin for the installation, you will get a nice “consent banner” like the one shown here:
You will also get a nice cookie declaration showing which cookies are being set on your website.
Yes, then everything is wonderful and the Data Protection Agency can just come on… But NO!
The problem is not what you get with this setup, but what does not come with it.
Your cookies are not blocked until active consent
The purpose of the Cookiebot setup is to ensure that cookies are not loaded without the user’s consent, so the cookie law can be complied with.
It is a legal requirement that no third-party cookies are loaded without the user’s consent, and that only strictly necessary cookies are loaded. You can read more here https://www.retsinformation.dk/eli/lta/2011/1148, from which the following two excerpts are also taken:
§ 3. Natural or legal persons must not store information or gain access to information that is already stored in an end user’s terminal equipment, or allow third parties to store information or gain access to information, if the end user does not give consent thereto after having received comprehensive information about the storage of or access to the information …
§ 4. Notwithstanding § 3, natural or legal persons may store information or gain access to information that is already stored in an end user’s terminal equipment if
1) the storage of or access to the information is carried out solely for the purpose of transmitting communication via an electronic communications network, or
2) the storage of or access to the information is required in order to enable the provider of an information society service, which the end user has expressly requested, to provide that service.
What does a PROPER Cookiebot setup include?
We often see that items 3–8 have not been completed when the customer themselves or others have carried out the setup, resulting in a false sense of security, as cookies are not actually blocked based on the visitor’s choices.
So how long does it take to set up proper cookie consent?
The time required for a Cookiebot setup varies, as it depends on the individual website. We have seen setups that take 2–3 hours, and we have also seen setups that have taken 10+ hours. The more complex the website, the longer the setup typically takes. A setup usually takes 3–5 hours.
Therefore, we have an indicative price for Cookiebot of DKK 4,995 (excl. VAT).
So you may be thinking, “my setup only took 10 minutes,” but then it is certainly not done correctly, and your cookies will be loaded whether they are accepted or not. This is exactly what the Data Protection Agency does not want to see. They do not really care how nice your cookie banner looks, as long as the technology works.
