Frequently asked questions about the plugin and the cookie law.
No. As a generic plugin there’s no way we can know anything about your specific circumstances. It can be used as part of an overall plan of action to comply, but just installing it and doing nothing more does nothing to help you.
If you are looking for specialist legal advice relating to your website you should always consult a lawyer.
More correctly, this is called the ‘EU e-Privacy Directive’. Popular media refers to it as the ‘EU Cookie Law’.
Under EU privacy regulations, websites must make it clear to visitors what information about them is being stored. This specifically includes cookies. Even if cookies do not store information identifying an individual, you must still provide your visitor with information on what is being stored, by whom, what for, and so on.
Certain cookies are exempt from this- those deemed to be “strictly necessary” (e.g. WordPress stores session cookies for authentication, without these it wouldn’t work) however cookies stored by analytics software like Google Analytics do not fall into this category.
In short, no, although there is a great deal of ambiguity and misinformation around this law.
What the law really gets at is privacy, not just cookies. The UK government, for example, use a version of what is called “implied consent” on their own websites, which is a similar technique to what this plugin does.
Online Marketing experts Econsultancy provide their perspective on this interpretation. This plugin follows the same approach.
No- there is no point in doing so.
The reason it doesn’t keep track is two fold:
What exactly will you do with the information once you store it? Let’s say a visitor ‘accepts’ – you could track their IP address, but you’re not going to ask their name, address, etc and you’re clearly never ever going to insist they tell you that information before they are allowed to use your website. So perhaps you could record that on a specific date+time, IP address x.x.x.x clicked accept. Do you also store the IP of those who don’t do anything? If they don’t do anything what does that mean? If a visitor tells you some time later that they didn’t accept, how do you prove that they did/didn’t? You can’t do that from their IP address unless you know what it was- there is no reliable/verifiable way of knowing (think e.g. mobile access, office access, home access, etc- all different IP addresses).
The UK implemented this law over 3 years ago and many raised these issues about the stupidity of the law. In practice implied consent is widely used including by large businesses, advisory consultancies, law firms, government agencies, and so on. A similar approach is used by many other EU member states. I’m not a lawyer so I can’t give you legal advice but this is the solution I believe to be the best and is a widely adopted approach.