| |

How to Add a “Cookies” Policy to your WordPress Site

I may not understand all the jargon floating around with the new laws, but I do know how to get your WordPress site to comply with them! And you’ll breathe a sigh of relief when you see how easy it is going to be! There are a few steps involved and perhaps some thinking. But there is NO CODING required!
If you received an email like this one from Google Analytics, “[Important Reminder] Review your data retention settings before they take effect on May 25, 2018″, we cover that at the end of this tutorial.

Whats a “cookie”?

A combination of flour, sugar, eggs… I couldn’t resist!
In this setting, it’s a little piece of code that a website assigns to you when you visit. It’s like a loyalty card. If you visit a website, this cookie is given to your browser and next time you visit the website will see your “loyalty card ID” and be able to provide a positive experience: knowing your language, location, previous interests and searches, etc.

Privacy Issues with Cookies

Cookies – the loyalty card – can only be read by the website that gave it to you. Just like loyalty cards, they only work at one website. And the website only knows the information that you give it. Cookies are not able to get to your computer or access any of your data. They do however, remember ads you click on, or any information you volunteer in a form – on that one website.

The Cookie Law and Bloggers

Basically if any citizen of the European Union visits your website, you’re supposed to comply with the Cookie Law. The law says, in brief:
  1. that users must know of any information collected,
  2. the purpose of that collection and
  3. give permission.
Permission is defined as “any freely given specific and informed indication of his wishes”. (source) In my book that means they have to say, “Yep, go ahead”.

How WordPress Bloggers can Comply with the Cookie Law

Surprisingly it is easy to comply! There are several plugins that do ALL of the following:

  • discover all the cookies that your site is using,
  • embed that information on a page on your site,
  • add a permission banner on the front of your site,
  • and link to the cookies information page.

First – if you want to update your privacy policy – see this tool here.


Cookie Consent is not my favorite plugin because it only offers “implied consent”. Meaning the user doesn’t have to agree to anything. They exit/leave the box and that is considered / implied consent. I think it’s safer to use a plugin that offers users the option to opt-out of cookies… however I strongly recommend you check with your ad companies as I’m fairly certain that will impact them and probably your income.


This one is my favorite. You can select options for placement, style and function of your consent box. You can insist on a ‘click’ to accept. This doesn’t create the list of cookies for you, but you can easily paste [[cookies]] shortcode into a privacy policy page for a list.

Refusing Consent and Removing Cookies are two different things!

Keep in mind, that a button on your site to refuse cookies, is not the same as removing cookies. If you are going to offer the option to turn off cookies, then you’ll have to figure out how to do that.

For simplicity, I would think if someone doesn’t want cookies, they can’t use your site. Or we can help – but you’ll definitely need a developer for that option.

Google Analytics Data Retention Warning

The email from Google Analytics indicates you have to select the “data retention date”.
What this means: storing data forever is discouraged. Google has been in hot water with government agencies wanting the data produced. So they are adding a max-time-allowed to all the data in Google Analytics.
So far, we’ve been able to compare last Decembers’ data to the last 7 Decembers’. It looks like we’ll have that option capped now. Google Analytics is setting up a “Data Retention” policy. We can only retain our data for so long.
Before May 25, select two options in Google Analytics like this:

You need to have Edit permission for the property to set these options.

  1. Sign in to Google Analytics..
  2. Click Admin, and navigate to the property you want to edit.
  3. In the PROPERTY column, click Tracking Info > Data Retention.
  4. User-data retention: select the retention period you want(see below).
  5. Reset on new activity: turn the switch on or off (see below).
Data Retention Period options:
  • 14 months
  • 26 months
  • 38 months
  • 50 months
  • Do not automatically expire
Then it suggests you contact your legal team! This is where my advice ends my friends. First – I have no legal team, as I’m sure you don’t either. Secondly, selecting one of these will impact the amount of data you have access to. And also increase the chances of legal hot water… if you are a big company and responsible for private data. If you’re a small blogger I would go for 38 – 50 months.
Reset on New Activity:
The option is yes or no. If you select, “yes” then each time a visitor goes to your site, their expiration date will reset. Basically your regular visitors’ data will never expire. I would think your ad companies want you to select “yes” for this one. But I’m really not sure.
I can tell you how to implement the choices, but not which ones to make!
That was a lot of information! Any Questions? Leave a comment!

Similar Posts


Leave a Reply

Your email address will not be published.