[Plugin: Cookie Control] Plugin breaches Guidelines

I’ve asked for the plugin to be investigated.

Thanks for the quick response, hopefully the code can be tweaked slightly and cleaned up, or found that is safe to use, as the plugin will be useful to others for EU compliance.

The base64 is used for images, which is acceptable. If there’s more added in, though, that is a problem.

What code did you remove to pull the link?

Thanks for the update Ipstenu, that’s reassuring to know it’s just for images.

If you edit the cookieControl-4.1.min.js file

Look for the following code and remove it:

<p class="ccc-about"><small><a href="https://www.civicuk.com/cookie-law" target="_blank" >about this tool</a></small></p><a class="ccc-icon" href="https://www.civicuk.com/cookie-law" target="_blank" title="About Cookie Control">About Cookie Control</a>

Huh. I see why he thinks it’s okay. That’s … well. We do allow some ‘powered by’ links within reason, but this one is really iffy.

Hi Ipstenu,

The link back to the Cookie Control pages is there for two reasons:

1) there’s information there to inform users what the tool is for.
2) we want to make the tool as widely available as possible – thus increasing user understanding and raising opt-in rates.

We’ve developed the tool in collaboration with government, and it is the recommended solution within the Scottish Government. If you’re in any doubt about the authenticity of the tool, this list of sites using it should set your mind at ease:

[ Thank you, we get it, the code is being used by government web sites. ]

CIVIC doesn’t stipulate many restrictions on using the tool, except that the link must be maintained and the iconography used – there are good reasons for this.

And please bear in mind that while CIVIC is benefitting from publicity around this, we have worked hard to develop a solution and make it available freely, for the whole community to use.

Cheers,

Mark

Mark Steven
Head of Client Services, CIVIC

CIVIC doesn’t stipulate many restrictions on using the tool, except that the link must be maintained and the iconography used – there are good reasons for this.

I’m not a plugin reviewer, and my opinion should be taken with a grain of salt, but that restriction may violate the GPL requirement for listing your plugin here.

Any software from the WordPress repository needs to be restriction free in a way that is compatible with the GPL. That doesn’t mean you don’t get credit for your work, but it does mean I (the user) can delete the link or the iconography if I choose to.

We’ve developed the tool in collaboration with government, and it is the recommended solution within the Scottish Government.

Having worked with local government (including some in Scotland) – and with all due respect – this is not any real endorsement. Nor, as Jan says, does it have any impact on whether the plugin complies with WPORG’s plugin submission guidelines.

And please bear in mind that while CIVIC is benefitting from publicity around this, we have worked hard to develop a solution and make it available freely, for the whole community to use.

I appreciate that you have made the tool freely available (with restrictions), but you benefit greatly from the link backs.

I have a site with over 1000 pages, WordPress and the Theme developer have 1 link on each page, so over 1000 links. I am fine with this because both the software and theme are core/critical components to the site.

Why should I be giving Civic UK, 2 links per page (over 2000 links), for a tool, which isn’t a critical or core component of the site, especially since on the Civic UK site it is stated:

Cookie Control alone may not be enough to guarantee compliance with regulations and responsibility for this is not ours.

The Civic UK site is getting a lot of link juice back from various sites for a tool that may not even make a site compliant, and even worse, you are getting more links back than what is being provided to WordPress or the theme developers in a typical wordpress installation.

We’ve agreed with the plugin developer that the link can be removed from the user interface (so @mentalist3d, no more 1000 links).

We would request users to include a link to the tool however, a suitable place being their privacy policy.

Hope that solution is acceptable to everyone.

Question – what is the point to this plugin if it does not make your site comply with regulations?

@hairyhobo… if you can be specific about what you’re trying to achieve, perhaps we can help you.

Well if the Cookie Control site puts a statement as above “cookie control alone may not be enough to guarantee compliance” on their site to cover their arse so they have no come backs, what use is the plugin?
I see they are trying to help yet then tell you what we are telling you might not be enough, so what is the point?

I was looking around for a plugin and to see if i actually need to put the cookie statement on websites ive built or are building. A friend of mine who keeps his eye on this more than i do said when they release the law change the next day they released something to say it didnt matter (sorry i dont have the full details). So i saw this and just asked really. If im missing something on my previous post do tell me….

@hairyhobo. I no longer use this plugin, but an alternative cookie compliance plugin, so I wont make any direct comment about this particular plugin.

Regarding the law being carried out, it appears that if you make the attempt at compliance, then your safe(ish.

At first all cookies were meant to be blocked by default, but ICO appear to accept that cookies can be used, as long as they are disclosed in a cookie/privacy policy (what is being used and what for), and that you make an attempt to notify users that the site uses cookies.

I personally hate the cookie law, but do comply with it on my main site (notifying users of cookies), but on other sites I do not bother.

Depending on what type of sites you build, I would suggest you make a judgement on whether or not to install a cookie compliance plugin.

If you are doing commercial work for a client, I would usually put in a cookie compliance notice, just in case the ICO does make an issue of the Cookie law, and at least your client may be protected.

Personal sites, I wouldn’t bother. You can also have a look at nocookielaw.com, to see their stance on the issue. They started of making compliance plugins, but then decided ‘stuff it’.

You would really have to seek legal advice. All I can say, is some sites probably should have some type of Cookie notice, just in case, and other sites can probably ignore the law. It’s a total judgement call you need to make on a site-by-site basis.