The new EU / UK "cookie law" Directive looks like it will become "law" by May 26, 2012.
The responsibility to fix seems to be firmly with website owners based in the EU.
The Joomla session cookie loads into a visitor's web browser immediately on visiting a Joomla website (currently the same for all Joomla versions I think).
However, if you list the cookies information sufficiently well on your privacy policy page, bearing in mind that the Joomla session cookie is pretty harmless, it's possible that the ICO (the body responsible for implementing this Directive in the UK) may consider it not to be a problem. I don't know.
There are rumours that they also may consider Google Analytics cookies to not be a problem. That would make things easier wouldn't it? However, if they let Google off, I guess, they're going to have to let Joomla, WordPress, Drupal, etc. off, and others, as well.
Of course, there may be an update from Joomla to prevent the session cookie being fired until someone registers or logs in - that would fix the issue the only remaining issue as far as I can see (the other issues can perhaps be tackled with the solution I've suggested below).
Likewise for shopping carts: if the shopping cart cookie can be fired at the point someone decides to add something to a shopping cart, then the user has explicitly chosen to buy something, and since you would have listed how this works in your privacy policy (you will won't you :-) , then at that point, that shopping cart cookie becomes exempt from the cookie law because the user has initiated the required action first.
So apart from the Joomla session cookie (which I'm not doing anything about for now), the solution I'm using is oultined below.
I've been checking into quite a few possible solutions and have now found, what for me (and all the websites I am responsible for), a great solution.
This is called "Cookie Control" and comes from:
http://www.civicuk.com/cookie-law
And it works for pretty much for all versions of Joomla to-date.
I like this because it's elegant, bright, and upbeat, and doesn't bring down or bring up a sliding window or panel over the web page, to ask permission to use cookies, which can have the subliminal effect of raising a barrier.
Just go through the instructions they provide on the website.
If it doesn't work first time, most likely, the Javascript in "Cookie Control" is clashing with one or more other types of Javascript installed on your website - you could have a slideshow, or mootools menu, and so on. So I suggest install one of the following plugins to fix that:
- for Joomla v1.5.xx, the plugin at:
http://extensions.joomla.org/extensions ... ripts/7230 worked for me. (In the plugin, I had to set the version of Javascript to at least v1.4.4, as your helpful guidelines stipulate - I've set it to the latest v1.7.2). Thank you to the provider.
- for Joomla v1.7.xx - v2.5.xx, probably the one at:
http://extensions.joomla.org/extensions ... ipts/18327 should work, in a similar manner. Likewise, thank you to the provider.
Also, there's a useful list at:
http://extensions.joomla.org/extensions ... ry-scripts
Important: in the plugin you use above, set the Jquery version to at least v1.4.4. I set it to the latest Jquery version, currently v1.7.2.
After doing that, I got it working almost perfectly. The one problem remained: how to let Google Analytics cookies through after a user has given permission.
The remedy was to slightly edit the last function in the block of code Cookie Control provides which you need to insert somewhere before the closing
tag.
So for the last bit of code, instead of:
Code: Select all
function ccAddAnalytics() {
$.getScript("http://www.google-analytics.com/ga.js", function() {
var GATracker = _gat._createTracker('UA-284815-1');
GATracker._trackPageview();
});
}
I used:
Code: Select all
function ccAddAnalytics() {
jQuery.getScript("http://www.google-analytics.com/ga.js", function() {
var GATracker = _gat._createTracker('UA-284815-1');
GATracker._trackPageview();
});
}
... remembering of course to put in your own Google Analytics code in the correct place.
Thereafter, Google Analytics cookies were allowed through after the user had given permission.
So essentially, at that point, everything worked properly.
I plan to install this on all Joomla websites (and in fact, any website).
Here's a Joomla v1.5.xx example website in which I've installed this solution:
http://www.touchstonerenard.com/
(I know it should be Joomla v2.5.xx; we're working on that: not enough hours in the day :-)
Anyway, also check out the updates pages at:
-
http://www.civicuk.com/cookie-law/updates/Magento or
-
http://www.civicuk.com/cookie-law/updates/Joomla
The nice folks at:
http://www.civicuk.com/cookie-law/index are going to be adding the updates above there, plus more to come.
Also, I understand that one or two nice folks from the Joomla community are working on a plugin which may do all of the above in one go.
Yes, the Joomla session cookie still fires immediately on visiting a Joomla website, but since I'm going to list this in my privacy policies, I'm hoping that is enough to satisfy the ICO.
If not, then we'll find an efficient and reliable way to prevent the Joomla session cookie firing until a user registers or logs in (if your site includes those options). And such a solution will be needed even if your Joomla website has registration and login functions turned off (currently, the Joomla session cookie still fires into the visitor's web browser).
Without doubt, the cookie law hasn't really been thought through well by the ICO. I guess, they mean well, but were counting on the technical community to provide a fix.
As I see it, the biggest challenge is how to implement this thing without making our websites look bad or deter many more people. And for me, "Cookie Control" is the best of the bunch (so far :-).
So for now, the solution above addresses the issue for me. I hope it can help anyone else too, so we can all put this thing to bed and get on with the business of building websites, doing business, and serving customers.
What do you think?