To illustrate the difference between the EU e-Privacy Directive extension (2 plugins, 1 module), I've created a table listing the capabilities of each.
Testing methods are as follows:
Allows Cookies:
Load the demo URL in Chrome, view the Application Storage Cookies area in Developer Tools (F12). If any cookies are listed, the extension fails.
Javascript Cookies:
In Chrome, open the Developer Tools (F12) and use the console to execute the following command - document.cookie = "username=John Doe";
If executing the command "document.cookie" produces "username=John Doe", the extension fails.
An example of a passing test -
3rd Party Cookies:
In Chrome, open the Developer Tools (F12) and view the Application Storage Cookies area. If any cookies exist from an external domain (not the domain of the website you're viewing), the extension fails. Additionally, if other domains are listed (indicating frames), and those other domains have cookies - the extension fails.
An example of a failing test -
Other Storage Methods
EU lawmakers didn't just target cookies. The law covers other storage methods that act like cookies. This includes LocalStorage, Session storage, IndexedDB, WebSQL and even Flash Cookies. Although this article was written for e-Privacy, it's important to note that GDPR expands on e-Privacy.
http://dreamdealer.nl/articles/localstorage_vs_cookies_vs_the_law.html
Testing method:
In the Javascript console, execute the commands "localStorage.setItem('myCat', 'Tom'); sessionStorage.setItem('myCat', 'Tom');"
If disabled, "localStorage.getItem('myCat');" and "sessionStorage.getItem('myCat');" will have no result.
GDPR Compliance
If the extension allows any cookie without consent, it is not GDPR compliant. There are situations where some cookies are allowed without consent, but the vast majority of cookies do not meet the criteria.
Consent Model
There are 5 models of consent. Each exposes a site owner to varying levels of risk (Explicit Consent being the lowest risk, Information Only being the highest risk). Of the 5 models, 1 is compatible with GDPR, and that is Explicit Consent.
CookieLaw.org has an excellent writeup about the 5 models and the risk/benefit of each: https://www.cookielaw.org/media/105101/five-models-for-cookie-law-consent.pdf
Comparison
Using the tests above, the following comparison emerges. As you can see, the results are conclusive. No other cookie extension makes even an attempt to comply with the law - they have all opted to use the easy way out provided by the bureaucrats, Information Only (Often confused with implied consent).
The extensions are listed in order of popularity in the Joomla Extension Directory as of 3/23/2018.
Extension |
Review Date |
Demo Link |
Prevents HTTP Cookies |
Prevents Javascript Cookies |
Granular 3rd Party Cookie Control |
Prevents Local/Session Storage Usage |
GDPR Compliant |
Consent Model |
Free/Paid |
EU e-Privacy Directive |
2018-03-23 |
|
|
|
|
|
|
Explicit Consent |
Free |
Folcomedia - Cookies Alert |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Free |
Cookies Policy Notification Bar |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
Responsive EU Cookie Notify |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
Easy Cookie Alert |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
JS Cookie Alert |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
EU-Cookies |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
Cookies Pro |
2018-03-23 |
|
|
|
[1] |
|
|
Information Only |
Free |
Cookie Notice |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
iWt Cookie Alarm |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
Responsive EU Cookie Alert |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
Cookie Alert |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
EU Cookie Directive Lite |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Free |
Cookie Accept[2] |
2018-03-23 |
N/A |
|
|
|
|
|
Information Only |
Free |
EU Cookie Directive Pro |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Free |
CookieHint |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Free |
Simple Content Disclaimer |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Free |
Esoftcookies[3] |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Free |
EU Countries Cookie Alert Pro |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
sketch.cookies |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Free |
