Implement Cookie Consent Requirements
Cookie consent requirements are a critical part of GDPR complaince and is critical to your app's success. To prevent your app from being uninstalled by customers striving for compliance, ensure your app's compatibility with the requirements and test thoroughly.
Make sure to:
- Check the visitor's consent policy at the start of each session, and comply completely with the set policy.
- Listen to changes in the policy during the session, and comply with any changes.
The following sections describe how to complete these two steps based on extension type.
iframe apps
Access the visitors’ consent policies with these wix.utils functions:
- getCurrentConsentPolicy – Get the current user policy.
- onConsentPolicyChanged – Listen to any changes in the policy.
Worker iframe apps
Access the visitors’ consent policies with these wix.worker functions:
- Utils.getCurrentConsentPolicy – Get the current user policy.
- Utils.onConsentPolicyChanged – Listen to any changes in the policy.
The consent policy will also be passed as a query param in the iframe URL.
Embedded script apps
Embedded script apps will be automatically rendered or blocked based on the site visitor’s approval or denial of the above options, which correspond to the script type selected during setup.
If your script falls into more than one category (for example, it's Functional, but also collects Analytics about users) you should select the more restrictive category (so in our example, the script should be marked as Analytics).
If your script has marketing or analytical functionalities but needs to be listed in one of the less restrictive categories in order to carry out its main functionalities, you should do one of the following:
- Create two embedded script components, each one containing the relevant script for its category.
- Have conditional code that checks the policy before running code that requires a more lax policy. If your script structure does not allow you to do this, you can ask for approval to be marked as Functional/Essential via our support, as long as your app takes the user policy into account.
In order to take the users’ selected policy into account, you should use a client side API and event:
- consentPolicyManager.getCurrentConsentPolicy() – Get the current user policy.
- consentPolicyChanged – Listen to any changes in the policy. This is a custom event triggered on the document when the policy is changed.
This means that the rest of your script (or functionality) should be loaded only if the user has accepted.
Function – getCurrentConsentPolicy(callback)
window.consentPolicyManager.getCurrentConsentPolicy()
Property | Type | Description |
---|---|---|
defaultPolicy | boolean | False only if the User has selected a policy |
policy | ConsentPolicy (object) | The policy that is currently active |
createdDate | Date / undefined | If this is NOT a defaultPolicy this is when the policy was set |
ConsentPolicy includes:
Property | Type | Description |
---|---|---|
essential | boolean | Always true - means we allow our necessary cookies / BI |
analytics | boolean | If we are allowed to send / use analytics cookies / BI |
functional | boolean | If we are allowed to send / use functional cookies / BI |
advertising | boolean | If we are allowed to send / use advertising cookies / BI |
dataToThirdParty | boolean | Relates to CCPA law - if we are allowed to transfer data to 3rd parties or embed their scripts |
Event – consentPolicyChanged
Dispatched on the document object. Triggers when a consent policy change was completed successfully.
Sample listener code:
1
The detail object under the event contains a ConsentPolicy object.
Wix Blocks apps
Access the visitors’ consent policies with these Velo functions:
- getCurrentConsentPolicy() – Get the current user policy.
- onConsentPolicyChanged – Listen to any changes in the policy.