Overview
In order to assist in the compliance with the European Union’s (EU) General Data Protection Regulation (GDPR), the Office of the Vice President for Communication (OVPC) has developed a easy-to-use cookie consent and disclosure banner. This banner is designed to target users who are geographically located in the EU or EEA.
Please note that the banner only assists in the display and tracking of a user’s cookie preference and it is up to you to ensure tracking cookies are not set.
About the Cookie Consent and Disclosure Banner
Upon geolocating outside of the EU, or upon an EU user’s choice to Allow or Decline the use of cookies, a cookie is set to save the user’s desired cookie preference called “um_cookie_consent”. This cookie contains 1 of 3 values (“na” = not in the EU, “allow” = in the EU but allows cookies, “deny” or “dismiss” = in the EU but disallows cookies). This cookie is designed to be universally accessible to all umich.edu websites. If no selection has been made then it should be treated as if the user has declined cookies.
For More Information
For more information about GDPR at the University of Michigan, visit the General Data Protection Regulation (GDPR) Compliance program website. For questions regarding university GDPR compliance policy, you can email gdpr-program@umich.edu. If you have technical questions about the the plugins or banner message code, please email the OVPC Digital team at umdigital@umich.edu.
Banner Integration
Below are the current integration methods that this banner officially supports. We also have some notes below about how to make common 3rd party systems GDPR compliant.
WordPress Integration
If you are running WordPress you can simply install and activate the U-M Cookie Consent plugin. This plugin also integrates with our Google Analytics plugin to not use google analytics tracking cookies. This plugin contains two action hooks that can be used to set or delete cookies in order to maintain GDPR compliance.
Non-Wordpress Integration
To add the cookie consent banner to non-wordpress websites you can simply include the following javascript on your site. This script automatically loads required styles and scripts in order to display the message.
<script type="text/javascript" src="https://umich.edu/apis/umcookieconsent/umcookieconsent.js"></script>
If you need to change items like the privacy notice URL you can do so by adding a block of javascript before the above script like:
<script type="text/javascript"> window.umcookieconsent = { content: { href: 'http://mysite.umich.edu/mysite-privacy' } }; </script>
This override method has many other options that can be found on the Insites: Cookie Consent Project page. There are a handful of options that cannot be overridden using this integration method. If you need those options then this easy script may not be for you. Those options are:
- cookie
- location.services
- location.serviceDefinitions
- onInitialize
- onStatusChange
3rd Party System Compliance
Google Analytics
Google has typically provided some tracking code to add to your page that looks something like:
<script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-000000-0', 'auto'); ga('send', 'pageview'); </script>
In order to make this compliant for users who have declined or have yet to choose a cookie preference the code can be modified to look like this:
<script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-000000-0', 'auto',{ 'storage': 'none' }); ga('set', 'anonymizeIp', true); ga('send', 'pageview'); </script>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-0000000000"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-0000000000'); </script>
In order to make this compliant for users who have declined or have yet to choose a cookie preference the code can be modified to look like this:
<script async src="https://www.googletagmanager.com/gtag/js?id=G-0000000000"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag("consent", "default", {"ad_storage":"denied","analytics_storage":"denied"}); gtag('config', 'G-0000000000'); </script>