Best practise for cookie or GDPR permissions

Pippo · July 13, 2023, 10:06am

Hi guys,

Most websites now have a popup when you first visit them, explaining what data is processed/stored, and asking permission for the site to use cookies. I believe it is a legal requirement in the EU.

I wondered if anyone could share their methods of doing this, or comment on what is the easiest or best way to do this with Dash?

Thank you!

Louis · July 13, 2023, 3:31pm

I think you could use a dbc.Modal and style it your way.

jinnyzor · July 13, 2023, 4:09pm

Hello @Pippo,

Welcome to the community!

I think in general, dash apps do not use cookies. Local and Session storage is used for things that are within the regular libraries.

Where you start to get into cookies is with people logging in, etc. Typically, the cookie is how you determine if they are logged in, especially with flask-login.

I have this in my flask app:

def cookies_check():
    value = request.cookies.get('cookie_consent')
    return value == 'true'

@app.context_processor
def inject_template_scope():
    injections = dict()
    injections.update(cookies_check=cookies_check)
    return injections

And then have this in the applicable template:

{% if cookies_check() %}
        {# then user has already consented so no requirement for consent banner #}

{% else %}
        {# show a cookie consent banner #}
        <br>
        <div id="cookie-consent-container" style="background: white; font-family: Comfortaa; position: absolute;">
    <strong>We value your privacy</strong><br>This site uses cookies and other technologies to improve your browsing experience,
    verify your session, and perform analytics. <br>Clicking “I Consent” indicates that you agree to the use of these technologies on your device.<br>
            <button id="cookie-consent" type="button">I Consent</button>
        </div>
        <script>
            $("#loginbutton").prop("disabled",true)

            var fn = function () {
                document.cookie = "cookie_consent=true";
                document.getElementById('cookie-consent-container').hidden = true;
                $("#loginbutton").prop("disabled",false)
            };
            document.getElementById('cookie-consent').onclick = fn;
        </script>
{% endif %}

Now, as far as Terms & Conditions and EULA, we store those being accepted per user once cookies have been accepted and login verified, but we have links plainly visible on our standard site.

Now, of course, how you display this consent button and disclaimer is completely up to you. You could even use a callback that then adds the cookie to document or response from the server.

Pippo · July 24, 2023, 2:51pm

Hi, unfortunately I haven’t had time to look at this yet as something more pressing has come up, but I just wanted to thank you for sharing your code and screenshot, that is very kind I will post back here if I have queries when I get chance to look at it, thank you again!