 Well, hello everybody, some of you familiar, some of you not. My name is Marco Beracal, I am out of Costa Rica. I am a WordPress developer, I currently work for Gwing Geeks and I also freelance for the Boston Globe, which is part of the reason why I've decided to talk about Consent Management Platform, because it's a project we've been working on for the past year. And I love absolutely everything WordPress related and this project, even though it's a bit of half and half, it does cover a little bit of WordPress. So a big thanks for the community of Birmingham organizers. I always thank them in all of my talks, Nathan, Catherine, Rand. And the reason for this talk is that I originally had an idea which was to come here and demo you stuff and you guys could see in the console the cookies and I put the plug in and you could see the cookies gone. It was like, wow, this is so cool. But I decided against that because first of all, I couldn't put as many cookies as I would like on the demo site. And secondly, because of the reason number two, which is the legal advice I'm about to give you, which is I'm not a lawyer. I am a developer, I'm not a lawyer. So whatever I'll say about this topic, it's not legal advice. It's just things that I've learned working on this project, experiences that I've gathered, working with Consent Management Platforms, and the whole aspect of handling data on a site. It could be a small site or it could be a big site. So don't forget that I'm not a lawyer, all right? So don't ask me legal questions. So why does online privacy matters? I usually give the analogy to people that it's like your belongings at your house, right? It's a fundamental right for people to respect the belongings in your house and they don't go inside your house and snoop around your stuff, like snoop around your pictures or your belongings and whatnot. This is exactly the same, even though there's a small twist whenever we give consent to a website, any given website, where we basically are handling over the aspect of data and what they do with it. So we as individuals, we got to be thorough or we got to make sure that the data that we're passing along is data that we are comfortable with giving to third parties because that is in a nutshell what online privacy is all about. It's our data, it's information that can describe who we are, what we do, what our browsing habits are, what sites do we visit, what products are we looking for. All of that information is information that is to some degree private and thus we should have absolute control as to what we do with it. So what is personal data? So it's any data that can identify you, like think of your social media, you know, you post your pictures, you post your where you are, you post pictures of your kids, whenever you serve, credit card information, emails, social security numbers, anything that can identify you constitutes as personal data and of course what you consume using apps. Like I said, social media, Instagram, Twitter, all that stuff can be interpreted as personal data. It's no secret that business collect data, they have to, they want to sell you stuff. Depending on what type of business you work with, the bigger the business is, the more metrics it has in place in order to identify who those visitors are and how you target them and I'm not going to go over the details as to what metrics we use, for example, but there are metrics in place, like just for example, like analytics or Adobe or Crux, which is now or Salesforce, which is now Crux, BlueConnick, it's this whole enterprises of companies that are out there that are placed on sites that can identify who you are and like I said, what you visit, where you come from, what keywords you use to go there, what the site you were referred to from and all of that information is collected and is used in order to give you in our situation a personalized experience as far as ads are concerned. Ads is a huge, huge, huge industry. To give you some numbers, it's about $150 billion a year industry and the big power players are, of course, Google leading the way. We have Popmatic and recently we have Amazon who is pushing really, really hard in order to become an ad supplier. And like I said, high traffic sites usually have ads and one of the key things that happened a couple of years ago was that this header bidding technology was conceived, meaning that whoever bids highest on a given ad slot gets that ad rendered on a website. So it was no longer a question of, okay, I'm going to sell this ad for this much, this company pays, I'm going to display it, but now there's an auctioning system happening behind the scenes where whoever bids the highest gets that ad spot. And this naturally opened a huge kind of warms because now companies are making the most dollar per ad served for whoever bids the highest. And also, to make matters even more interesting, you have ad refreshing technologies where every 30 seconds you can request new ads. So whenever you are on a page, notice how ads can dynamically change after a set amount of time and each time this happens, a new ad request is made, a new