Do all WordPress sites need a EU Cookie notice?

0 Views

Does WordPress in its default install need an EU cookie notice? I have a number of people who have very simple WordPress sites and am not sure if even a simple WordPress site installs cookies on a viewers computer?

Post Views: 0

Related posts

3 comments

  1. Based on the european juridiction, there is some cookies types that doesn’t need user consent:

    However, some cookies are exempt from this requirement. Consent is not
    required if the cookie is:

    • used for the sole purpose of carrying out
      the transmission of a communication, and
    • strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service.

    Cookies clearly exempt from
    consent according to the EU advisory body on data protection- WP29
    include:

    • user‑input cookies (session-id) such as first‑party cookies
      to keep track of the user’s input when filling online forms, shopping
      carts, etc., for the duration of a session or persistent cookies
      limited to a few hours in some cases
    • authentication cookies, to
      identify the user once he has logged in, for the duration of a session
    • user‑centric security cookies, used to detect authentication abuses,
      for a limited persistent duration
    • multimedia content player cookies,
      used to store technical data to play back video or audio content, for
      the duration of a session
    • load‑balancing cookies, for the duration of
      session
    • user‑interface customisation cookies such as language or font
      preferences, for the duration of a session (or slightly longer)
    • third‑party social plug‑in content‑sharing cookies, for logged‑in
      members of a social network.

    A default WordPress installation, without any plugin / tracking code / analytics, come with the following cookies :

    Non-logged users

    PHPSESSID : it’s the session ID, used for carrying the session, so it match the point about authentication cookies.

    Logged users

    wordpress_logged_in_*** : carry session informations. Same as PHPSESSID for legislation.

    wp-settings-*** : general settings preferences for internal use only. So it match the point about user-interface customisation.

    Commenters

    comment_author
comment_author_email
comment_author_url

    They all three match the point about user-input cookies BUT by default they are stored for a year. So, according to the legislation, if you use comments functionality on your blog you should ask for consent on this cookies. If comments are disabled on your website, then you probably don’t need to ask for any consent for a default WordPress installation. I suggest you to check on your website if any plugin add some cookies that don’t match the quoted points.

  2. You should have the EU cookie notice enabled, since a EU legislation requires that the user must know that your sites stores data into their PC. There’s some exemptions though.

    You can check everything about this legislation here

  3. A bit of Googling notes that: WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.

    so, yes, I think it does

Comments are closed.