EasyCookieInfo |
2018-03-23 |
|
|
|
[4] |
|
|
Information Only |
Free |
AddCookieLaw[5] |
2018-03-23 |
N/A |
|
|
|
|
|
Information Only |
Free |
PixCookiesRestrict[6] |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
Gogodigital Cookie Consent[7] |
2018-03-23 |
N/A |
|
|
|
|
|
Information Only |
Free |
yourData[8] |
2018-03-23 |
N/A |
|
|
|
|
|
Information Only |
Free |
DJ-CookieMonster[9] |
2018-03-23 |
N/A |
|
|
|
|
|
Unknown |
Paid |
redCOOKIE[9] |
2018-03-23 |
N/A |
|
|
|
|
|
Unknown |
Paid |
Moonchip Cookie Bar |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
Cookie Notifications Builder[10] |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
MK EU Cookie |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
JK Cookie Alert Message Notice[11] |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
jDisclaimer |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Free |
A4 Infociacho |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Free |
Wscookies[12] |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
Dle Dismiss Cookie Bar[13] |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Paid |
Rapi Cookie Alert[14] |
2018-03-23 |
|
|
|
|
|
|
Information Only |
Free |
GDPR[15] |
2018-04-15 |
|
|
|
|
|
|
Information Only |
Paid |
Dismiss Cookie Bar II |
2018-04-15 |
|
|
|
|
|
|
Information Only |
Paid |
Ruxin Cookie Alert |
2018-04-22 |
|
|
|
|
|
|
Information Only |
Paid |
Cookie Notice[16] |
2018-04-23 |
|
|
|
|
|
|
Information Only |
Paid |
Simple Content Disclaimer[16] |
2018-04-23 |
|
|
|
|
|
|
Information Only |
Free |
JK Cookie Alert Message Notice[16] |
2018-04-23 |
|
|
|
|
|
|
Information Only |
Paid |
Wscookies[16] |
2018-04-23 |
|
|
|
|
|
|
Information Only |
Paid |
Shack Toolbox (in cookie policy mode) |
2018-05-24 |
|
|
|
|
|
|
Information Only |
Paid |
eorisis Cookie Bar |
2018-05-27 |
|
|
|
|
|
|
Information Only |
Paid |
Kick GDPR[2] |
2018-05-27 |
N/A |
|
|
|
|
|
Information Only |
Free |
Civic Cookie Control[17] |
2018-06-10 |
|
|
|
[18] |
|
|
Information Only |
Free |
GDPR Compliance |
2018-06-10 |
|
|
|
|
|
|
Information Only |
Paid |
- Unable to determine this result from the demo, however - it failed the other tests, so this is likely also a failure
- No demo is available. The PHP was reviewed to obtain the results.
- Beware of this demo - the page refreshes constantly
- Unable to determine this result from the demo, however - it failed the other tests, so this is likely also a failure
- The developers website is down, so you can't even get this extension
- This extension does weird stuff - it sets cookies and then doesn't quite delete them with JavaScript, which still fails the test (and is against the law prior to acceptance)
- No demo is available. The PHP was reviewed to obtain the results.
- Developer removed the demo, and the ability to download the module.
- No demo available, no source to review
- If you decline, you still get cookies
- Nothing is displayed in the demo, no source to review
- The accept bar auto-hides without selecting anything. If you decline, you still get cookies.
- The accept bar auto-hides without selecting anything.
- The demo isn't a demo, but the link actually works so I included it. The PHP was reviewed to obtain the results.
- This extension claims to detect the visitors location and block cookies - so I tested it from a system I have in London, and the page response included a cookie. Also, GDPR requires users consent before tracking cookies, but this extension only offers two ways to consent and no way to decline or withdraw consent.
- This extension hides from competition in another JED category.
- The demo isn't even a Joomla site!
- Doesn't prevent cookie-loading resources from loading cookies, it deletes them via javascript after they've been set - but only if it's in the current domain. Otherwise, it removes the object that carries the cookie. This is a bad solution, as the resource that carries the cookie has already transmitted tracking data by the time the script has removed it from the page. I would liken this to cleaning up a crime scene. This is not defensible in court.
Some of these demos are just terrible. They expect you to just believe what they tell you and not look behind the curtain. Here's an example:
A tremendous amount of time, effort and scrutiny has gone into the creation of the EU e-Privacy Directive extension for one reason - to protect you from your governments.