bid request is made and thus companies maximize on this and it's a huge, huge, huge industry. Okay, I'll really explain that. And you may say, well, I'm just a small company and we may be using some tracking plugins. Yeah, that is correct. Yeah, I may have my personal website where I have a couple of stuff in there, but nevertheless, some of that information can constitute as personal information that I have about my visitors and thus I am subject to dealing with that information. What do I do with it? Like, for example, Facebook's Pixel is one Google Analytics, just to name a few. So no matter how big or small you are, you may have in place on your website information that stores data about your customers and you need to do something about it in regards to these two laws that I'm going to explain in a bit. So the two most famous laws are the GDPR and CCPA. GDPR is for Europe. It stands for General Data Protection Regulation. It's a law that came into effect like four years ago. It was basically an overhaul of a law that was constituted like 20 years. So it builds on top of that and it handles pretty solid aspects of what constitutes as private data and what companies should and should not do with that data. So I'm sure you've noticed whenever you visit a European site, you get that notice saying, hey, what do you want to do with the cookies? Do you want to accept them all? Do you want to reject them all? And like my girlfriend said, which really brought me down, yeah, I just hit accept all and that's it. You know, I'm like, yeah, thank you for that. So GDPR is one of them. CCPA is the equivalent, but in California, in California. So there are more laws being drafted, spoken about. And like I said, this whole privacy issue, it's a big political, it has gotten a political twist with it because of how data is handled. So currently in the year 2023, we have GDPR and CCPA. So you may be wondering, well, do I have visitors from Europe? Should I deal with it? You know, like I said, I'm not a lawyer. I can't tell you yes or no, but in the project that I work with, we had to deal with both. So another quick definition is cookies versus local storage. So cookies are, I'm sure you've heard of it. Cookies are pieces of information that are stored on your device and it can be read by the server. Whereas local storage, it's stored also, it's also stored, but it can only be read by the browser. So when I was working on the project, I was like, hey man, should I delete the cookies, the local storage, which one should I do? And the definition more or less that I got from them was that you cannot add more cookies after a person has denied consent. Like if I say no, I can't add more cookies. And ideally, I should delete cookies and local storage within that particular user's choice. And that's more or less the gist of it. So whenever I say no to consent, I'm supposed to delete the cookies and local storage from the user's device and not add any more cookies in order to be fully compliant. Okay, that's, I don't know if that's a legal thing, but that's exactly the instructions that we as a development team were told. Because when we were doing this, I mean, some cookies were added even after people denied consent. I was like, what's going on here? And they were like, you know, you've got to remove those, you've got to make sure no new cookies are added. Okay, so what is a CMP? So basically a CMP is a consent management platform and it handles two aspects of it. First is the display of the banner. Whenever you browse and you say, hey, we respect your privacy, do you want to, like my girlfriend said, yeah, just hit accept all. But that is one aspect of it. The second aspect is how does that program deal with the cookies? Does it delete them? How, what does it do? So I am going to speak about a few plugins I found that handle that both parts, both the display of the banner and the deletion of cookies. And it's important to note that not all plugins are made the same. They have different options out there and it's up to you to find what your preference or what your particular need is. Okay, so we're going to browse some stuff out. And for this talk I have, I also wanted to highlight that, you know, whenever you see high traffic websites, just so you have an idea, these are pretty much all the cookies that are dropped by the post, for example, the New York Post. So as you can see, wait, wait a minute, refresh, let me refresh. This is IGN, video game site, which I'm a huge fan of. And like I said, ads are served, usually they're over here, there should be one over here. And when you scroll down, you should see more advertising and whatnot. But the thing I want you guys to look at is the cookies, right? So for example, these are just first party cookies for the LA Times. These are from Popmatic, which is one of the vendors I mentioned previously. It's, they are a media company, pretty much an ad company, and they use header bidding system, which is what I said about auctioning and whatnot. So when we started the project, we saw all of this. And we had to more or less infer what we needed to do with the