@Markwmo It was their code and the css/js linked to their script hosted on their cloudflare account. I just set Silktide to show up in EU. That's it, and they are allowing us to do that. From their site: "Only show the banner in countries where you need it" and "You’re free to copy, modify and even sell Cookie Consent".

I guess I am done for GDPR.

- The theme updated with GDPR support, and plugins too.
- AWS updated a while ago.
- I have a good looking privacy policy page.
- Showing cookie consent to EU users.
- Turned off personalized ads.

This should be enough. It's time to chill, relax and watch the drama :)

So I don't see why anyone in the UK should need explicit consent under the cookie law when almost no one else does, even in the UK, and even including the ICO.

May be because the site of the ICO is not displaying Adsense ads? The ePrivacy directive concerns only cookies which are used to track users, and collect personal information. If a cookie is neither tracking, nor collecting personal information, it doesn't need to obtain a consent.

It is important to specify that under the law, prior user consent is not required to show advertising, as such. The obligation to obtain consent only applies when advertising includes tracing techniques and/or the gathering of personal information by the website or a third party.

Adsense avoids to answer the question of whether or not, the cookie they still set, when interest based ads are disabled, is tracking the users or not. If this is a non tracking cookie, then, there is not even a need to show a cookie banner consent. If it tracks, then a consent needs to be obtained, before displaying the ad.
We can guess that this cookie is not employing tracking technologies behind the scene, but Adsense is careful, not to talk about it.

An interesting reading : [cnil.fr...] . This is a two years old article, but it concerns the ePrivacy Directive, which is still the one governing cookies. It's from the French regulator, but the article is in English.

[edited by: QuaterPan at 10:52 am (utc) on May 24, 2018]

Here's the code from Silktide Ltd (https://cookieconsent.insites.com/). It will only show up in EU.

<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css" />
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
 "palette": {
  "popup": {
   "background": "#000"
 },
  "button": {
   "background": "#f1d600"
 }
 },
 "theme": "edgeless",
 "location": "true",
 "content": {
 "message": "Example use cookies to ensure you get the best experience",
 "href": "https://www.example.com/privacy-policy/"
 }
})});
</script>

Disclaimer: Silktide Ltd says on their website [cookieconsent.insites.com...] that their solution is open source. From their site: "You’re free to copy, modify and even sell Cookie Consent" and "Only show the banner in countries where you need it".

@MayankParmar So when comparing your modified code with the code I'm seeing on Silktide's site, unless I'm wrong, the only part you added was the "location": "true", line. Is that right? And that forces it to show only to EU users?

The approach most here are planning to use - use a cookie policy banner in the EU (as at present), show no personalised adsense ads, remove ip addresses from google analytics, is presumably adequate but does little to defend income against the loss of personalised ads.

The dailymail, a very large uk site, seems to be taking a different approach which will allow their personalised ads to continue: they have a cookie policy banner that covers about 1/3 of the screen and simply says By using the site you agree to our privacy settings - We'll give you the best experience - We'll show you relevant advertising. See privacy policy. Got It.

As always, a large % of users will presumably just click to accept so they can read the screen properly. Depending on how large the loss of income is from personalised advertising, might it not be better to take this approach, lose the small % from visitors who do not accept, but keep the extra income from personalised advertising?

I am not sure that, what The Dailymail is doing, is an "explicit" consent, which is required for personalized ads. They are playing cat and mouse.

Depending on how large the loss of income is from personalised advertising, might it not be better to take this approach, lose the small % from visitors

It depends of the motivation of your visitors to read your site, or not. Big sites can afford annoying visitors with giant banners, because people will still want to read the site.

I think I'm just going to bite the bullet and get Cookiebot. It's not the most affordable solution, but it does the job and then I can get on with my life.

Cralamarre, why not use consent banner and Adsense block on personalized ads in EU for now (no cost involved) and see what happens next. As well as the example I mentioned above, theguardian seems to be following the same idea, rather than giving an easy opt out choice.

In the UK the Guardian (big publisher) appears to have rolled out its solution. As far as I can tell it amounts to a banner which says:

"We use cookies to improve your experience on our site and to show you relevant advertising.

To find out more, read our updated privacy policy and cookie policy."

It seems the major publishers are doing very little. If that's the case the size of the cookie pool isn't going to change significantly. The losers will be those who switch off personalised ads.

Rasputin, Well, as you mentioned, turning off personalized ads in AdSense completely removes any possibility of income from personalized ads. But I don't know. Honestly, I don't know what the solution is. But tick tock tick tock....

