In accordance with the general principles of privacy law, which do not permit the processing of data prior to consent, the cookie law does not allow the installation of cookies before obtaining the user’s consent, except for exempt categories. In practice, this means that scripts that recall banners or even scripts that handle live chat or a Facebook Like button can’t be executed before obtaining prior consent from the user.
The iubenda Cookie Solution includes all the necessary tools to facilitate compliance with the cookie law.
Some cookies are exempted from prior consent and therefore do not require compliance with the instructions contained in this guide. In particular:
- Technical cookies, i.e. those needed to provide the service. These include preference cookies, session cookies, load balancing cookies etc.
- Statistical cookies, directly managed by you, such as through software like Matomo/Piwik. This exemption does not apply if these statistical cookies are used for profiling.
- Statistical third-party cookies (e.g. Google Analytics), in cases where the data is anonymized before being recorded by the third party service and if the third party is obligated to not cross-check the information gathered with other data in its possession. If you’d like to know how to set up Google Analytics for this purpose, please refer to this dedicated article. *
*This exemption may not be applicable to all regions and is therefore subject to specific local regulations.
Some details regarding this may differ slightly from one EU Member State to another. This guide takes a comprehensive look at requirements, however, we still suggest that you inform yourself of the privacy authority guidelines applicable to you.
How to block cookies prior to consent with the iubenda Cookie Solution
The iubenda Cookie Solution offers various tools for the prior blocking of codes that may install cookies.
Our Cookie Solution plugins allow you to automate the blocking of scripts drastically reducing the necessity for direct interventions in the site’s code.
The plugin simplifies the blocking of scripts in several ways
- Auto-block list. By default, the plugin detects and blocks the most popular server-side scripts (you can find the full list in the dedicated plugin guides listed below).
- Manual wrapping method. You can also directly modify your site’s code and wrap the scripts that you need to block in the plugin’s block tags.
- Shortcodes. There are shortcodes available for elements installed directly within WordPress posts (as opposed to elements integrated at the template level – example footer.php). Currently, the shortcodes are only available for the WordPress plugin.
Once installed and set-up, the plugin automatically recognizes and blocks scripts prior to consent.
For platform-specific details, please choose from the dedicated guides listed below.
Drupal users, please see the section on prior-blocking via the PHP class below.
Google Tag Manager
This method has the advantage of being quite fast but with the limit of working only for scripts that don’t require a specific position. Google Tag Manager is therefore not effective for all scripts that display a specific element in a specific position of the page (such as the Facebook Like button).
For more information read the How to use Google Tag Manager to simplify the adoption of cookie law requirements guide.
Google Adsense and Ad Manager
Google Adsense is different in that it can be blocked through Google Ad Manager (previously DFP – DoubleClick for Publishers). In this case, it is also a kind of manual tagging – like the one described below – but with the difference of the use of Google Ad Manager.
The method in question is therefore only valid for Google Adsense, the complete guide is available here.
This method requires you to identify the scripts that are subjected to the requirement of prior consent. Once that’s done, the scripts must be manually modified so they can be recognized, stopped and then released by our software depending on what the user chooses.
Manual tagging is explained in detail in this guide. The guide explains the processes for manual blocking, together with many practical examples (i.e. how to set up the blocks for a Facebook Like Button, Google Analytics, Adsense and so on).
You can also use the iubenda PHP class for parsing/replacing scripts that generate cookies. This is the class on which our WordPress and Joomla! plugins are based and you can use it to build your own plugin independently for a platform other than those for which we have already developed a dedicated solution.
If you’d like to use the same logic of our WordPress or Joomla! plugin on other systems, you can refer to the guide for our PHP class.
*You can access the class via direct download or Packagist, and find full instructions in the PHP class guide linked above.
The fastest way to preventively block the scripts that require prior consent is to install a module on your own server that we have developed for Apache, IIS and NGNIX. After the initial configuration, the module will autonomously block all the resources that are subject to prior consent, on all sites on that server that are using the Cookie Solution.
The webserver module is available upon request. For further information please write to email@example.com