cookies. It can be overwhelming and that's also a tip that whenever you read the cookies, you're like, what does this cookie do? You know? To be honest with you, I have absolutely no idea. All I know is I gotta somehow respect the user's privacy and talk to either the vendor and via parameters or via callbacks or via APIs and say, okay, we need to remove this cookie or not. It's up to them to determine that. And this is why plugins are useful because some plugins offer you the ability to delete cookies yourself whilst others use a list, which I am going to get there in a bit. But yeah, when we started, we were like, oh man, this looks really, really bad because we saw all these cookies and I'm like, man, how am I going to delete this? And how is this, what do these mean? Again, I'm not a legal expert. If you wanna know what these are, you can ask a lawyer or something. I have absolutely no idea. All right? So going back to the website, we have this small website over here and I just have these three cookies, which I'm going to explain to you in a bit what they are. And the first plugin I wanted to use or try or give you guys, it's called Cookie Pro. So if we go over here, add anyone, already have it, but just for the sake of, and if you do cookie, a lot of, come on Cookie Pro. And it's this one, cookie notice, I'm sorry. So you activate this one. And what this one does is it connects with a dashboard that they have, which is this one over here. And what they'll do is they are going to give you like a scan of your website and say, hey, are you compliant? Are you not compliant? What do you need to address and whatnot? Okay, so in this case, I'm failing in pretty much everything. So I'm going to sign up to it, already signed up, already signed up to it. And let me see, because they offer this. And okay, I'm silver and we go back, appearance. And here we go, cookies. Okay, so I need to have an app ID and let me see if I have this still, because okay, add compliance features. They should open a dashboard. I just did it yesterday, hold on. Sign up, uh-huh, here we go. Why are you not signing up? Did this yesterday, human, humanity. Here we go. So when you install this, it should open this which is basically like their dashboard where you configure your options as far as the CMP is concerned. Like the key takeaway from this plugin is the auto blocking. When we started to do this project at the company I worked for, they enabled us to do this auto blocking feature and you're going to see this a lot within plugins that deal with consent management. Auto blocking basically means this huge database of cookies that they handle and that they will categorize for you and they will either, they will probably delete them for you. So you might say, hey, this is great, this is great, man. I'm just gonna delete all the cookies I have and that's right, that's gonna be done for, right? The downside is that it may delete cookies that are allowed and that are essential for your website to run. So auto blocking is sometimes not the preferred option for some companies. It really depends on what your cookies are and that's part of the reasons why I decided not to have a demo because I couldn't give you like a heart and fast rule saying, okay, this cookie is this, this cookie is that. It really depends on what type of metrics you have installed, what type of plugins you have installed and if those cookies are essential or not. And again, this is why it's a complex issue because someone needs to determine that and if the auto blocking feature gets in the way those features are going to be lost or not gonna work for that particular plugin that you're using. So auto blocking is great. So long your site works the way it should and so long it doesn't interfere with metrics. Personally, on the project that we worked, we did not go the auto blocking route because again, it was interfering with some metrics that we had and we just couldn't do this. We couldn't do this so we had to do this manually. I'll explain to you guys in a bit as to what it is. But again, this is a pretty cool dashboard and it displays pretty much what the consents logs are like who visited the website, who gave consent, who hasn't, et cetera, et cetera. Part of the differences between each plugin have to deal with is auto blocking available or not because if auto blocking is not available you're gonna have to do this manually as well. You're gonna have to go into the dashboard and add that cookie yourself and explicitly say you want this cookie to be deleted whenever someone denies consent. There's also one important thing about GDPR and CCPA is that whenever one is an opt in model and the other is an opt out model that basically means from a technical perspective that in GDPR you opt in. You say I want to, I wanna have the cookies pretty much. I wanna say yes to all. But initially on page load, no cookies are served. No cookies are dropped. Nothing is done until you give consent. Whereas CCPA is an opt out model, meaning that all the cookies are dropped. When I say drop, I mean added. There's a lingo going on thing here. Drop doesn't mean get rid