To some minor chagrin, thanks to someone raising an issue in the github repo for the blog, I realised that I was out of compliance with GDPR rules about website cookies.
I was offering people a more onerous opt-out choice (on the left) when I should have been offering them a clear way to decline (on the right).
A quick search and I found the correction I needed to make, changing the _quarto.yml file section on cookie consent from the default. A simple fix, in the website: section change type: implied (the default) to type: express.
Simple, right?
Well…after pushing the changes multiple times, the cookie consent pop-up didn’t change.
Some more searching and I came across this helpful thread in the quarto dev github repo that touched on my issue. Declan Naughton who started the issue offered a solution using another privacy option, Cookie Consent.
While looking into that, downloading the files and planning carefully how to implement it without breaking anything, I got distracted and redid a post to add a table of contents on the right, using toc: true in the post yaml. I pushed that, and huh…the GDPR-compliant cookie consent window popped up.
This does beg the question as to why the default in quarto is the non-compliant consent option. Regardless, if you have blog readers in the EU and want to make sure you’re compliant, do the following:
- Change the
_quarto-ymlfile so thatcookie-consent:istype: express - Add a new post or edit, re-render and push an old post
- Check and double-check that the compliant cookie pop-up shows
- If all this talk of cookies makes you hungry, eat cookie!
n.b. - cookie image in post header from this wikipedia entry on cookies