In accordance with the general principles of privacy law, which do not permit the processing of data prior to consent, the cookie law does not allow the installation of cookies before obtaining the user’s consent, except for exempt categories. In practice, this means that scripts that recall banners or even scripts that handle live chat or a Facebook Like button can’t be executed before obtaining prior consent from the user.
The iubenda Cookie Solution includes all the necessary tools to facilitate compliance with the cookie law.
Some cookies are exempted from prior consent and therefore do not require compliance with the instructions contained in this guide. In particular:
- Technical cookies, i.e. those needed to provide the service. Among these there are: preference cookies, session cookies, load balancing cookies etc.
- Analytics cookies, directly managed by the owner, such as through software like Matomo/Piwik (unless the users are profiled)
- Third party analytics cookies (e.g. Google Analytics), only if the data is anonymized before being recorded by the third party service and if the third party is obligated to not cross-check the information gathered with other data in its possession. If you want to know how to set up Google Analytics for this purpose, please refer to this dedicated article
Note: some details regarding this may differ slightly from country to country. We therefore suggest that you inform yourself of your privacy authority’s guidelines .
How to set up preemptive blocking of cookies through the iubenda Cookie Solution
The iubenda Cookie Solution offers various tools for the prior blocking of codes that may install cookies.
This method requires you to identify the scripts that are subjected to the requirement of prior consent. Once that’s done, the scripts must be manually modified so they can be recognized, stopped and then released by our software depending on what the user chooses.
Manual tagging is explained in detail in this guide. The guide explains the processes for manual blocking, together with many practical examples (i.e. how to set up the blocks for a Facebook Like Button, Google Analytics, Adsense and so on).
Google Tag Manager
The second option to set up the blocking of scripts is to use Google Tag Manager. This method has the advantage of being much faster than the previous one, with the limit of working only for scripts that don’t require a specific position. Google Tag Manager is therefore not effective for all scripts that display a specific element in a specific position of the page (such as the Facebook Like button).
For more information read the How to use Google Tag Manager to simplify the adoption of cookie law requirements guide.
Google Adsense and Ad Manager
Google Adsense is different in that it can be blocked through Google Ad Manager (previously DFP – DoubleClick for Publishers). In this case, it is also a kind of manual tagging – like the one described above – but with the difference of the use of Google Ad Manager.
The method in question is therefore only valid for Google Adsense, the complete guide is available here.
IAB Consent Management Provider Framework
With this feature enabled, the Cookie Solution automatically blocks the scripts of advertisers that are a part of the IAB Vendor List (provided that the individual advertisers adhere to the standards of the of the network), prior to receiving user consent.
This means that there is no need to set-up the prior blocking mechanism for the particular third parties that are a part of the IAB Vendor List.
Note: if you’re running other scrips related to third-parties that are not included on the IAB Vendor List, you’ll still need to set up prior blocking for those scripts using another method.
For more information, here’s the guide to enabling the IAB CMP Framework.
Even if the previous solutions required direct intervention on the code to be blocked, the Cookie Solution can also be integrated using other tools that automate the blocking of scripts.
For example, if you use WordPress, we’ve released a plugin that, once installed, automatically recognizes and blocks the main resources to be subjected to prior consent.
For the resources not yet supported by the automatic block, the plugin allows for comments/shortcodes with which to wrap the scripts that require prior consent.
The WordPress plugin user guide is available here. The latest version of the plugin can be downloaded from the official WordPress repository.
For feedback, we invite you to participate in our dedicated support forum.
We’ve also released a module for Magento whose functioning is identical to the one for WordPress. The module and the installation guide are available here.
We’ve also released a plugin for Joomla! whose functioning is identical to the one for WordPress.
The Joomla! plugin user guide is available here.
If you want, you can participate in the related discussion on our support forum.
Similar to the ones listed above, a dedicated plugin is also available for PrestaShop.
The PrestaShop plugin and the installation guide are available here.
Last but not least, you can also use the iubenda PHP class for parsing/replacing scripts that generate cookies. This is the class on which our WordPress and Joomla! plugins are based and you can use it to build your own plugin independently for a platform other than those for which we have already developed a dedicated solution.
If you want to use the same logic of our WordPress or Joomla! plugin on other systems, you can refer to the guide for our PHP class.
The fastest way to preventively block the scripts that require prior consent is to install a module on your own server that we have developed for Apache, IIS and NGNIX. After the initial configuration, the module will autonomously block all the resources that are subject to prior consent, on all sites on that server that are using the Cookie Solution.
The webserver module is available upon request. For further information please write to firstname.lastname@example.org