Cookie banner improvements and fixes

[rioksane]

The cookie banner in the https://beta.plone.org site could use some work.

• Bug: the X close button the right corner always mimimizes user choises to only functional cookies
• Improvement: It is not generally goo to emphasize Accept all -button. Better to emphasize "only necessary" or "save my preferences"
• Feature: need to add/change Google Analytics to Matomo - since we use that to analytics. However, if/when we use YouTube embeds (for Plone 6 screencasts or other), we need to allow Google advertisement cookies.
• Improvement: Make the cookie button less obtrusive on the mobile view? Put it to footer maybe? This is just nice to have.
• Bug: Fix cookie banner contrast issues (image below, tested with Wave toolbar):

![Uploading Screenshot 2022-11-11 at 19.12.00.png…]()

[fredvd]

Giving the consent modal another look it's mainly wording we need to change here.

The technical cookies should become required cookies, they should not be tunred off.

Then Google analytcs should be labeld 'Anonymous analytics with Matomo' And it can stay turned on.

the GDPR/privacay laws are meant for personally identifiable information. As long as we configure the analytics to not be this specific, you are not required to offer an opt out. (you also don't need to turn it off to make it opt in). There is only one country at the moment I'm aware of in Europe that still has older national law that does require this, which is Belgium).

But I'd strongly advise against making analytics opt in as you will loose a lot of accuraty in basic site KPI's like return visits, average pages per session and time per sessions. We could configure Matomo to have another fallback to not even use (anonymous) analytics cookies and drop down to page stat counters, but then you have to start woking with segments in Matomo to evaluate the analytics which is very cumbersome. And it is not needed.

To still offer an opt out to disable all anonymous analytis is friendly and considered nice though.

So for the left side we should maybe add the required anonymous cookies you can't turn of the the top, and rename Technical cookies to anonymous analytical cookies. And default turn it on.

Then on the right we shouldn't name it Profiling cookies, allthough that is what is happening unfortunately, but "Third party integrations". We could create categories here for social media, and 'marketing profiling' like you see in generic consent modals. But if we list the actual integrations we have running, it is more 1:1 clear to visitors which 3r parties they accept.

We cannot avoid having some Youtube moviies linked to , but for our main marketing material we should host the video's on our own servers/services so that we are not required to follow consent. And maybe we should move TPN and some other videos in the long term also to our own video/media server.

Making 'accept all' lighter here is a bit of a dark pattern. I'd suggest to remove the accept all button alltogether: if someone doesn't consent in the first modal but wants to see the specific services/categories, an 'accept all' button on that form makes no more sense at all. It's just hoping from the site owner that some visitors miss-click.

[pnicolli]

A lot of good suggestions here. Most of the choices made for the add-on are actually only based on our experience at RedTurtle and based more on the specific italian regulation and client needs, so it's perfectly reasonable to have several changes to make, but we tried to keep it as customizable as possible. I will start a branch and draft PR with changes to the banner, then we can iterate on that.