24 May 2012

How I made a global Joomla! website compliant with EU cookie legislation

I have seen a lot of solutions to make UK Joomla! websites compliant with the new EU cookies laws that come into effect on 26th May 2012 (2 days time as I write this). But I have not come across any solutions for global Joomla! websites, where not all visitors are from the EU, so the cookie opt in requirements do not apply to all visitors. Here’s how to target cookie opt-in at just EU visitors, without affecting visitors from else where.

  1. Do a cookie audit of your site to figure out what cookies are set and which of them are not essential to the functioning of your website – Tabulate all your findings to describe all cookies that are set by name, lifetime and description in your privacy policy. (Joomla sets an initial session cookie, and another to keep track of authenticated sessions when users login – I judged these 2 as essential). Work from the ico.gov.uk privacy policy if you need a guide.
  2. Install the ‘MetaMod’ Joomla! module – This is a really powerful and versatile module for user experience customization, but I used it specifically for its ability to display modules to visitors based on their location (determined by IP address) in this instance.
  3. Create a ‘Cookie opt-in’ form module that sets a ‘CookiesAccepted’ cookie (for 2 years) and reloads the current page when users 'opt in'.
  4. Identify modules that are setting non-essential cookies and replace them with MetaMod modules that only load content when ‘The user is not from the EU OR the CookiesAccepted cookie has been set'. Otherwise you should insert a message to explain that ‘This content can not be loaded, unless you accept cookies from this site…’. Common examples include: Analytics, Twitter, YouTube and DISQUS*.

e.g.  where $optinCountries is an array including all 27 EU countries..
$optinCountries = array('AT','BE','BG','CY','CZ','DK','EE','FI','FR','DE','GR','HU','IE','IT','LV','LT','LU','MT','NL','PL','PT','RO','SK','SI','ES','SE','GB');

if (!(in_array($fromCountryId, $optinCountries)) || isset($_COOKIE['CookiesAccepted'])) {
//full cookie loading code goes here
} else {//you need to accept cookies message}


5. Using another MetaMod module, set the Cookie opt-in form module to load for EU users (27 country codes) who have not opted in to accept cookies from your site (the ‘CookiesAccepted’ cookie is not set yet).

Now when an EU visitor hits your site:  The cookie opt-in will display as long as they do not accept cookies from your site. If they accept cookies then the correct functionality will display in the MetaMod modules and the opt-in form will disappear. Your Joomla! site will be compliant with EU cookie legislation without affecting non-EU visitors!

*DISQUS is a Joomla! plugin, not a module but it can be toggled (hacked) to be compliant using the same logic as shown the example above.