of, it means add it to your browser. So CCPA, it's an opt out model meaning that cookies are actually added into my browser, local storage sessions, everything, all the data is added until I say no. So those are two big differences between each because each of them has to deal with them in the correct manner. You cannot add the cookies to Europe and then let that person say okay, I wanna opt out and that's done for it. And also another important thing is that if the user doesn't respond to it, no cookies should be added even then. So it's important that you guys know that because that is the behavior that you should more or less see whenever you're using a consent management platform and you are bound to GDPR. Whereas CCPA, I personally think it's a little bit more lenient in that regard. So we have the auto blocking here and the cool thing I absolutely loved about this thing and it's a pro feature is that you could add your own providers meaning that if you have a provider that is not being dealt with by auto blocking, you can add your own. And that's also another important tip that I have for you is that you need to start with vendors because like I said, I should just show you the Washington Post website. It's a gazillion tons of cookies. You're like, who the hell is this? What the hell is this? And you're better off starting vendor by vendor. So what do I mean by that? Like the partners you work with to operate your website. So I mentioned Salesforce, I mentioned Adobe analytics, Google, Facebook, Popmatic, Amazon ads, those are all vendors and you can work with specific vendors in order to remove the cookies yourself. So if they are not on the auto blocking list on this little plugin, you can add that yourself but you gotta pay for it. Okay, content personalization, I mean it's this, I have absolutely no idea what it is. Okay, and the thing I'd really, really like, well again, and this is the other part of the plugins that handle this, what text do you want to see displayed on consent notices, which is this little guy over here, whenever I click on it, you get this. Another thing I wanted to highlight is that usually, even though we're dealing with cookies, the consent management platform drops the cookie, adds the cookie to your website in order to know what the user choice is. Okay, so I know we're removing cookies but we're gonna have to add one more. So usually they have these cookies over here, it depends on what the consent management platform is and you're gonna have the cookies listed over here and it's gonna have all the options that the user has submitted. This is useful whenever you need to work the manual way and there's something you cannot do with the CMP and you need to read this information out in order to do something within WordPress. So always before deciding, take a close look as to what information they add on that cookie that could be relevant as to what you need because you don't wanna be bound to a consent management platform, pay all this money and then there's an extra functionality that you're gonna need as a site owner or as an operator that this consent management platform doesn't do. So it's from a technical perspective, it's always useful to read this cookie and try more or less to infer what that information is before you decide on a consent management platform because if you need to go a little bit extra, you have the information that they put out there in order to do something. I'll give you like an example. At our project, we did not want to display the notice for people who were not in California and not in Europe. I mean, we're like, man, why do I, I mean, it makes sense. I mean, from the top, they said, hey man, we don't wanna kill the ads for everybody, you know, by clicking no, I mean, what's the point of it? But the CMP feature did not have that option. Like it was for everybody and it did some geo-tracking to determine if you were in Europe to give you the template for Europe, but it displayed it for everybody and it had a generic for everybody else. So we read that information from this cookie in order to know where that person came from. Like for example, this one, we cannot see where I'm coming from. Maybe this one I could. And this one also, no, okay. Right now, if I read this cookie, I read this cookie as necessary, yes, functional, no. I'm going to explain that in a bit as to what they mean. And let me see this one. No, it doesn't have that. So like I said, I would have discarded these if I was working in that project. So I'm gonna delete that and that's usually a cool little way of doing that. So once I hit okay and refresh, let's see. You have this value over here. So this means just true. I mean, this is pretty vague to me, but that's that's that. Again, in here, you could customize everything. You can customize a banner. You can publish it. You can do a preview. For example, wait, you know what? I'm not sure why it's displaying something that it's not. Let me see if I have two. I do, I do have two. Yeah, there you go. It's like, why is this displaying like that? Let me see. There we go. Settings. Yeah, this is the one. Right. And