When GDPR stepped into force in May 2018, the Internet turned into a permanent display of cookie consent banners and pop-ups. While the primary goal of cookie alerts remains to get users’ consent for gathering their website behavior data, applications may vary.
In fact, there are still ‘implementations’ that don’t respect people’s decision to customize how and which cookies website owners can use, assuming that the consent is given anyway.
As Divi product developers, we always strive to find the best way to achieve an ideal and adjustable cookie consent experience. Getting users’ consent can be a challenge, but we aspire to analyze and improve every privacy and data security aspect to ensure that we have users’ trust.
With that in mind, in this article, we will explain what cookies do, how they can be used for your Divi website, and what are the best practices to achieve a better Divi cookie consent experience.
Disclaimer: The following advice comes strictly from our experience and educated work. From a legal perspective, to implement GDPR to a full extent, please consult with a legal solicitor first.
Table of Contents
- Understanding Cookies and Consent
- Allow Users to Adjust Cookie Settings
- Never Mislead the Users
- Cookie Consent Banner Examples
- INTRODUCING: GDPR Cache Scripts & Styles
- Wrapping Up
Understanding Cookies and Consent
The usage of cookies falls under the ePrivacy Directive, or the EU cookie law. However, GDPR’s emergence in 2018 was pivotal for the vast cookie consent banners implementation.
Article 4 of GDPR provides us with four critical conditions which make cookie consent banners valid:
- Freely given
- Specific
- Informed
- Unambiguous
When users allow you to store your website cookies into their browsers for data collecting purposes, the action itself is referred to as providing cookie consent. Only a legitimate cookie consent enables you to process personal data.
According to GDPR, you need to meet the following principles to achieve a valid cookie consent implementation:
- Personal data must be processed legally and transparently.
- You can only use personal data for specific and lawful purposes.
- Personal data must be collected only for specifically and publicly described purposes.
- The information you collect must be accurate.
- You must have timely measures to amend invalid data immediately.
- Users’ data should be stored for as long as necessary for specific purposes.
- Security measures must be implemented to prevent and resolve eventual data breaches.
Allow Users to Adjust Cookie Settings
As a website owner, you do not have to ask for consent from the users if you want to use the strictly necessary cookies by law. But still, it’s a common practice to inform people on why each cookie is used on your site.
In this day and age, users are pretty aware of sharing their data, so staying empathetic and allowing them to choose the cookie settings through an overview of various cookie groups on your Divi site could keep them browsing and feel safer.
There are strictly necessary cookies for your Divi website to perform its basic operations, such as signing in, adding items to the shopping cart and e-billing.
These are the essential first-session cookies that allow users to navigate your website without losing their session actions and history.
You can group the cookies notification according to advertising, analytics, or testing sections, allowing users to choose if they’re okay with personalized ads or do not want to see them.
It’s also recommended to explain which options won’t be available once users block a certain group of cookies, showing them the impact of cookies on the website overall.
Never Mislead the Users
According to a TechCrunch article, there are still websites that consistently try to disobey cookie consent regulations and that the consent’s implementation is barely minimal.
Furthermore, there are additional ways that a cookie wall can trick users to ‘agree.’ From confusing menus to pre-ticked boxes that don’t explain what someone is tracking in the first place. Recent studies have shown that only 11% of cookie consent processes meet the minimal EU requirements.
The cookie consent banner should not be a mirage to the users. Yes, a poorly designed consent notification could ask the users to ‘accept’ the cookie usage via a tick box or a button.
Suppose you’ve already set the strictly necessary cookies, and you know that you can’t delete them or allow users to refuse them. In that case, a notification to the users can be misleading, which could lead to regulatory action.
If all the button does is closing the notification, designate it accordingly. Keep in mind that users do care about cookies and the privacy of their data. But you shouldn’t assume that people will refuse cookies and fail to recognize them if they had the choice.
It all comes down to consent, and we have the plugin that can help!
Enter Divi Areas Pro, the ultimate Divi extension that enables you to create popups, fly-ins, hovers, mega menus, conditional inline content and much more, with a gorgeous and adaptable UI!
With the latest version of our Divi Areas Pro plugin, creating cookie notices is effortless! The latest update includes GDPR-compliant usage tracking for all Areas!
Try it now, and we guarantee that Areas Pro will bring your Divi experience to the next level!
Cookie Consent Banner Examples
Each cookie and its purpose, and the additional details such as expiry date and provider, must be explained in detail within the privacy policy. In addition, the consent banner must be noticeable and transparent for web visitors.
To help you get a better idea of how to display the cookie consent notification on your Divi website, let’s look at some of the best examples around the web of businesses that approach this the right way:
The Guardian offers a brief but detailed cookie consent notification in the website’s footer, informing users about their cookie policy. After reading the banner, users can either choose “Yes, I’m happy” or customize the cookie settings with the “Manage my cookies” option.
The Financial Times positions the cookie consent notification in the bottom-left corner of the website. Website visitors can either accept and continue navigating or manage the cookies that they’ll accept.
The retail giant H&M has a simple cookie consent corner banner that informs users what the cookies are used for, provides a link to the detailed cookie policy, and the option for custom cookie settings.
INTRODUCING: GDPR Cache Scripts & Styles
At Divimode, we are taking great pride in helping Divi website owners protecting their visitors’ privacy with our very own solution – GDPR Cache Scripts & Styles.
The plugin scans every URL that is enqueued via wp_enqueue_script() and wp_enqueue_style(), and when detecting an external URL, that file is saved to your uploads-folder and served from there.
It also scans the contents of CSS files for external dependencies and saves those files to your uploads-folder!
This plugin does not add any “output buffering”, but it scans the URLs which are enqueued via recommended WordPress functions.
As a result, GDPR Cache Scripts & Styles doesn’t impact your website’s response time and performance, no matter how massive your website is.
We’ve tested this plugin with the following themes and plugins:
- Block Editor (embedding Google Fonts via the Customizer’s “Additional CSS”)
- Divi (see “Configuration for Divi” in the plugin’s documentation)
- Elementor
- Jetpack (specially with Performance options like “site accelerator”)
- Fonts Plugin | Google Fonts Typography
Most other plugins and themes will work with this plugin as well.
You can download the plugin directly from the WordPress plugin directory. If you encounter any issues, please let us know, so we can improve our GDPR plugin!
BONUS: If you want to learn more about how we’ve created the plugin, read: Can I Create That Plugin in 24 Hours?
Wrapping Up
Presenting a cookie consent policy on your Divi website might seem straightforward on the outside. But, you need to be much more meticulous about it and give users the freedom of choice and transparency to how you use their data in the process. The most critical piece of the puzzle is to make sure that your website visitors know exactly what they agree to.
Do you have additional questions about Divi, GDPR, or WordPress? Drop us a comment! We’d love to respond and perhaps even write a new article about it!