What are Cookies?
Cookies are files that a website stores on a user’s browser for many different reasons. Almost all websites use them. Broadly, they are a positive way for a business to personalise their content for their visitors. However, there are also a lot of fears about how cookies are sometimes used to profile users and target them for purposes such as advertising. In many ways, both the positive and negative connotations of cookies are two perceived sides of the same coin.
In any case, most countries have laws which stipulate that website owners must outline the purpose of all cookies on their sites and give users the choice to accept or reject their use.
How can I make sure I’m complying with Cookie Law?
If you run a website, you’ll need to make sure you do the following:
- Let your users know what cookies are used on your site and why.
- Obtain their consent for cookies to be stored on their browsers.
You may also find it useful to provide a means by which users can update their cookie preferences in future if they change their stance at a later date.
How can OneTrust help?
For many site owners who are perfectly happy and willing to comply with Cookie Law, the actual processes involved can seem fiddly and unclear. Common questions we hear include:
- I’ve seen cookie banners on other sites. How do I do that?
- I’ve no idea what cookies are used on my site. But I’m not doing anything evil – help!
We recommend OneTrust as a service that can take care of auditing your cookies and provide you with a customisable cookie banner for use on your site. Best of all, there is a free version of the tool for users who own a single domain.
In this article, we’ll outline the 5 steps to implementing your free cookie banner via OneTrust
- Register with OneTrust (it can take up to 2 days to activate your account)
- Log In and ask OneTrust to audit your site for cookie information (again, this can take some time)
- Set up and customise your cookie banner
- Use Google Tag Manager to configure when and where your banner should appear
- If you use external services, use custom triggers to provide gateways to these services that open or close dependent on each user’s cookie preference.
Register with OneTrust
You can sign up to OneTrust’s free Privacy Management Tool by filling in a simple form here.
You will receive an email once the registration has been successful. Be aware that this can take a couple of days. You may be able to speed this up by filling in some additional information about your company.
Log In and ask OneTrust to audit your site for cookie information
Once you have confirmed your account, you will be able to log in here.
Visit the ‘Websites’ tab in the sidebar and click the blue ‘Add Website’ button to begin.
Once added, you’ll see an option to ‘Scan’ your site for cookies. This is one of the big benefits of using a tool such as this. Rather than fretting about investigating the various cookies at play on your site, OneTrust will do it for you. This may take several hours and you’ll receive an email once it is done.
Set up and customise your cookie banner
Use the Setup steps in the left-hand sidebar to configure your cookie banner.
First visit the ‘Templates’ section. You’ll see two pre-made templates here. GDPR and Generic. We recommend using the GDPR template as the basis for your banner as it has the strictest privacy rules and is most suitable to cover the cookie law of all regions. Click on this template to amend its settings; you can ignore the ‘Generic’ template.
Here you can customise the layout and style of your banner. The options are impressive for a free solution and you can even specify brand colours for text and buttons.
The most important setting to amend from a functional point of view is found within the ‘Behaviour’ tab. Here you should toggle the ‘Require banner interaction’ option to On. Without this, your visitors won’t be obliged to interact with the banner in order to discard it.
Inside ‘Geolocation Rules’, you’ll find a pre-made Rule Group for ‘Default Audiences’. If you click on this, you’ll see two sets of Geolocation Rules – one for the EU and the UK, the other is labelled as GLOBAL. You don’t really need to mess with either of these, merely make sure that both use the ‘GDPR’ Template that you set up in the last step.
Generating the Scripts
Now that you’ve configured your settings, you’ll want to generate the script that needs adding onto your site in order for your cookie banner to display. Visit the ‘Scripts’ settings and hit the blue ‘Publish Production’ button in the top right.
Next Visit the ‘Production Scripts’ tab. You’ll find the script you need at the top, underneath the ‘Production CDN’ heading. Keep this browser tab open and read on for our advice on how best to add the script to your site.
Use Google Tag Manager to configure when and where your banner should appear
Now that your cookie banner is ready, we recommend using Google Tag Manager to deploy it. GTM’s tag and trigger functionality allows you to easily define when and where a cookie banner will show. It is likely that your integrations will already have been added via GTM, so it makes sense to attach your new cookie rules to those same integrations.
- Create a new container in your GTM workspace
- Visit the ‘Admin’ panel and Import a Container
- Use our readymade JSON template file to import some template tags.
- Open the ‘cHTML Cookie Consent’ Tag and replace the data-domain-script with your own (you can get hold of this in the ‘Production Scripts’ section of your OneTrust account). Save the change.
As far as basic setup goes, that’s it! Your cookie banner will now display on all pages of your site until your users define their cookie preferences.
Use custom triggers to provide gateways to external services
The second template tag provided in our template JSON file demonstrates how you can control what loads on your site depending on the choices made by your users. There are four types of cookie that OneTrust prompts user to make decisions about in their cookie banners.
- Social Media
The example provided in our template is for Google Analytics. Click the ‘GA’ tag to explore the settings. You will see that we have selected ‘Google Analytics: Universal Analytics’ as our tag type. Once this section is configured, you’ll see the ‘Triggering’ settings at the bottom.
We want our ‘Firing Trigger’ to be ‘OneTrustLoaded’ which is an event already set up for you. This means that the service configured in the top section will only load once OneTrust preferences have been made via the user. But what if the user chose not to accept cookies relating to Google Analytics? Well, that’s where the exception comes in. There are 4 events that you’ll find really useful to use here. Again, these are all set up for you as part of the template. These are:
- Functional cookies not allowed
- Performance cookies not allowed
- Social Media cookies not allowed
- Targeting cookies not allowed
You will need to make the decision as to which category you deem your different services to fall under. In our example, we’ve decided that Google Analytics is a ‘Performance’ service. So we’ve defined the exception event to be ‘Performance cookies not allowed.’
In summary, this GA tag we’ve created will enable our website to store cookies from the Google Analytics service on our user’s computer unless they have decided not to allow Performance cookies to be used in this way. In that situation, Google Analytics will not operate during this user’s session.