The GDPR expands upon the EU e-Privacy Directive cookie consent requirements making them more restrictive. Recital 30 and Recital 26 classify (most) cookies as devices that can be used to identify users and define them as personal data. In order to collect personal data, you must gain consent. Because the GDPR demands that consent must be as easy to withdraw as it is to give, the EU e-Privacy Directive plugin has been modified to be in full compliance.
To maintain compliance with this Joomla extension, it must be implemented correctly. The method of implementation prescribes that cookie-creating content be treated in a specific manner in order to maintain a cookie-free environment until the user has consented to cookies.
This extension is a pair of plugins and a module. ALL 3 extensions are REQUIRED for operation of this extension and full compliance with the GDPR. This document will detail downloading, installing, and configuring the basic functionality. Extended documentation will cover 3rd party cookie blocking, as well as additional configurations to comply with some EU member state regulations.
Warning: When enabled, the EU e-Privacy Directive will log you out of /administrator if you refresh a front-end screen that has not accepted cookies within the same browser (different tab). If you wish to test and configure at the same time, you may want to use a second browser to remain logged in to /administrator while browsing the site without cookies.
If you haven't watched the full demo video, it may give you some idea of the display capabilities. This video was made before GDPR modifications were made, however, the modifications did not alter the way the extension appears or functions. I may make a new version of the video in the future to highlight the GDPR functionality.
This extension is different from the others in that it is free. So we can skip past the purchase instruction and dive straight to the download URL:
Look for the green "Download..." button.
In /administrator, go to Extensions > Manage > Install. Browse for the package you downloaded and press the install button. You should soon see a success message.
The package installs 2 plugins (System - EU e-Privacy Directive, and Ajax - EU e-Privacy Directive) and a module (mod_eprivacy). Although there are many configurations to be made, the first is enabling both plugins.
Browse to Extensions > Plugins and search for "privacy". You're looking for System - EU e-Privacy Directive, and Ajax - EU e-Privacy Directive - click the red X on each plugin to enable them. At this point, you're ready to begin configuring the extensions.
Configuration 1: Module Placement
The EU e-Privacy Directive extension uses a module to provide the circular consent options. When a user accepts cookies, the module offers the ability to revoke them. When a user revokes, the module offers the ability to reconsider again. The plugins will not work without the module, and the module will not work without the plugins. Together, they meet the GDPR consent requirements that users have the option to undo their previous decision.
Where the module is placed depends on your template and the available positions. On this site using a slightly modified Protostar template, the module was placed in position-0. Some users place it in the footer and even in the debug position. Because you enabled the system plugin in the last step, the module will display something when you place it in a position. Play around with different positions, and don't worry about the style for now. We will cover that next. First, find a good position.
Don't forget to choose which pages it displays on. By default, newly installed modules are configured to display on no pages.
Configuration 2: Module Styling
Now is as good a time as any to style your module to match your template. The default styling is contained in the system plugin under the "Module Display Options" tab.
If you aren't familiar with CSS, now is the time to get your designer involved. All of the elements in the module can be easily accessed in the DOM via descriptive class names. This site uses a slightly modified default. I removed 2 borders and added some left margin to the button. It is very close to the factory default.
Be sure to cycle through all of the options in order to see all of the displays. There are 3:
- This is only displayed when the "Module" display method is chosen.
- This is displayed when a user has declined cookies, providing them an option to reconsider.
- This is displayed only when a user has accepted, providing them an option to reconsider.
Once you have styled the module to your liking, you can (and should) copy the CSS to your template and turn "Use Plugin CSS" off. This will reduce the size of your pages and speed up your site slightly.
Configuration 3: Display Method
Return to /administrator Extensions > Plugins. Search for "privacy" and click "System - EU e-Privacy Directive" to edit the system plugin.
Styling each is a different story though. The JS Confirm, cannot be styled as it is part of the browser. The module and ribbons are styled in the plugin configuration. The System Message type is styled by your template (if your template developer bothered to add the System Message position to the template.) The modal is styled by your template.
The Module and Page Ribbon can both be styled within the System plugin. The modal type requires some Bootstrap expertise.
- If the pasted URL contains a "?" - add "&tmpl=component" to the URL
- If the pasted URL does not contain a "?" - add "?tmpl=component" to the URL
At this time, you can decide if you want to display a link to the e-Privacy documents. If requested, I may add a link to the GDPR documents.
Configuration 5: ACL
In order to block 3rd party cookies and cookies from extensions (additionally, to hide modules, plugins and components that cannot operate without cookies), it's necessary to create a new User Group and Viewing Access Level.
Browse to Users > Group > Add New Group
Create a new group named "Cookies" and make it a child of "Public"
Browse to Users > Access Levels > Add New Access Level
Create a new level named "Cookies" and add the groups "Cookies" and "Registered" to it.
Configuration 6: Advanced Settings
Return to /administrator Extensions > Plugins. Search for "privacy" and click "System - EU e-Privacy Directive" to edit the system plugin. When open, go to the "Advanced" tab.
Finising ACL configuration
To finish up the ACL settings from the previous page, select the "Cookies"
Although the setup is finished, ACL settings are used throughout Joomla and will need to be a consideration whenever you install new extensions. These use cases will be covered in the EU e-Privacy Directive Advanced instructional document.
Enabling the geoPlugin allows you to limit the cookie consent requirement to only EU member states. When someone arrives at your site from a non-EU state, cookies are automatically enabled. The only time a user will see the accept message is if they arrive from an EU member state.
To enable this option, you must first sign up for a free account at http://www.geoplugin.com - Once you have signed up, you'll receive an email that describes the final step to enable your account. When (and only when) you're done setting up your geoPlugin account, enable the geoPlugin within the system plugin. It took about 5 minutes to complete the last time I did it - it doesn't take long at all.
When the geoPlugin is enabled, you have an option to enable acceptance logging. When enabled, every time a user accepts cookies, their country, IP address and the date/time they accepted is stored in the database. This data may be displayed in the plugin in a future version. Until then, know the data exists if you ever need it.
By now, you have enough configuration to test the basic function of the extension - that is, blocking and allowing cookies based on consent. If you are using the geoPlugin, but browsing from a non-EU member state, you may want to turn off the geoPlugin temporarily, so you can see the operation of the extension.
Rather than try to describe the steps, I've created a testing video using this site as the example.
Did everything work? Of course it did, because you're awesome!
Continue to the EU e-Privacy Directive Advanced page for more configurations for specific situations.