I am not a lawyer and am not qualified to provide any legal advice. I cannot promise that use of this tool will make your site compliant with cookie laws in various countries or regions. You may find it useful in meeting your compliance goals, but it is up to you to decide for yourself whether your site is in actual compliance with any laws. Furthermore, I am not the author of the tool, it is a very popular tool by the folks at Silktide Ltd. I found it on their website and I wrote an MVC TagHelper to make it convenient to use in ASP.NET Core MVC projects. To really understand this tool, you should visit their website and documentation.
Using the Cookie Consent TagHelper
Assuming you have already installed the NuGet package for cloudscribe.Web.Common, you also need to make sure you have declared the taghelper in your _ViewImports.cshtml like this:
@addTagHelper *, cloudscribe.Web.Common
Then in your _Layout.cshtml file you would include it in the head element. To use it with the default compliance level of "info", you just add it like this:
<cookie-consent enabled="true" compliance-type="info"></cookie-consent>
That will give you a popup like this at the bottom of the page:
There are 2 other settings available for compliance-type, "opt-in", configured like this:
<cookie-consent enabled="true" compliance-type="opt-in"></cookie-consent>
changes the popup like this:
and "opt-out" configured like this:
<cookie-consent enabled="true" compliance-type="opt-out"></cookie-consent>
changes the popup like this:
Clicking "Got It" dismisses the popup and sets a consent cookie with the value "dismiss". For "info" level compliance that is the only thing the user can click so that is the only possible cookie value. If using "opt-in", the user can click the "Allow" button and the value of the consent cookie will be "allow", and if using "opt-out", the user can click "Decline" and the cookie value will be "deny".
Configuring the google-analytics taghelper to work in tandem with the cookie-consent taghelper
Our google-analytics taghelper has built in awareness of the cookie-consent cookie so it can be set to work differently based on that cookie. But note that google-analytics taghelper will by default treat the absence of any cookie consent cookie as implicit consent, so on the first page request when the user has not yet had a chance to interact with the consent popup, it would track using cookies. To make it only track if there is explicit consent, ie the user has accepted or dismissed the popup and a consent cookie exists, you can set require-explicit-cookie-consent="true".
<google-analytics profile-id="##-########" require-explicit-cookie-consent="false" cookie-consent-accept-dismiss="true" consent-cookie-name="cookieconsent_status"></google-analytics>
The differences in how google analytics gets wired up by the taghelper when allowing tracking cookies vs when not allowing tracking cookies is based on this article. When cookies are used we can include the userid of the user in our tracking if the user is signed in and we know the userid. This userid would come from your own database or if using cloudscribe Core it would be the database id of the user. So if cookies are enabled it gets wired up like this:
ga('set','userId','someid'); //included only if user is authenticated ga('require', 'displayfeatures'); ga('set', 'anonymizeIp', undefined);
and if cookies are not enabled then it gets wired up like this:
ga('set', 'displayFeaturesTask', null); ga('set', 'anonymizeIp', true);
Note that if you are using advertising on your site, there may be other things you need to do to meet your compliance goals, use of google analytics is just one aspect of it and is the only one dealt with by our taghelpers. You should take a holistic look at how you are using cookies in your site and make your own determination perhaps with your own legal counsel to determine whether your site actually meets your compliance goals.