To be compliant with EU law, you still have to explain to the user what the cookies are being used for. The banner itself is not enough, you'll probably have to add a link to "details" where you list all types of cookies and or data collection you or third parties are doing and what it is for. You don't have to list individual cookies or collection services. It's enough to claim that you track usage statistics for you to be able to analyze and improve the user experience. (Let's imagine there is one for ads, then you'd have to list that as well... ) Storing the preferences in a cookie is fine, it's required for the site to function. Local storage is also fine, doesn't really matter. That cookie is also not collecting or tracking any data. To be specific, the GDPR (general data protection regulations, the laws in question here) is only concerned with data privacy and use. Cookies, LocalStorage, other trackers and collection mechanisms only need this banner if they do collect such data (like usage statistics, location, etc etc). A "setting" is not tracked data about the user and can also safely be considered as "functionally required for the site to work", it's his preference... there are some grey areas, and if you track the data, but the tracked data is all required for the site to function, then you don't need the banner either. Another thing is, the consent must be freely given. I.e. you can't have "accept or leave the page". And the consent must be withdrawable, which should cause any such cookies to be deleted or provide the user with instructions on how to remove them... and a few more things :)

Nice addition! That react consent looks easy to add. I've recently been working on my cookie consent stuff and making it all GDPR compliant. I can let you know some more info. It's required by law that every website has a Privacy Policy. You don't need a Terms and Conditions by law but you do need a Privacy Policy if you're processing personally identifiable information (like emails, ip addresses, addresses, names). And in that Privacy Policy, to be compliant with GDPR, you have to mention a few things like what personal data you're processing, why you're processing the data (e.g you let them create an account, to give them the personal AI image they generated), then why you have the legal rights to process (there are a few you can choose from (1) you have consent to process it (i.e cookie consent banner, or they clicked a button to say you can email them marketing news). (2) Contract: if you have a contract with them (if they're buying things you probably have some sort of contract so allowed to process their data under that contract to give them the services they asked for. (3) Legitimate interest: processing data in a way that has minimal privacy impact to your user (e.g to create ads and marketing). (4) legal obligation: you need to process it for legal reasons like the government asked you to hand over the data. (5) virtal interests: gotta process it to save someone's life. Then you have to mention their rights and choices when it comes to processing the data. You can find more info on what you need here gdpr-info.eu/ and this one here (I like this one ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/). With your current consent banner, it looks good as a starter, but it doesn't allow people to be able to change their choices later (they would need knowledge to delete a cookie or something). Usually it will have a "manage your preferences" option. Personally I use Klaro (an open source cookie consent banner) as it also lets you let people manage their preferences later and also individually choose which cookies they want to allow and which ones they don't. It also lets you list "essential cookies" which are cookies that cannot be turned off as you need them to give them a service or let your website function (e.g cookies for stripe, letting them stay logged in or a shopping cart cookie). But you could just add a "manage your preferences option" and make it allow them to change their choice somehow? Up to you! I hope this helps! Let me know if you have any other questions as it's all fresh in my mind right now :D P.s I think it's normal to use a cookie to store a users preferences (most sites seem to) because it's not personally identifable information, it's just a yes/no boolean. And it's okay to have essential cookies for the site to function and you need that cookie to determine their consent lol.

Congrats on 100k cody!! very useful channel, lots of value

I was looking for exactly this! Hoping to see a longer video on cookies in next js. 👍

Great implementation. There’s a couple details that are important for compliance, e.g. allowing users to decline on the top-level. As a EU person, I found the approach of (I believe it was) Firefox very interesting, as I’m pretty sure they’re going to auto-decline Cookies in the future to prevent a popup on almost every website

Depending on how deep you want to your analytics to go, there are some privacy-focused alternatives out there that aren't in a blackbox. Some of the options are, Plausible (does it without collecting cookies) and Umami.

local storage is the route i went with. been doing it this way since 2014. it's so much easier. chrome does mislabel it as a cookie though. and it's definitely not a cookie. it's better than. i use it to determine whether or not different aspects of the sites are available based on whether the user permits it or not. and they can change their minds and revoke that consent easily at any time with a simple footer-based callback. heads up, though, cody... google is extra sneaky, slipping in various local storage "experiment" objects alongside their cookies if the user does permit and later decides to change their mind. quickly descends into a game of "experiment" whack-a-mole!

Good job babe!!!

Theres good alternatives to google analytics that does not require either cookie banner and is GDPR/EU legal. One way is to get your domain provider managed by one that also provides analytic statistics. Then it’s not tracking users either, just anonymous data. What end points get hit, how many users, most popular browser and all that An GDPR accepted alternative is Fathom Analytics.

I did similar thing, but without any depedency, also i stored cookie consent to backend as wel for authenticated usersl. Does it make sense to store it in db? not sure.

thanks for the video ,however im struggling to find the right hosting provider would you please tell me where did you host your production project or do video about it

Can you make a video about how the data is presented on the google analytics?

should we create a analytic db ourself? or it is to safe using google analytic in general, or there are other provider on the market?

interesting subject :) keep going dude

What’s the extension that shows the hex colors on top of the hex codes

1:45 🙏 for storing it in a cookie if u already pushed that button. So so so many websites keep on showing that cookie-banner on every visit, extremely frustrating.

Theres new US laws like CCPA and GDPR that will be requiring banners like this as well. You can still use first party cookies you just need consent for third party I believe

I know its weird when you decline it will be stored in the cookies, but big companies like Microsoft and other ones I can’t remember do this as well so it doesn’t really matter. They won’t fine you for that

What's the extension that displays all the git changes right in the editor?

Plausible analytics is amazing so far

For a site with global reach, does banner have to address all countries/laws?

Can you share the github repo?

But since you are from the US, what can happen? Some EU authorities report you and subpoena you in a european country? Im really curious.

Is cookie concern banner popup mandatory for AdSense approval ?

Do you have to explain each cookie usage in cookie policy page ? Do you have to provide more options to users: to pick required cookies, tracking cookies, ad cookies, etc. ? Do you have to store their consents somewhere so that you have a proof that some actually agreed with usage of cookies ? I hate this law. And how people deal with this law. This should be done in browsers scope, not each web app scope (waste of time and money of ppl + annoying popups).

Have you tried alternatives to Google Analytics like Fathom Analytics or Plausible Analytics? You don't need consent for those services so you'll always collect data - they do cost money though

Do some SEO optimization video

Pretty sure cookies / localStorage API is considered the same thing in the GDPR guidelines. Also, storing a cookie to remember when an user denied them is not compliant. You could consider adding an option to remember cookie preferences in their account settings, but that would require an explicit action on their part.

Do US ONLY websites need a cookie banner?

Just use reverse proxy to make data anonymous and get rid of the annoying cookie banner

Why do we have to be concerned about European laws if we live in the states? How are their laws governing us?

IMO you might need to add some sort of a geolocation service based on the visiting user's IP address. This way if the visiting user is not from EU (or generally other places with lighter data privacy regulations) you can just remove the accept/decline button on the banner and change the verbiage stating that the site is using cookies blah blah. This way you can maximize the usage of google analytics since users from non EU countries are opted in by default.

Oh, so this annoying af banner thing is cause of europe? FFS...