yeah, let me delete this. Let me refresh over here. I don't know. It's probably a caching issue. Let me see, check my local storage. There we go. See. A, A, A. Is it always a cache issue? Always a cache issue. Well, I can't find it because the notice is supposed to look like this, which is one of the things I didn't really like about this plugin. It's because it has this silver, gold, platinum naming convention and people usually get confused about it. They just want to hit toggle this yes or no because basically this means that silver is the highest. It's the more lenient of them all, whereas platinum is the more restricted level of personalization. This also has the cool feature of deciding how much longer, how long do you want to store this information on the user's browser before you ask consent because make no mistake, you're going to ask that again and you're going to ask that again. And even if you say no, we're going to ask you again in a couple of weeks like, hey man, are you sure you want that notice disabled? So, yeah. I'm sorry? Yeah, exactly. We want to show you that. So what I didn't like about this plugin in particular was this, this whole silver, gold, platinum thing. It basically means, yeah, the level of what am I allowing or not because here comes another feature in regards to this. Usually cookies are categorized by, they're categorized. So they could have essential cookies which absolutely must run. You have performance. You have social. You have targeting. So these categorizations in our case were given by legal. They were given by legal and they will told us this vendor falls into this category, that vendor falls into that, et cetera, et cetera. So again, I can't tell you, yeah, Google Analytics is this. I can't say that. All I was told was Google Analytics is this category and you get rid of them if people don't get consent out. So this plugin, I mean, I wanted to talk about it because it has the auto blocking feature which is something that is really cool. Like I said, if you need something that is not really huge and you just need to delete a few cookies here and there. It also supports languages. Again, I don't know how important this is for you and the pro version. And this is usually a common denominator within plugins. They handle the aspect of how many visitors do you wanna have a month. The free ones usually have lower numbers compared to the paid versions. So again, you gotta make some assessment as far as your analytics is concerned as to how many visitors you have a month to more or less determine, okay, can I use the free version or not? And if not, you know, am I going to marry or go with a CMP provider that allows me to have auto blocking enabled or not? So let's look at the dashboard again and configuration and auto blocking. Oh, contemplation, yeah. So as you can see over here, and this is the pro feature, the app personalization they take care of all the app providers that they have in place. So they have pretty much the big guys, and let's see if popmatic is in here. You have crux, you have popmatic, okay, here we go. Yeah, so again, they have some of them but they don't have them all. And this is also, one of the ethics around this is that sometimes they do this on a domain basis. So what these providers do is that they just add another domain that allows it and that's how they go around with these things. So again, if you're serving ads, this is a cool plugin that you can actually use in order to restrict people's access. Cookies, I'm sorry, not access. Let me disable this one. And let me go over here, deactivate, deactivate. And the second plugin was cookie, yes, cookie, yes. So you add a new one, you go cookie, yes. And it's this one over here. So I'm gonna go with it and here we go. It's a dashboard. Again, this is controlled by a dashboard. And in here, you could actually again modify your banner. How do you want it? One of the bad things about this plugin that I saw is that you can only select one type of template, like consent template. Do you wanna have GDPR or you wanna have CCPA to do both? You need pro. So again, this is why I said at the beginning of this talk, you gotta find a CMP that suits your needs. Are you going to take care of GDPR, yes or no? Or are you gonna do it manually or vice versa? Are you based out of Europe and you strictly want a plugin to deal with GDPR and you're going to deal with CCPA manually? Because for our instance, I mean, most of the bulk of our traffic came from Boston. It's from Massachusetts. So our concern was more orientated towards California and not so much towards Europe. So we decided to give Europe a little bit. We took the pressure, we took the gas off the pedal and decided to be a little bit more. We went a little bit, not lenient the word, but we decided to kill some of the processes and vendors that we had for European visitors. So again, it's the takeaway of not being able to do both. So if you're absolutely must decide, I mean, go with the one you feel as a business owner, you will get the most traffic from. Again, you can analyze all of this from platforms like analytics and determine