Iubenda logo
Start generating

Documentation

Table of Contents

iubenda Privacy Controls and Cookie Solution – Introduction and Getting Started

 

Here you will learn everything you need to know about our cookie management solution:

  •  
 

⚙️ Take a look at this demo to see how the iubenda Privacy Controls and Cookie Solution works.

Introduction to Cookie Law and cookie policy

The ePrivacy Directive 2002/58/EC (or Cookie Law) was established to put guidelines in place for the protection of electronic privacy, including email marketing and cookie usage, and it still applies today.

💡The Cookie Law actually applies not only to cookies but more broadly speaking to any other type of technology that stores or accesses information on a user’s device (e.g. pixels tags, device fingerprinting, unique identifiers etc.). For simplicity, all such technologies, including cookies, are commonly defined as trackers. However, in this guide, the term cookie(s) and tracker(s) will be used interchangeably.

You can think of the ePrivacy Directive as currently “complementing” the GDPR in a sense, rather than being repealed by it.

Strictly speaking, if you use cookies you need to consider Cookie Law compliance before you look to the GDPR. That’s because the Cookie Law is what is called in legal jargon a “lex specialis” which means that it takes precedence over the GDPR.

Directives, generally speaking, set certain agreed-upon goals and guidelines in place with Member States being mandated to implement these directives into national legislation..

Regulations, on the other hand, are legally binding across all Member States from the moment they are put into effect and they are enforced according to union-wide established rules.

With that said, the ePrivacy Directive is, in fact, going to be repealed soon by the ePrivacy Regulation. The ePrivacy Regulation is expected to be finalized in the near future and will work alongside the GDPR to regulate the requirements for the use of cookies, electronic communications, and related data/privacy protection.

The Regulation is expected to maintain values similar to the Directive with much of the same guidelines applying.

Who is subject to the Cookie Law?

The implementation of the Cookie Law depends on the legislation under which the site/app operates.

In general, the Cookie Law will apply to you if:

  • you or your users are based in the EU; and
  • you use cookies or similar technologies on your site/app.

What does the Cookie Law require?

Under the Cookie law, organizations that target users from the EU must inform users about data collection activities and give them the option to choose whether it’s allowed or not.

This means that if your site/app (or any third-party service used by your site/app) uses cookies or similar technologies, you must first obtain valid consent prior to the installation of those cookies, except where they fall into the exempt category.

In practice, you’ll need to:

  • show a cookie banner/consent banner at the user’s first visit;
  • implement a cookie policy that contains all required information;
  • allow the user to provide consent. Prior to consent, no cookies — except for exempt cookies — can be installed.

For further details on the Cookie Law, we invite you to read our documentation and the official statements from the country you might be affiliated with or targeting. Great guidance can be accessed through the Article 29 Working Party (which is a group comprised of various data protection regulators that aim to simplify Europe’s diversity):

Here are the links to each countries specific application of the ePrivacy directive:

The iubenda Privacy Controls and Cookie Solution allows you to manage all aspects of the Cookie Law, in particular:

  • easily inform users via cookie banner/consent banner and a dedicated cookie policy page (which is automatically linked to your privacy policy and integrates what’s necessary for Cookie Law compliance);
  • obtain and save cookie consent settings;
  • automatically block scripts that may install cookies/trackers on the website until the user gives consent via the auto-blocking feature; and
  • keep track of consent and save consent settings for each user for up to 12 months from the last site visit.

You can collect consent via multiple mechanisms including continued browsing, scrolling, and/or specific clicking actions. Keep in mind though that allowed consenting actions may differ depending on the Member State law.

Below you will find all necessary steps to use iubenda to make sure you comply with the Cookie Law.

How to generate a cookie policy with iubenda

  • Go to the dashboard and select the privacy policy for which you want to generate a cookie policy (Pro License required).
  • Click on Edit in “Privacy and Cookie policy”, you will notice a “Cookie Policy” box in the right column: Activate cookie policy
  • Click on Activate cookie policy: your cookie policy will be generated automatically based on the configuration of your privacy policy.

Click on Generate now under Dashboard > [Your website/app] > Privacy Controls and Cookie Solution:

Cookie Solution - Generate cookie banner/consent banner

This will take you directly to the configuration panel of your cookie banner/consent banner:

Cookie Solution configurator

Once saved, you’ll get a similar code snippet:

<script type="text/javascript">
  var _iub = _iub || [];
  _iub.csConfiguration = {
    "siteId": XXXXXX, // your siteId,
    "cookiePolicyId": YYYYYY, // your cookiePolicyId,
    "lang": "en"
  };
</script>
<script type="text/javascript" src="https://cs.iubenda.com/autoblocking/3095420.js"></script>
<script type="text/javascript" src="///cdn.iubenda.com/cs/iubenda_cs.js" charset="UTF-8" async></script>
<script type="text/javascript">
    var _iub = _iub || [];
    _iub.csConfiguration = {
        "lang": "en",
        "siteId": XXXXXX, //use your siteId
        "cookiePolicyId": YYYYYY, //use your cookiePolicyId
        "banner": {
            "position": "float-top-center",
            "acceptButtonDisplay": true,
            "customizeButtonDisplay": true
        }
    };
</script>
<script type="text/javascript" src="//cdn.iubenda.com/cs/iubenda_cs.js" charset="UTF-8" async></script>

Simply copy and paste it into the head tag of your website’s HTML as the first element. Alternatively, you can use one of our plugins: currently we have plugins available for WordPress, Joomla!, PrestaShop and Magento.

