When showcasing the development and usage of WordPress plugins, usually we stick to the programming details. It is important to note though that there are certain examples where the focus point is not on the technicality. Here, the very birth of the example comes from a theoretical or even an everyday problem in which the developer, while not being able to articulate a perfect solution, has a possible reply on the question ‘how else could this be done?’.
What is the main problem with cookie notices?
Usually we can separate three different reasons behind software development. First of all there is the direct client requirement when we are asked to write a plugin to solve a specific problem. Secondly there is the work type where we try to find a solution for an existing problem. Finally, and this is the one that we discuss in the current case study writing, there are scenarios where even the programmer is just a user and is bothered by something. While most of the users just accept these annoyances, fortunately (or on the contrary) we instead tend to think about a solution that could better the problem.
Cookie notices can be annoying. Before detailing this, I would like to emphasize that I totally support the requirement of a website having data protection and privacy statements. The guidelines issued by the European Union are really strict and this is how they should be. The problem starts when we try to notify the users about these.
How does this look in an example?
- The page would like to collect and track data on the websites visited by the user (JS script is needed for this)
- When opening the website, usually a popup is displayed that asks the user whether they agree on this data collection and analysis.
- In case the user confirms this, the website loads the JS script that collects the data, otherwise this script won’t load.
This method, from the user perspective, is horrible. What is more, there are certain pages where a checkbox multitude comes up and we have to click here and there to access the page. The footer bar solution for this problem can be more or less accepted on desktops, but on mobile phone displays this can be annoying too. At the same time, does it make any sense to display these? Do we really know what the application does, how does it track our data? Does an average user understand the implication of these settings? For most of the cases, I’m afraid the answer is obvious. Pages using basic tracking only, where the personal data collection (email addresses, phone number etc.) is not on the table could just have an icon of cookies where the visitor, if they want, could just select these settings separately. A generic standard or a baseline would be needed, either on a country or EU level where these could be implemented for all the webpages.
One of my favorite examples on this topic is connected to a governmental national security institution in Hungary. They had an in-house developed prefixed cookie popup where the visitor could select the preferences with checkboxes. While this looked like a professional solution, they forgot to connect the settings with the JS script. This resulted in the page collecting data regardless of the user selection. My explanation for this mistake, and I am really just guessing, is that the IT technicians were illiterate in the world of law thus they failed to connect multiple systems. This is the reason why I am strongly under the impression that the lawyers and the IT technicians had to coordinate their work. Unfortunately, as it can be seen, this was not a successful project.
Can there be a perfect solution?
The answer to the above question is, of course, pretty adequate. While this is a rather rhetorical question, we need to lay down some facts. The beauty and one of its best features is that WordPress is easily manageable. Elegant in the way that it is understandable even for an average user. Due to this even a company head, who is literate in IT on a beginner level only, can create a basic company presentation website. Do they need to understand law as well? How can they know what to add to a cookie notice? Of course they can ask for external assistance. They can get in touch with a law firm that provides consultancy for similar cases. However, even if they do this, the question is whether it is worth the time and money at all. Will their users ever read that statement? As far as we see, this is a topic that needs a lot of theoretical and technical development in the future.
Introducing a generic standard could be a solution. The data privacy and protection settings could be edited in the browser itself. Even Google Chrome has a ‘do not track’ setting that serves this purpose. The only requirement would be following and integrating these or similar solutions when creating websites.
While we cannot provide an ultimate solution, our Lana Codes team developed a regular cookie notice plugin. It is only being used by us internally. However upon request we can install and set up this on a case by case basis to our customers, when we develop websites for them. At the moment we do not plan to make this plugin public.