Implementing GDPR

The General Data Protection Regulation (GDPR) is the EU law that forces pretty much all sites to display that annoying “please accept our cookies” message which you see everywhere. For those of us in the UK, Brexit is likely to slightly modify the law, but only slightly. So we have to deal with it.

I think the whole thing could have been avoided by putting the work on browser makers. Make them provide clearer and easier to use cookie controls. There’s only a few major browsers; let them do the work instead of hundreds of thousands of website owners. That would have saved a lot of work and made for a more consistent experience for consumers. But sadly, that’s not how it ended up.

I’m mostly not interested in keeping track of users of my sites, analyzing their browsing patterns, personalizing advertisements, etc. So mostly, I don’t need to use any cookies. However, to cut down on the dreaded spam, the contact form on this site uses ReCAPTCHA. You know, the “I am totally not a robot” thing you see on a lot of sites. And that uses cookies. (I’m not sure why… I can see how it could be implemented without them, but that’s just how Google does stuff, I guess.)

Because my new site is based on WordPress, I looked at a few of the GDPR plugins for WordPress, but I couldn’t find one I liked, nor that did things the way I wanted.

  • I wanted the pop-up to blend in nicely with the look and feel of the site.
  • I wanted to make sure zero cookies were being set before visitors opted in, and that includes third-party ones.
  • I don’t like big, heavy plugins.

To get a GDPR plugin I liked, and as a learning experience, I decided to write my own.

Cookie Kwan is a simple WordPress plugin to implement GDPR.

It works under the assumption that you are not tracking your users, including third-party analytics like Google Analytics. If you’re doing that, move along, nothing to see here — you’ll need a plugin that asks explicit consent for different categories of cookies.

It displays an overlay if you haven’t yet consented to cookies. This overlay uses Bootstrap 4 buttons, Bootstrap 4 card/card-header/card-body/card-footer classes, and FontAwesome icons. So if you’re not using Bootstrap and FontAwesome, this plugin may not be for you. The overlay displays a brief message about cookies and allows you to press a button to consent to their use on the site. Clicking the accept button sets a gdpr_consent cookie and reloads the page.

It also gives you a shortcode to do:

[if_cookies] ... [/if_cookies]

Which makes it very easy to show certain content only if cookies have been accepted. Like the aforementioned contact form.

It’s on GitHub. Use it if your site fits its niche requirements. It will probably never be on the WordPress Plugin Directory because that’s a pain to work with.