We are all pretty familiar now with the requirements of GDPR and our responsibilities around personal data handling and privacy. You may be less familiar with PECR which stands for "Privacy and Electronic Communications Regulations" which pre-dates GDPR but is not replaced by GDPR. Both still apply.

Assuming you haven't fallen asleep yet, the main takeaway you need to know is that PECR states that if your website sets cookies (and they pretty much all do!) then you are supposed to tell people what those cookies do and get their consent before you set them (with the exception of 'essential' cookies that are needed to provide an online service).

So what are cookies anyway?

A cookie is a small text file that is downloaded to someone's computer or device when they visit your website. It is usually there to store some information about the user's preferences or actions.

If you have ever added a snippet of code, tracking script or pixel etc to your website then that will be setting cookies. Google Analytics, embedded YouTube videos, Facebook ads pixel and anything similar all set cookies if you are using them.

Many, if not most, small business websites (and a lot of larger ones too) have historically taken a less than literal approach to meeting the PECR/GDPR guidelines. You will have seen messages along the lines of "by using our website you consent to our use of cookies" and a bit of info on how to set your browser to reject cookies if you don't want them.

In reality, for most of those websites, they are probably only using Google Analytics so they can see how many visitors are going to the website and what pages they are looking at - no sinister personal data collection going on here! In all honesty, it's not likely that these kinds of websites are ever going to come under much scrutiny from the ICO who have much bigger fish to fry so we have kind of gotten away with it!

So what has changed?

The problem is, whilst you might not be doing anything dodgy with the data like profiling individuals and all that scary stuff, the big companies like Google and Meta who provide the services we use may do. And if we are plugging their stuff into our websites then they get the data too!

Increasing pressure is being put on companies like Google to ensure that consent is being given before they collect personal data. The challenge is they are expecting you to manage that consent at your end, on your website.

Enter Google Consent Mode... (see boring technical article here).

Google Consent Mode has been around for a while but has just recently had a big update with Google Consent Mode v2 (catchy name!).

The basic, plain English version of what this is all about, is that if you want to use services like Google Analytics, Google Ads etc. you need your website to be able to tell Google that you have gained consent (or not) from your users and you need to say it in the way Google wants to hear it.

In simple term, Google Consent mode allows websites to tailor their use of Google Analytics and Google Ads based on whether the user has consented to cookies or not. That means no more shooting in the dark with your data collection practices – it's all about transparency and user control.

What does this mean for me?

Those simple "we use cookies" banners aren't going to cut it any more I'm afraid, and proper consent management needs to be set up on your website (and we all want to be on the right side of the regs anyway, right?).

There are various services and WordPress plugins out there that can do this and the decent ones (ie. the ones who are certified Google CMP Partners) all come with a monthly subscription cost (usually around £15 - £20 per month and upwards if you want the fully featured version) and they can take quite a bit of setting up to get it all working correctly as well as some ongoing upkeep.

An easier option...

For our clients at OhSo Creative (and anyone else who might want to become a client!) we have put together an add-on service to our standard WordPress hosting and care plans where we provide a Google Certified CMP platform for consent management and do all the setup and ongoing management of this for you. Our fee for this is just £25 +VAT per month*.

If you are interested in getting this service in place for your website just drop us an email to support@ohsocreative.co.uk and we can get the ball rolling!

if you have any questions about Google Consent Mode or anything else around cookies and consent management just get in touch!

* There may be a small one-off setup cost if you have a lot of tracking pixels and services that need moving around and re-configuring to get everything working - if its just Google Analytics there is no setup cost.