Every website, with or without WordPress, is composed of different components and content. These use technologies to work, collect data, and serve content. The possibilities are technically almost unlimited, although they are limited by legal aspects, that you must comply with. We’ll explain the legalities and when subsequently you need to use a cookie banner on your WordPress website.
Legal requirements in the EU
Real Cookie Banner and many other so-called opt-in cookie banners and consent management platforms are optimized for the legal area of the European Union, as strict rules apply here. As a consent management solution, Real Cookie Banner offers you a way to comply with the following important legislation in the EU:
- Art. 6 GDPR: To process personal data (e.g. in your WordPress or by sharing it with YouTube via an embedded video) you need a legal justification. In many cases, only consent is an option. In Germany, for example, the IP address, which must always be transmitted to load content on the Internet, is also a personal data (see BGH ruling dated May 16, 2017, file no. VI ZR 135/13). In practical terms, this means that you need the informed consent of your visitors before, for example, loading a YouTube video on your website and therefore passing on data of your visitors.
Free check from a Cookie Expert
Before we explain how you can see for yourself if you need a cookie banner, a short note about a free service from devowl.io. You are welcome to open a support ticket, in which you give the address of your WordPress website with the request for a free check of your website. One of our Cookie Experts will then take a look at your website without obligation and explain in a short analysis if and why you need a cookie banner. This will save you time and give you a professional evaluation of your individual situation!
Recognizing whether non-essential cookies are being set or personal data is being processed
Detecting whether non-essential cookies are being set or personal data is being processed requires a certain amount of technical and informational knowledge in combination with knowledge of the legal requirements. Detection is difficult to automate, as the abstract legal rules can be applied in many ways. In the article How do I find all cookies on my website? we tried to show in detail how you can find all cookies and software that require consent. From this we can derive two basic rules that will bring a clue if a cookie banner is needed:
Content from external sources will be downloaded
In Google Chrome or a Chromium browser, open your website. Then, right-click anywhere on your website to open the context menu, where you select Inspect. A new bar will open in your browser with several tabs. You select the Sources tab. You will now see a three-column layout, where we are interested in the left column. In this column you can see which files were loaded from which domains (services) when you called this specific subpage of your website.
For example, in the following image you can see that data is loaded only from devowl.io. If the user has visited this website, then data is not unexpectedly forwarded to a third-party provider, which is why consent should not be necessary as a justification reason. Nevertheless, the website could process personal data internally, but this is not recognizable from this view.
For many websites, however, it looks more like the following image. Scripts, images etc. are not only downloaded from devowl.io, but from six other domains (marked red in the image). It is obvious that not all of them are essential and therefore data should only be transferred to these providers with a justification – usually only consent comes into question. In this case, it is very likely that you will need a cookie banner and consent management tool like Real Cookie Banner for your WordPress website.
It is important to note that the information displayed on each subpage of your website may vary, so to be safe you should perform this check on each subpage of your website.
Cookies in the browser
As in the previous section, you need to open your website in Google Chrome or a Chromium browser. Then, right-click anywhere on your website to open the context menu, where you can select Inspect. A new bar will open in your browser with several tabs. This time you select the Tab Application. We are interested in the left column again and especially in the Storage section. In this section you should expand each entry that has subentries marked by a triangle. Then you can go through each entry. You need to consent not only for (HTTP) Cookies, but also for setting non-essential cookie-like data like in the Local Storage, Session Storage and the IndexedDB. In the large second column you can see which cookies or cookie-like information are stored.
In the following example, all storage entries that may contain cookies or cookie-like information are marked in red. We see the cookies set by/on https://devowl.io displayed in the second column. All set cookies are marked in orange.
If you find entries here, cookies are set. Whether these are essential or non-essential cookies must be interpreted in the context of the specific use. However, the vast majority of cookies are non-essential cookies, so you will most likely need a cookie banner like Real Cookie Banner.
It is important to note that cookies and cookie-like information do not always have to be set when your website loads. They can also be set only when you interact with your website, for example submitting a contact form. So, you should try every possible interaction with your website on every subpage.
Summary: Do you really need a cookie banner?
After following the steps explained in the previous section, you should have a good feeling whether you need a cookie banner. Of course, this does not give you a hundred percent certainty, but it gives you a good indication. If you want absolute certainty, you should contact the media lawyer you trust.
In general, most WordPress websites require a cookie banner and consent management. Building a website completely without cookies and processing of personal data (by third parties) is difficult. And if you manage it, it will severely limit you, as services like Facebook Pixel, Google Ads, Google Analytics (with MosterInsights), Google Fonts, Google Maps, Google reCAPTCHA, Google Tag Manager, Hotjar, Jetpack, Twitter, Vimeo, YouTube and many more will no longer be usable.