The losers will be those who switch off personalised ads.

Possibly. Or the losers may be the ones who did very little, kept personalized ads turned on, and has their AdSense accounts terminated.

This just from the ICO:

The UK's privacy watchdog has stressed that it accepts that some firms will have more work to do.

"It's an evolutionary process for organisations," blogged Information Commissioner Elizabeth Denham.

"Organisations must continue to identify and address emerging privacy and security risks in the weeks, months and years beyond 2018."

[bbc.co.uk...]

I'm just going with this one for now till I see what happens after the 25th - [github.com ] Light weight on code, customizable etc. (Not affiliated)

Both those sites will get reported tomorrow by at least some people on opposite sides of the political spectrum.

I imagine big sites like that have looked at the numbers and have decided to push ahead with personalised ads.

And it's absolutely the right call for them IMHO because if the UK ICO pushes back, it won't be with a fine, it will only be with a warning and they will then have the option to alter their policy - so why wouldn't you do that? If the difference between no-personalised and allowing-personalised is big $$$$, they'd be crazy not to at least test the ICO's resolution.

[edited by: ChanandlerBong at 3:00 pm (utc) on May 24, 2018]

@Cralamarre No need of Cookiebot. Just put [cookieconsent.insites.com...] cookie banner, and yes the only thing we need to add is -> location": "true", line. And disable personalized ads.

It sounds like the GDPR watchdogs will be taking a more tolerant approach for the time being. I'm much more concerned with whether AdSense will be taking a tolerant approach. If I had to guess (which I do), AdSense will only start going after publishers if they start receiving complaints. Online privacy may be the big news item right now, but few people have ever complained about it.

@MayankParmar But how does adding that one little line of code make it appear only to EU visitors? Are you sure that's right?

Both those sites will get reported tomorrow by at least some people on opposite sides of the political spectrum.

It's a lot more than some sites appear to be doing. Take a look at Reuters:

[uk.reuters.com...]

When I view it nothing is shown.

But how does adding that one little line of code make it appear only to EU visitors? Are you sure that's right?

This is a parameter which is read by the javascript function to know if it has to test the localization of the visitor or not.

By the way, the nicest looking cookie banner and tool, is the one proposed by OneTrust, which seems to be free, ... but there might be a trick, because their paid offers, are very expensive ...

I'm giving the Silktide banner a try, with MayankParmar's modification.

Turn off any adblock and visit this site below on a mobile phone:
[createandcraft.com...]

One big banner on top and advert banner on bottom.

Well, Sikltide and MayankParmar's modification work. :)

One big banner on top and advert banner on bottom.

But this will be illegal in few months (next year), since the ePrivacy Regulation forbids preventing a user to access your site, if he refuses cookies...

the ePrivacy Regulation forbids preventing a user to access your site, if he refuses cookies...

What's next, a law preventing Walmart from refusing to let me walk out of the store with my item without paying for it?
There's no way anyone should have a legal right to the content on my website.

I guess I'm done with everything at this point. Personalized ads for EU users are turned off (for now) in AdSense. Cookie consent banner is in place. Privacy policy is updated. WordPress is updated to the latest version with the GDPR features. Can't think of anything else. Now it's just wait and see.

I am going to block As personalised ads and watch the figures. If I think income takes a knock I will consider asking visitors to accept personalised ads. I dont see any harm in trying this first.

Personally, I hate those ads that follow you around.

Just to play devil's advocate, by using that Silktide banner sites are sharing PII with a third party. Namely the IP address of the visitor with freegeoip.net. It should probably be noted in the privacy policy. Another way to go is to implement your own banner using freegeoip.net with pseudo-anonymous IP addresses. It will work with that and you won't be sending PII to a third party.

[edited by: fretfull at 4:31 pm (utc) on May 24, 2018]

One day, we'll live in a world where it will be illegal for anyone to remember you without your consent.

"Nice to meet you, Bob. Is it okay if I remember you after you leave?"
"Sorry Jim. Decline."
All memory of Bob is instantly removed from Jim's brain.

This reminds me of the Y2K Disaster - that never happened.

Except that Y2K was a BS technical problem that many technical people said wouldn't happen. It was just a self made problem made by people that didn't know better. This is a law and in fact does exist.

But I do agree. What will 5/25 be? Just another day. The EU and Google have shown no vigor in prosecuting people for not putting up the cookie banner for the last 2 years. Many big sites didn't start doing it until recently for this deadline. Was that because there was no enforcement penalty until now?