WP Consent API and Complianz

Complianz integrates with the WP Consent API, a tool to handle consent communication between plugins and services in WordPress. If you have installed a plugin that supports the Consent API, all you have to do is install the WP Consent API, and Complianz will handle the consent for your website visitors. The WP Consent API is a WordPress core proposal from Complianz and Cookiebot, developed by Rogier Lankhorst, originally proposed in april 2020.

For example, if a user visits a page, Complianz first detects if the user is from an opt-in or opt-out region. It passes this information to the WP Consent API. If a plugin requests the consent status, it will get ‘denied’ for opt-in regions, and ‘allow’ for opt-out regions. As soon as the user updates the consent choice, Complianz passes this information to the WP Consent API. A plugin listening for consent changes may now get an “allow” for marketing services for example.

Integrating/developers

If you’re a developer looking to integrate with the WP Consent API, please check out the WordPress repo for examples.

What does the WP Consent API do?

WP Consent API is a plugin that standardizes the communication of accepted consent categories between plugins. It requires a cookie banner plugin and, at least, one other plugin that supports the WP Consent API.

With this plugin, all supporting plugins can use the same set of methods to read and register the current consent category, allowing consent management plugins and other plugins to work together, improving compliance with privacy laws.

What problem does this plugin solve?

Currently, it is possible for a consent management plugin to block third-party services like Facebook, Google Maps, Twitter, etc. But if a WordPress plugin places a PHP cookie, a consent management plugin cannot prevent this.

Secondly, some plugins integrate the tracking code on the clientside in javascript files that, when blocked, break the site.

Or, if such a plugin’s javascript is minified, causing the URL to be unrecognizable and won’t get detected by an automatic blocking script.

Lastly, the blocking approach requires a list of all types of URL’s that tracks data. A generic API where plugins adhere to can greatly
facilitate a webmaster in getting a site compliant.

Does usage of this API prevent third-party services from tracking user data?

Primary this API is aimed at compliant first-party cookies or tracking by WordPress plugins. If such a plugin triggers, for example, Facebook,
usage of this API will be of help. If a user embeds a Facebook iframe, a blocking tool is needed that initially disables the iframe and or scripts.

Third-party scripts have to blocked by blocking functionality in a consent management plugin. To do this in core would be to intrusive, and is also not applicable to all users: only users with visitors from opt-in regions such as the European Union require such a feature. Such a feature also has a risk of breaking things. Additionally, blocking these and showing a nice placeholder requires even more sophisticated code, all of which should in my opinion not be part of WordPress core, for the same reasons.

How does it work?

There are two indicators that together tell if consent is given for a specific consent category, e.g., “marketing”:
1) the region based consent_type, which
can be opt-in, opt-out, or other possible consent_types;
2) and the visitor’s choice: not set, allow, or deny.

The consent_type is a function that wraps a filter, “wp_get_consent_type”. If there’s no consent management plugin to set it, it will return false. This will cause all consent categories to return true, allowing cookies to be set on all categories.

If opt-in is set using this filter, a category will only return true if the value of the visitor’s choice is “allow”.

If the region based consent_type is opt-out, it will return true if the visitor’s choice is not set or is “allow”.

Clientside, a consent management plugin can dynamically manipulate the consent type and set several cookie categories.

A plugin can use a hook to listen for changes or check the value of a given category.

Categories and most other stuff can be extended with a filter.

Integrating plugins:

Join 1M+ users and install The Privacy Suite for WordPress locally, automated or fully customized, and access our awesome support if you need any help!

Complianz has received its Google CMP Certification to conform to requirements for publishers using Google advertising products.