where the bulk of your visitors come from and then make a decision from there because you could be interested in this plugin and say, oh man, I really, really like this plugin, but I only need GDPR or I only need CCPA. Again, it has the cookie manager and here are the categories that I told you guys about. So it has the necessary, it has the functional analytics performance and whatnot. But this CMP platform does not have auto blocking. So you are going to have to add these cookies by yourself one by one. And determine them and decide, how much are they going to last or be deleted for. So again, if you have a few cookies and you're like, hey man, I can do 10 cookies, it's fine. You can do that. But if you go like for the examples I showed you, I mean, we were not gonna do this one by one because the cookies change every day, man. So we were like, no, we're absolutely not gonna do that. And that was part of the downsides of choosing a consent management platform. Again, this has a log. It has the standard stuff that most of them do. Let me go to the dashboard a little bit. And there was this cookie banner over here. For some people, it might be important what the layout is going to be. Do I want this to appear from the left, from the right? I have a small banner over here. If I refresh, I should see it. I do. So again, you can customize it. And as you can see, you have the categories that are listed within that plugin. You can't add your own categories, for example, in this plugin. I don't know if that's a requirement for you or not. And like I said, I was not gonna tell you, hey, use this plugin. The takeaway here was for you to understand some of the jargon or things behind it in order for you to make a decision. One thing to note is that necessary is always active. You can't turn them off. And no, you cannot add them all as necessary. That is maybe illegal advice. So again, you need to determine who is which. Oh, which is who, I don't know how to say that. So this plugin, yeah, does that. You can modify the content. You can modify the color and you can even inject some CSS. This is important for some people. Like for example, in the project that I work with, we have to follow a style guide. It was absolutely important for us to have control over the CSS and how this was going to be placed because again, we have a design style guide and we have to follow it. So one of our criteria that we needed to follow was you could override this with CSS. Okay, Jesus, I didn't know I was gonna talk so long. So I'm gonna hurry up a little bit. Let's go over here. Let me deactivate this. And go over here. Skip and deactivate. I am going to delete this cookie. No, no. It's important to note that for example, in this cookie, from cookie yes, you have the categories and you have the consent choices. So this person necessary yes, functional no, analytics no, performance no, advertising no. So if I say yes to any of them, of course it falls under that and I as a developer can access that cookie in order to do stuff with it on a vendor by vendor basis. Let me get rid of this and go over here. Let's add a new one. The third one, and I don't think we're gonna have enough time, is the compliance one. The compliance one, I don't know if it's gonna work because I did this while I was setting up the presentation. We're gonna activate this guy. It's made by the guys from really, really simple SSL. The paradox here is was that it's not really simple issues. I was like Jesus man, why is this so complicated? You see it's gonna be complicated because they have this little wizard over here and they are going to ask you all these questions, all of these to finish. It's really, really long thing. And what they do is they're going to map your intent of the website, like what you're gonna do with it. I'm gonna sell stuff, I'm gonna buy digital goods, am I gonna do ads, am I gonna do this, am I gonna do that, and they somehow are going to map all that information towards the handling of cookies. So they're gonna use this wizard as a pivoting in order to decide we're gonna have all these cookies that are related to what you just said and take care of business for you. I thought it was a little cumbersome because again, as a developer, I like to control. I don't like wizards that constrain me to do these type of things. But again, it could be something that you absolutely need and you're like, hey man, I'm fine, I'm fine with this. So you just do that. Again, you select your law. I think they're going a little bit overboard here. I mean, they have all these but they're not, you know, it's just CCPA and GDPR. I started with this one and again, do you want to specify, yeah, no, yes. Again, I thought it was too cumbersome to use and I was like, man, this is not, I'm not enjoying this. And what do I want to do with it? The purpose, here's where they get really fancy. Yeah, exactly. Indicate what that is supposed to be. I have absolutely no idea. I mean, I have absolutely no idea. You know, I'm just a developer. You know, all I get to do is do this and deal with it. So I'm like, yeah, okay, if this is good for you, I