Cookies are small files stored on your computer and created by websites during the user's journey on the web. For example, a website must determine if you are logged in to your user account. Delete the cookie on your computer and you will be instantly logged out. Other cookies, called third-party cookies, are dropped by web services for advertising targeting purposes and are more problematic because they allow them to track the user's journey on the internet.
How to detect cookies on a website ?
If you open your browser's developer tool, for example with Chrome, click on the Application tab, then on the left in the Storage column, on Cookies, you will display all the cookies deposited on the page for the corresponding domain. Cookies can be deleted in one go with a delete keystroke until the next page load which will renew them. For a more comprehensive view, SEO software like Screaming Frog offers the possibility of auditing the entire site and displaying in a separate tab the cookies present on each page.
Do you need to display a cookie consent banner ?
Many countries have adopted different laws to ensure the protection of user data. In Switzerland, the new Federal Act on Data Protection (nFADP), which came into force on September 1, 2023, does not explicitly require website owners to use a cookie consent banner, but emphasizes the obligation to provide clear information on the processing of users' personal data so that they can exercise their right to refuse. The use of cookies that do not generate personal data, for example used anonymously to operate the site, is therefore not in principle subject to the obligation of a consent banner according to the legal experts cited in this article published on the website of the hoster Hostpoint.
The same does not apply if the website transmits data to a third party, targets a European audience subject to the GDPR (General Data Protection Regulation), or uses advertising services such as Google Analytics or Google Ads. Indeed, Google Consent Mode v2, which has been applicable in Switzerland since July 31, 2024, requires the management of cookie consents by a CMP (Consent Management Platform) allowing user choices to be recorded in a register. Learn more.
Managing cookie consent with an external CMP
Biskoui.ch is a Swiss company offering a CMP that promises to be fully compatible with the nFADP, GDPR, and Google Consent Mode v2. A free version and several paid plans cover all the needs from the smallest site to the multilingual portal. A WordPress plugin is available to ease its installation on this platform, but, basically, the integration consists of adding a JavaScript code snippet in the header section of the HTML page, which works with any type of website and can be integrated on technically different platforms.
Once you have activated the desired plan, you can choose the services supported by Biskoui in the interface, such as Google Analytics, Google Tag Manager, or YouTube, and replace the original code on your site with Biskoui's code by following the documentation or with the help of technical support. Biskoui will block cookies until the visitor has given their consent and will manage the recording of consents. Other interesting services are offered, such as a free audit of a site to check its compliance with the nFADP or the drafting of the privacy statement. The service is of the "install and forget" type, the site owner can focus on the development of their site and leave it to Biskoui to adapt its service to the evolution of data protection laws in Switzerland and Europe. The use of a recognized CMP is therefore a guarantee of reliability, particularly in the event of an audit or litigation.
Managing cookie consent with an open source script
Webmasters who want to manage cookie consent themselves on a website can install and adapt open-source cookie management solutions developed for the GDPR. Cookie consent is integrated on the Joomla CMS through an extension developed by n3t and on WordPress by a Pressidium plugin.
Before implementing cookie consent, the webmaster must first identify and categorize the cookies they want to subject to consent: cookies essential to the operation of the site, analytical or marketing cookies, or other categories to be defined. With the n3t extension, an open-source cookie database and a scanning system can automatically identify a certain number of cookies present on the site. However, manual adaptation of the script tags that generate cookies in the pages is still mandatory. It is necessary to add type="text/plain" data-cookiecategory="analytics" in order to link a script tag to the analytics category, for instance. This feature allows for finer control over the permissions granted by the user.
Once the extension is enabled, cookies are blocked until the user has accepted their use. The advantage of n3t is its flexibility: PHP, CSS and Javascript codes can be overridden to adapt the consent setting panel to the needs of the site. The extension was chosen by the developers of the Joomla France site to manage cookie consent on their site. Of course, the advanced use of this extension requires some technical skills to get the most out of it and to stay attentive to changes in the law to adapt its configuration if necessary. Both the Joomla extension and the WordPress plugin are compatible with Google consent mode v2. However, using some Google services like Adsense will require a professional CMP certified by Google.
In summary, there are a variety of simple solutions to implement to make your website compliant with new data protection laws. An open-source extension is useful for basic services which don't need to be certified, while a real commercial CMP like Biskoui will meet the most demanding needs.
Sources:
New Federal Act on Data Protection (nFADP),
Switzerland subject to Google Consent Mode v2 from July 2024,
The new FADP and the cookie banner confusion: what are the latest rules?
