This is the site for many to check on the 25th and notice they have no cookie pop-up, never have had:

[europa.eu...]

there's some fantastic fudge on that BBC cookies page, might lift some of that for myself :))

my big concern is still logfiles. My host basically ignored my Q about it on their forum even though two other site owners piled in with their own "me too!" comments. I think they're just hoping it goes away.

My expectation on that (alongside many other GDPR issues) is that if the EU, and in particular the UK ICO that would affect me, goes ahead with enforcing it all, that won't be for some time (year or two at least) and if that happens, all hosts worth their salt in the US will do the necessary and join up to the Safe Harbor scheme.

The BBC example looks more like for the existing cookie law - I note that they all default to being on, including for personalised ads: "If you’re a user outside the UK and want to opt-out of advertising cookies, you have to turn-off performance cookies". Will they continue with opt out only for personalised advertising to EU (non UK) visitors after May 25, is the question.

@ChanandlerBong I am in a similar situation. I have just asked my host (Amazon AWS by Cloudways) to allow me to delete the log files and IP address, waiting for their response.

My theme itself is not compatible yet..

It's sad that these big companies never bothered about GDPR despite the fact EU announced it a while ago. Last minute work :)

Has anyone created something like opt out of cookies? like [bbc.co.uk...] ?

It's so goofy that publishers would be expected to provide a site-based "cookie opt out" functionality when that very functionality already exists in every single web browser worth its salt.

Perhaps a link to a tutorial on how to use their own software would suffice? It would in any sane world. But then, that's the GDPR in a nutshell.

3 Steps to GDPR Compliance for Adsense Publishers [webmasterworld.com]

I also asked my host about log files and he said he is U.S. based and so not worried.

I also asked my host about log files and he said he is U.S. based and so not worried.

He obviously doesn't (or won't) understand about data storage requirements: [webmasterworld.com...]

I brought it up previously, I don't think there is anything I can do about the server log files either. When you are on a shared host, there's very little you can do. It's up to the hosting service.

When you are on a shared host, there's very little you can do. It's up to the hosting service.

Of course. This is why it is so important to pressure your host to become compliant.

Many hosts will have the *wait and see* attitude, but it is you, the site owner & Adsense publisher, that may be impacted.

If outside the EU & your host is a Privacy Shield [privacyshield.gov] company your logs are protected and their storage complies with the GDPR.

Check here [privacyshield.gov] to see if your host is registered. If not, pressure them to do so.

So we are down to the wire. I was hoping that Google would be more proactive in helping us out. It's clear that they are not going to do so. I do not have any PII of any of my users. I want them to remain as anonymous as possible. I set no cookies explicitly but I do use Google Adsense and Analytics which does. As I understand it, those cookies are PII. That PII is meaningless to me so unless I setup a system to gather and record PII, I cannot store user consent. So it seems I am forced to gather PII to ensure that I users can opt out of providing PII. That makes no sense to me. Google could have simplified this for everyone if they had stepped up and managed all this. They could have provided a small piece of code, like they do already for Adsense and Analytics, to query and store consent.

I'm not going to setup up a system to gather PII just to get consent for Google to store PII. So my options right now seem to be to stop using Google altogether and thus have no cookies at all and thus there is no need for consent or geolocate visitors to my site and if they are based in the EU, turn off Google selectively. The former option obviously should be airtight. The latter, not 100% but maybe good enough.

I was hoping that Google would be more proactive in helping us out. It's clear that they are not going to do so.

Adsense Account > Allow & block ads > Content > All my sites > EU User consent

Thanks, I didn't know about that. Let me look at it. Will that block ads to Europe? Is there something similar for Analytics?

Read it. It just changes EU ads to non-personalized.

Analytics is taken care of on Google's end (they obscure the data) per the email everyone should have received.

In that case, I've already done that. I switched to non-personalized ads when it came out. Also, I've already been running with the pseudo-anonymized option on Analytics. It's my understanding that those things are not enough. Google still sets unique cookies with Adsense and Analytics. Since that's the case, it's still up to each website to get and manage consent. I believe Google even says as much. Thus all my original concerns remain.

Don't believe the non-official opinions. There is a lot of misinformation about this.

Google has taken care of it. Do the non-personal ads for EU users (no tracking) and Analytics (obscured data) and that's all you need to do if you are not collecting data yourself. If you are explicit in your Privacy Policy and the visitor agrees to it... you're done.

Until the new EU Privacy changes next year :)

Well the servers, firewall are still collecting the data and we can't delete it, even on most popular hosts.

You only need to worry about your own data storage.

People with WordPress and Analytics. Just get: [wordpress.org...] and enable IP anonymize feature.

What I will do is the following:

I'm using wordpress websites with a plugin to insert Adsense ads in various places. This plugin has the option to blacklist Adsense ads to various Geo locations (i.e it will not display ads to EU visitors). So I will just blacklist the EU countries from showing them Adsense. Will this be ok with GDPR ? Any ideas?

I would like to use the cookie consent banner from Silktide, but I want it to display to only EU countries. From testing the code, the default setup appears that it shows it to everybody. I find their documentation a bit confusing. Is it possible to use one of the free GeoIP services? Does anybody have a code example of how to do that?

I would also like to show banner to EU countries. None of my rivals and I site I visit often are showing any consent outside the EU.

Not able to find any good solution for cookie consent yet :(

I'd like to use the cookie consent banner from Silktide as well, but I have no clue how to set up geo-targeting with it. All I know is that my current Wordpress cache plugin doesn't offer much support for geo-targeting, but apparently Comet Cache lets you easily set up geo-targeting for EU visitors, so I think I'll try it.

Cookiebot only shows to EU folks, but it has a fee depending on site size.

Does Cookiebot offer a simple cookie consent banner for those of us not using personalized ads?

@Cralamarre Yes, and they have a plugin too.

The banner is pretty simple - you can configure it as you want. They also give you code for a cookie declaration to put on your privacy page and they keep a log of who consents. Seems like it might be overkill, but I'm using it for now just because I don't want the banner showing to all of my visitors.

@MayankParmar, are you using Cookiebot as well? I thought you were looking at other plugins.

Keyplr, thanks. Also I've been looking at various consent banners. I thought starting on the 25th, it had to be a clear yes or no before the user could move on. I find that many big websites don't do that. Like uk.yahoo.com. They just have a small banner and it doesn't say yes or no but just ok basically. A user doesn't even have to do that, they can just ignore it.

Ember, doesn't that open up a can of worms if you let a third party store the consents. You don't control it and it's sharing possibly PII with a third party. It's that sharing which is much of the concern address by these regulations.