Cookie banner/consent banner example

Important

Don’t use the code shown above, it’s just a sample code. Instead, use the code attached to your cookie policy, which you can obtain by following the steps listed above. For information on how to configure or customize the banner or to better understand how to access all of the available options, please read the documentation on the cookie banner/consent banner.

Remote Configuration Feature

The remote configuration feature simplifies the implementation process by allowing most changes made in the Privacy Controls and Cookie Solution configurator to apply directly to your website without the need for re-embedding. However, some changes, such as using a custom CSS, the TCF tile, and US laws support, still require re-embedding the code. In any case, when saving your Privacy Controls and Cookie Solution configuration, you will be notified whether the changes will apply directly or if re-embedding the code is necessary.

Please note:

For new users, remote configuration is enabled by default. For legacy users (or users with an existing configuration), remote configuration is disabled by default. In both cases, you can manage and enable/disable this feature directly from the configurator.

The Privacy Controls and Cookie Solution also allows you to indicate whether or not you’d like to apply GDPR protections to the following:

  • All your users. In this case, consent will be requested to all users of your site. This is the default setting.
  • Only your EU users. In this case, consent will be requested to EU users only.

Here’s an example: a US-based e-commerce site has different sections available to users in the US and in Europe. They want to apply GDPR protections (i.e. show the cookie banner/consent banner) to just their EU-based users.

This is possible by checking the Request consent to EU users only located in Privacy Controls and Cookie Solution > Edit > GDPR. Once you check this option (in code gdprAppliesGlobally:false), you’ll be able to automatically detect the user country (in code countryDetection:true).

Here’s the Privacy Controls and Cookie Solution snippet you’ll get:

<script type="text/javascript">
  var _iub = _iub || [];
  _iub.csConfiguration = {
    "siteId": XXXXXX, // your siteId,
    "cookiePolicyId": YYYYYY, // your cookiePolicyId,
    "lang": "en"
    "gdprAppliesGlobally": false,
    "countryDetection": true,
  };
</script>
<script type="text/javascript" src="https://cs.iubenda.com/autoblocking/3095420.js"></script>
<script type="text/javascript" src="///cdn.iubenda.com/cs/iubenda_cs.js" charset="UTF-8" async></script>
<script type="text/javascript">
    var _iub = _iub || [];
    _iub.csConfiguration = {
        "lang": "en",
        "siteId": XXXXXX, //use your siteId
        "cookiePolicyId": YYYYYY, //use your cookiePolicyId
        "gdprAppliesGlobally": false,
        "countryDetection": true,
        "banner": {
            "position": "float-top-center",
            "acceptButtonDisplay": true,
            "customizeButtonDisplay": true
        }
    };
</script>
<script type="text/javascript" src="//cdn.iubenda.com/cs/iubenda_cs.js" charset="UTF-8" async></script>

If you choose to request consent to EU users only, but prefer to implement your own country detection system, you’ll have to set gdprApplies:false on pages where consent is not required.

For more details about consent collection settings, see our advanced guide.

Important

If you are EU-based, it is mandatory that you apply the protections to all users and not just users based in the EU.

How and when to preemptively block codes/cookies

According to the Data Protection Working Party, a European think tank and advisory body on data protection and privacy, few categories of cookies are exempt from the consent requirement. Therefore, all other codes that install or can install cookies must be preemptively blocked before consent is obtained.

For more information and a technical guide on how and when to block codes, see our introduction to the prior blocking of scripts and the guide on manual tagging.

How to store proofs of user preferences

In most cases, cookies may process personal data, and record-keeping requirements arising from the GDPR apply. Many Data Protection Authorities across the EU have therefore strengthened their requirements and aligned their rules on cookies and trackers with the requirements of the GDPR.

The Cookie and Consent Preference Log is now available in our Privacy Controls and Cookie Solution.
Simply integrate this feature with one click, and you can easily store and manage GDPR proofs of your users’ consent preferences.

To activate the Cookie and Consent Preference Log, simply upgrade to the 50,000 page views Privacy Controls and Cookie Solution plan or higher.

💡 Not sure if you need the Cookie and Consent Preference Log? Take this 1 minute quiz to find out

You don’t need to configure anything as, once activated, the feature is included by default whitin the Privacy Controls and Cookie Solution. Just click on Log under Dashboard > [Your website/app] > Privacy Controls and Cookie Solution:

cookie preference log

In this section, you can view and manage the logs of cookie preferences collected:

cpl-dashboard

*Cookie preference logs are built into every new plan. Even the free version.

Manage cookie consent with the Privacy Controls and Cookie Solution

Generate a cookie banner