Hissingsid - 3:06 pm on Apr 19, 2012 (gmt 0)

I'm just getting into the practicalities of all of this.

The solutions I've mentioned above and another from a Scottish firm called Civic have some form of Javascript growl panel inviting you to click a checkbox to confirm that you give consent. They then set a "consent" cookie by Javascript. On subsequent pages on the site if the user has not given consent another growl will pop up, down or out and give you another request. If they have given consent the script reads the consent cookie and does not growl, it also sets the page cookies, GA cookies or whatever.

There's a few problems in this. If the user has previously visited the site then the old cookies remain in their browser until manually deleted. The law says that they cannot be read without consent so how does anyone prove whether they have been read or not. You can prove that they have not been freshly updated but not that they have not been read.

Also even if the user gives consent setting the GA cookies on that (probably landing) page is a bit flaky. Which massively devalues GA data even if it is allowed.

Perhaps the easiest and best thing to do is just abandon GA and other analytics/tracking cookies and just leave in absolutely essential ones. Where that leaves ad services and the like I really don't know.