In our previous guidance notes on solutions to comply with the "cookie law" we have covered:
In this article Tim Gurney of Wolf Software takes us through his cookie privacy software solution which uses a modal dialog similar to the one below. Thanks for your detailed response Tim!
We think it's great this has been made available as a fee free solution if the Wolf Software brand mark is shown - a good option for SMEs? For larger companies the system can use the companies own brand ident for a fee. This is an example of a un-tailored implementation:
Question 1. Please describe your solution to cookie opt-in compliance?
Our current solution evolved from our original standalone solution for Google Analytics. This provided a simple drop in compliance solution specifically for Google Analytics. We communicated at great lengths with the ICO in order to be sure this solution was fully compliant before release.
We were then contacted by a number of people, including the webmaster for allaboutcookies.org to see if we could provide a generic or universal solution for cookie opt-in compliance.
The client-side component of the solution works with the server-side component of the solution in order to make the user experience unobtrusive and friendly.
The server side component does the bulk of the work in terms of storing and telling the developer what the end user has and has not consented to. This includes options for the user to only consent for their current browser session, or permanently (so that they don't get questioned upon each visit).
The client side component displays a modal window displaying their current consent options, with the ability to change whenever they like should they change their mind. This ability to change the settings can also be incorporated by the developer into a page on their website for their users.
The beauty of this split architecture means that in order to provide support for a wider range of development languages, we only have to port the server-side component which we have already written in PHP (and is available for free. We are currently testing an ASP.NET version of the code in preparation for release.
For more information we have included the workflow diagram that we created as part of our standard design/build process in order to allow people to better understand the solution:
Question 2. How does it differ from other solutions, what are its benefits?
There are a very limited number of solutions currently available; which offer varying degrees of legal compliance. However a lot of these are based on the creators’ interpretation of the cookie law. We have consulted with the ICO (the regulatory body) to ensure that our solution is unbiased.
We have discovered that while other options are available, they are not quite as user friendly as they could be.
We have yet to see any all-encompassing packages available for developers to download and 'plug-in' to their existing code easily; which we are hoping our solution does :).
The immediate benefits to be seen are;
- Compliance with the law
- Easy Integration into new and existing websites
- Cross platform (currently PHP and ASP.NET)
- Friendly UX
- Could be used for turning on/off features of a website which are not related to or bound by cookie law
The first four of which, we feel are very important, we don't want to look after just end users and company lawyers, we're developers ourselves - so we're trying to look after other developers too.
The final benefit is simply the diversity to which this could be used; the same model can be used for user settings and preferences even where cookies are not present.
Question 3. I think your solution allows site owners to obtain consent through a pop-up or "toolbar" implementation? Which is proving most popular so far and how would you advise site owners to choose?
There is much debate over which is the most user friendly method to use when it comes to gaining consent. In this instance, we have gone for a "you only have to see it once" modal dialog approach which will be displayed on the end user's first visit to a website.
In our previous offering (for Google Analytics only), we adopted a 'toolbar' approach as it seemed to fit better.
As far as popularity is concerned, we think it is a little too early to tell. Solutions will evolve as feedback comes in; we are dedicated to keeping our implementation current and will take on all feedback positively.
Companies should evaluate their particular needs for compliance and implement accordingly, for example; if you are only asking for compliance for a single cookie feature, a tool bar works well.
Q4. How can the script be integrated with different types of content management platform - isn't it difficult to stop web services like Google Analytics and the CMS or commerce system placing a cookie when the first page is loaded on a visit - so it's not really providing opt-in?
Because the hard work of our solution is done on the server, it stops things like Google Analytics as these rely on the HTML containing scripts at the source. If the user hasn't consented, the developer programmatically omits the scripts required for that feature to work, the same goes for any other feature of a CMS, eCommerce System or web application.
Developers simply need to include our client and server side code into their existing website and have a simple one line check to do before any feature which requires consent is included.
This approach will allow developers to be confident in their site compliance and provide them with a simple and generic method for handling any type of cookie consent.
We have produced technical documentation which is included with the package (and is available on its own from the download site) and we are more than happy to help with support via our website.
If further consultancy is needed to assist with the integration of the solution into any site then this is also a service we are able to offer.
Q5. You've released the script recently. How do you see it or related services evolving?
We were caught between two sides of an argument when we were discussing creating our PECR solution. On one hand, you have people saying "Wait and see what the big boys do first, they can't prosecute everybody", and on the other - it's a law, you have to comply.
As a result of this, we decided we'd take action and relieve some of the stress of the people in the first group by giving them a viable solution well before the law comes in to full force.
We will keep both of these products up to date and support them the best we can with new features, amendments and bug fixes should any be found.