mean, go for it. But to me, it was really, really cumbersome to use. You see, I mean, okay, okay, yeah, sure, yeah. So, you know, you are like, okay, all of this information. And like I said, they map that stuff and they handle the cookie aspect for you. And last but not least, consent. So this was not something I really, really enjoyed using. Let me go to the next plugin and install plugins. And let me deactivate this and use this one. It was such a shame because I've used, I don't know how many of you have used really, really simple SSL. It's a beautiful plugin. I mean, whenever you need to change everything from HTTP to HTTPS, just install the plugin. That's that. These guys were asking me all this stuff. I said, no man, I don't wanna do that. I'm sorry. Yeah. I have absolutely no idea. No, no, no, no. Reading a little bit of the documentation, they more or less wanted to have a match between what you do with the data and how they're gonna handle the cookies aspect for you. Because you don't have the option to auto block or to manually block them from within. So you're kind of tied to it, to what that information is filled out, that wizard, how that wizard responds and towards what they have. So yeah, I was like, no, no, no, no, no. Compliance, wait, I already did compliance. And here we go. And you have this one. And let me see. GDPR, cookie compliance. Again, this is another one. The downside of this was that, the downside of this, and I was like, no, I can't do this, is the third party cookies and additional cookies. You have to list them. And here's also a little bit of the inner workings of the CMP platforms. Basically what they do is they, most of the cookies that are added to your browser are added via JavaScript. Very, very few of them are added on the server side of things. So what these plugins do is that they change the attribute of the JavaScript file from JavaScript to Textplane. So the file is served, but nothing is executed on the browser because it's Textplane. So this browser, this plugin, what it offers you is the ability to add these JavaScript files to it so that you can actually block them yourselves. So as a developer you need to identify what are the culprits of JavaScript files that are injecting the cookies on the user's browser and you go over here and add that. Again, that's another flavor of ice cream. If you are happy with it, you can do that and you're like, hey man, this works for me. I know what the JavaScript files are. I'm just gonna put them here, modify the consent manager a little bit, and that's good to go. So that may not be what I want, but again, it's just another choice out there. I do want to emphasize that this is only for Europe also. Again, if you need CCPA, it's simply not going to work for you. I am pretty much done showing you the plugins, but I wanted to talk about doing this the manual way, which I know you're interested in. The manual way is, okay, so WordPress hooks JavaScript files. It adds JavaScript files as hooks, correct? So you get a list of all the scripts that are hooked into a WordPress installation and you identify those scripts and you filter them out yourself by adding the text plane category yourself. So this is more or less the approach that we did where I work because we either work with the vendor, for example, Pogmatic ad related, we set the configuration in order to include the user's consent options, consent choices. We read that from JavaScript and then we sent that configuration to the vendor saying, hey, this user has opted out, do not serve cookies using their API, using their own libraries. And we did that on a vendor by vendor basis. So it's safe to assume that the big players have that documentation available. Like we worked with Amazon, we worked with Pogmatic, we worked with Google Analytics, we've worked with Google Ads, we worked with Facebook pixels, all of them have that for you. So you will read the consent yourself using that cookie that the consent management platform dropped and from there on you toggle the information or you signal that information out to the vendor saying what is the user's choice? That is the first approach. And the second approach which is the most severe one is to use a filter within WordPress and whenever you read that consent and based on the user's consent, you either change the attribute to text plain or you change it to JavaScript. And that takes care of that business. But WordPress, I'm sorry? Do they back to JavaScript from text plain? Wait, what's the question? If you're text plain, they would not kick off at DOM ready for that work in practice though. So when you switch them back to JavaScript. You have to reload. You have to reload. We usually reload. Yeah. No, no, no. And thank God we were not asked to do that because that was one of the things we were concerned about that they were like, okay, yeah, after we changed the. All of these are text learning? Yeah, most of them do. Do we even work with them? No, I can't give you a straight answer on that one. Okay. But yeah. So again, we worked with OneTrust and OneTrust offers that. In fact, OneTrust can even offer you