Knowledge Base

Do I need a cookie banner for my WordPress website?

Every website, with or without WordPress, is composed of different components and content. These use technologies to work, collect data, and serve content. The possibilities are technically almost unlimited, although they are limited by legal aspects, that you must comply with. We’ll explain the legalities and when subsequently you need to use a cookie banner on your WordPress website.

We must point out that the following statements do not constitute legal advice. Therefore, we can only give you evaluations from our intensive experience with the EU legal regulations in practice and a technical assessment of the situation.

Legal requirements in the EU

Real Cookie Banner and many other so-called opt-in cookie banners and consent management platforms are optimized for the legal area of the European Union, as strict rules apply here. As a consent management solution, Real Cookie Banner offers you a way to comply with the following important legislation in the EU:

  • ePrivacy Directive (Directive 2009/136/EG) Art. 66: According to the ePrivacy Directive, you need the consent of your visitors to set non-essential cookies. In simple terms, non-essential cookies are all cookies without which your website would still function in some way. It doesn’t have to be pretty or comfortable (e.g. you could avoid contact forms with cookies and write out your email address as text instead). You must point out essential cookies (e.g. in the privacy policy), but you do not need consent for this.
  • Art. 6 GDPR: To process personal data (e.g. in your WordPress or by sharing it with YouTube via an embedded video) you need a legal justification. In many cases, only consent is an option. In Germany, for example, the IP address, which must always be transmitted to load content on the Internet, is also a personal data (see BGH ruling dated May 16, 2017, file no. VI ZR 135/13). In practical terms, this means that you need the informed consent of your visitors before, for example, loading a YouTube video on your website and therefore passing on data of your visitors.

Free check from a Cookie Expert

Before we explain how you can see for yourself if you need a cookie banner, a short note about a free service from devowl.io. You are welcome to open a support ticket, in which you give the address of your WordPress website with the request for a free check of your website. One of our Cookie Experts will then take a look at your website without obligation and explain in a short analysis if and why you need a Cookie Banner. This will save you time and give you a professional evaluation of your individual situation!

Recognizing whether non-essential cookies are being set or personal data is being processed

Detecting whether non-essential cookies are being set or personal data is being processed requires a certain amount of technical and informational knowledge in combination with knowledge of the legal requirements. Detection is difficult to automate, as the abstract legal rules can be applied in many ways. In the article How do I find all cookies on my website? we tried to show in detail how you can find all cookies and software that require consent. From this we can derive two basic rules that will bring a clue if a cookie banner is needed:

Content from external sources will be downloaded

In Google Chrome or a Chromium browser, open your website. Then, right-click anywhere on your website to open the context menu, where you select Inspect. A new bar will open in your browser with several tabs. You select the Sources tab. You will now see a three-column layout, where we are interested in the left column. In this column you can see which files were loaded from which domains (services) when you called this specific subpage of your website.

For example, in the following image you can see that data is loaded only from devowl.io. If the user has visited this website, then data is not unexpectedly forwarded to a third-party provider, which is why consent should not be necessary as a justification reason. Nevertheless, the website could process personal data internally, but this is not recognizable from this view.

Google Chrome developer tools show the sources from which the website loads assets, and it is only the website itself that loads assets

For many websites, however, it looks more like the following image. Scripts, images etc. are not only downloaded from devowl.io, but from six other domains (marked red in the image). It is obvious that not all of them are essential and therefore data should only be transferred to these providers with a justification – usually only consent comes into question. In this case, it is very likely that you will need a cookie banner and consent management tool like Real Cookie Banner for your WordPress website.

Google Chrome developer tools show the sources from which the website loads assets and are various service that loads assets

It is important to note that the information displayed on each subpage of your website may vary, so to be safe you should perform this check on each subpage of your website.

Cookies in the browser

As in the previous section, you need to open your website in Google Chrome or a Chromium browser. Then, right-click anywhere on your website to open the context menu, where you can select Inspect. A new bar will open in your browser with several tabs. This time you select the Tab Application. We are interested in the left column again and especially in the Storage section. In this section you should expand each entry that has subentries marked by a triangle. Then you can go through each entry. You need to consent not only for (HTTP) Cookies, but also for setting non-essential cookie-like data like in the Local Storage, Session Storage and the IndexedDB. In the large second column you can see which cookies or cookie-like information are stored.

In the following example, all storage entries that may contain cookies or cookie-like information are marked in red. We see the cookies set by/on https://devoowl.io displayed in the second column. All set cookies are marked in orange.

Cookies set on a website shows in the Google Chrome developer tools

If you find entries here, cookies are set. Whether these are essential or non-essential cookies must be interpreted in the context of the specific use. However, the vast majority of cookies are non-essential cookies, so you will most likely need a cookie banner like Real Cookie Banner.

It is important to note that cookies and cookie-like information do not always have to be set when your website loads. They can also be set only when you interact with your website, for example submitting a contact form. So, you should try every possible interaction with your website on every subpage.

Summary: Do you really need a cookie banner?

After following the steps explained in the previous section, you should have a good feeling whether you need a cookie banner. Of course, this does not give you a hundred percent certainty, but it gives you a good indication. If you want absolute certainty, you should contact the media lawyer you trust.

In general, most WordPress websites require a cookie banner and consent management. Building a website completely without cookies and processing of personal data (by third parties) is difficult. And if you manage it, it will severely limit you, as services like Facebook Pixel, Google Ads Google, Analytics (with MosterInsights), Google Fonts, Google Maps, Google reCAPTCHA, Google Tag Manager, Hotjar, Jetpack, Twitter, Vimeo, YouTube and many more will no longer be usable.

Themen

Find helpful articles

WordPress Plugins

Menu
Consent management by Real Cookie Banner