We are occasionally asked by customers which consent tool we think is particularly recommendable - especially when our DSGVO scanner decareto has found a misconfigured consent tool on a website, which often happens.
So far, I've been reluctant to make recommendations because I can't answer the question. I know one tool well from my own projects (Usercentrics), but am blank on the rest.
Therefore, in order to be better informed in the future (and also out of my own interest), I will be testing a number of Consent tools over the next few weeks. The spectrum should range from enterprise-ready products like Usercentrics or OneTrust to OpenSource tools, and I will not only present the final results, but also describe the process of implementation and configuration.
I created a mini website as a "test setup" for the tools so that all test candidates compete under comparable conditions:
The website in a non-GDPR-compliant version - i.e. completely without protection by a consent tool - can be accessed here, use at your own risk:
If you call them up, you can see the calls to the domains of the integrated services very nicely with the Chrome Developer tools...
... as well as the set cookies. The two framed cookies come from Google Analytics.
I have provided the following points as criteria for evaluating the consent tool:
But enough of the introductory words, let's start right away with the first consent tool, namely
This tool caught my eye because it is very often installed on the websites scanned by decareto. This is open source software: https://www.osano.com/cookieconsent
According to the producer Osano, it is the most widespread cookie banner in the world and has delivered over 100 billion cookie consents since 2016 (a steep thesis, because delivered consents are not tracked in the cloud, so questionable how Osano knows that). It is not to be confused with the commercial variant Osano Consent Manager, which follows a completely different technical approach.
The software comes across quite comfortable at first when downloaded, on the website a setup wizard helps to configure the software. The result is an HTML snippet that can be integrated into your website, and which displays the Consent banner.
Apart from an introductory text, a link to the data protection declaration and buttons for agreeing and rejecting, no user elements are provided, in particular there is no distinction between necessary and non-essential cookies. But OK.
I didn't bother to block YouTube and Google Maps as intended, even if you could build the necessary functions yourself with a lot of effort. For me, Cookie Consent by Osano is not a serious solution anyway , because even with technical knowledge, the effort involved in installing it on a website is still too high - at least it doesn't seem sensible to me to have to invent the wheel yourself. I also give myself the detailed evaluation based on my test criteria.
Luckily, there are open source projects built on top of Osano that provide support for the shortcomings I've noticed, such as the following:
The developer Dirk Persky has expanded the Osano tool in such a way that it is much more convenient to use. It is available as a plugin for the popular content management system Typo3 , but you can also integrate it directly into websites. You can download it here: https://github.com/DirkPersky/npm-dp_cookieconsent
This makes the banner look acceptable right away, and as you can see, it even has several individually selectable categories:
By inserting three more script tags according to the documentation, the banner itself, the block with the categories, and the element to reopen the banner can be additionally styled and configured. I used this to translate the names of the categories:
Configuring scripts that should only be loaded after consent is also very easy to do with Dirk Persky's extensions. The screenshot shows the loading of Google's "Global Site Tags" with and without blocks by the Consent Tool:
The magic comes from the additional attribute data-cookieconsent, which contains the value of the consent category or the checkbox in the banner (required, statistics, marketing) for which the script is to be played.
It is also possible to block content such as YouTube or Maps. These are usually built into the website via an iFrame, and for this too only a few new attributes have to be added:
Without your consent, the YouTube video will then appear as follows:
The table below shows my assessment of DP Cookie Consent.
|coverage of requirements||Depending on the consent given, it is possible to play out and block services of different types; in particular, it is also easy to obtain consent for content on individual pages. The services and cookies are then reliably blocked. The basic requirements are therefore met.|
|Price, or value for money||The tool is distributed under a free open source license. The scope of performance seems to me to be good for an OS tool, but I still don't have a comparison with other tools at the moment, so I might adjust my rating again in the future.|
|Simplicity in implementation||As far as the look and feel of the banner itself is concerned, the effort involved in setting it up is medium. Configuring a cloud product via an interface is certainly more convenient. If there are special requirements for the look, you would have to develop your own CSS, but this is no different with cloud products.|
The implementation of individual services or scripts happened quickly, and here the effort is comparable with other tools that I know, because even in the case of cloud tools, the code of the website has to be intervened.
Content on individual pages (such as Youtube or Maps) is often maintained via content management systems in productive operation, so it is crucial here how DP Cookie Consent can be integrated into the CMS. A Typo3 integration already exists. If you were using a different CMS, you would probably use a different tool for which there is already an integration.
|operation||Since it is not a cloud tool, it is operated in the same country as the website itself.|
|Consent for Individual Services||No, services can be divided into exactly three groups (necessary, statistics, marketing). The user can then consent to these groups.|
|database for services||No, but there is no way to provide information about individual services anyway, except in the body text of the banner.|
|Grouping for Services||Yes, but not self-selectable. There are three groups "necessary, statistics, marketing".|
|logging of consents||No, the consent is stored in a cookie on the user's computer.|
|Customization of the interface||Yes, the interface can be largely customized through configuration and especially through style sheets - as long as you have the appropriate technical knowledge.|
|multilingualism||No, the banner can only manage texts in one language.|
|Withdrawing Consent||Yes, there is an always-visible button (fingerprint) that reopens the consent banner.|
The plugin is well suited if website owners do not have the requirement to be able to easily make changes to the interface on the fly, or if they use Typo3 anyway. The configuration of the services used is easy to perform, and the reliable blocking of external content on individual pages struck me positively, because that is by no means a matter of course for content tools. I myself would probably use it for individually developed websites, where a lot of code has to be programmed anyway.
I'm excited to see how DP Cookie Consent compares to other open source tools that will be tested in the coming weeks!