to add a class to the JavaScript file. So you can also filter that out and just add the class attribute to it and OneTrust is gonna take care of that for you. But again, it's part of the research and it's part of the things that you need. As a developer, you need to more or less know what these CMPs do behind the scenes in order to respect the consent. And you, as a developer, you're gonna decide, hey, I'm gonna go with this little plugin over here. So that was the way we did it manually and the takeaways. So manual versus auto-blocking. Do you wanna do this manually yourself, adding the cookies yourself, adding this whole layer of extra work yourself aside from designing the little consent little thingy? Do you wanna do that or you wanna have auto-blocking do it for you? Again, some businesses might be okay, others they need manual. Do I need CCPA, GDPR, or both? Yeah, you need to make that decision because you could do a hybrid. If you are based in Europe, you could follow a plugin that strictly, that can handle Europe and you take care of CCPA yourself, but you gotta read the cookie in order to know he's from California. And ultimately find a plugin that suits you. The examples I showed had different features, had different things, and it's ultimately up to you as a developer to decide which one you are going to go with for a particular project. And with that, I am done. Thank you very much. And if you have questions, let me know. Slides are up, by the way. Yes, yes, yes. I forgot, I could have used it, but I have a loud voice, so. Yes. I'm on, right? Okay. You scared me, man. Yes. So first of all, in terms of content management, I'm gonna side with your girlfriends because she doesn't like cookies. You know, I'll be honest with you, I was so livid about it because I was like, I'm doing all this behind the scenes work whenever people say no in order to get rid of that. And I'm like, why are you doing that? Everybody puts yes on it. Yeah, I always hit accept all. I always hit accept all. I'm like, man. I love that approach. My question is, based on the project that you work on, there are rules that apply on cookies, right? So you mentioned like all the GDPR, CCPA, et cetera. Do the same rules apply to local storage as well the same way? Or do local storage is more flexible? I think local storage was more flexible because they were really adamant about the cookie aspect of it. And truth to be told, we have not really enforced the whole local storage thing. It's part of- I'll actually answer that. Yeah? Yeah, go ahead, go ahead. I said you kind of touched on it when you said that the cookies are transmissible to the server in fact, which means any server can read them that their press is passed to. So if you request a page from this page and then that loads 30 JavaScript files from Google and Facebook and stuff, every one of those gets the request headers from the requesting URL, so they all get that cookie. So essentially, you're sharing, but local storage is only readable from a file loaded already on the page, which means those files never load, they never choose to read stuff. Yeah, so it doesn't, the wall is written for cookies because cookies were a shareable whereas local storage was, I think, purpose built to replace cookies in a more private-centric way. That's it. Thank you. Eddie, do you have a question? Do you know how accessible all of the different plugins are that you showed and if any of them are better than others? No, I do not. To be honest with you, no, I do not. I fact that I'm pretty sure we need more. Anyone, but no. No, I do not, no, I'm sorry, no. Do share that, please. My theory is, A, you don't want to do the thing where you're removing, you don't want to have to do the reloading page. You want it to be flawless. You would, A, you have to set local storage because any cookie set that's already violating the GDPR if they didn't consent. Correct. The second you didn't consent is the fact of violation. The second part is that you would want to load, you would override where it addresses default exporting or rendering of the script to the page and you would instead render a list of scripts that should be added to the page in like a JSON array and then you would use JavaScript to check for consent, show a popup of node that needed and based on what previous consent or whatever, you would then just use right to the DOM all those JavaScripts that should be loaded and they would load as normal at that point only. So that would be the most efficient way to do it. No reload is necessary to work after consent. You just start initializing all the JavaScript. What about performance on that? That would be the most performant way too because you're not having to reload, you don't have to get the server for anything extra, everything's fully cached. Okay. All right. That would work on a completely cached server that's like CDN and everything. So the cookie would totally work on their browser only. The only thing you would need is a scan tool to get all the lists of cookies you need to work on. So where'd you buy them out? Any more questions? Thank you very much and yeah.