In our previous Inside Drupal CMS blog post, we mentioned that the Klaro Cookie & Consent Management module was being used for privacy functionality.
What exactly is "privacy functionality" and how does Klaro help with it? That's the question that this article aims to answer.
The absolute basics
The Drupal Klaro module implements the open-source Klaro Privacy Manager Javascript library.
The library provides web sites an easy way to be transparent about the third-party applications on the site, as well as provide a mechanism for users to opt-in or -out of said services.
It is designed to help sites be compliant with privacy standards including GDPR and ePrivacy.
The module's documentation provides this easy-to-understand list of the main three objectives of the module:
- User's data is not passed on to third parties without consent.
- Tracking only takes place after consent.
- No changes are made to the browser (cookies, local storage, session storage) without consent.
It should be noted that if you are using the EU Cookie Compliance module, the maintainers of that module suggest that you switch to Klaro, as their development efforts will focus on maintaining a stable release of EU Cookie Compliance while encouraging modern Drupal sites to switch to Klaro.
It should also be noted that Klaro provides a paid version at Klaro.org that includes "additional server-side functionality."
Installation
The Klaro module can be installed and enabled using standard Drupal best practices (Composer, Drush.) The Klaro module does not contain any submodules.
One interesting bit is that the module has a dependency on the Klaro JS module. This is of Composer type drupal-library, which means it will be automatically installed by Composer in your site's libraries/ directory (assuming that your composer/installers Composer plugin configuration includes a mapping for drupal-library.) This library contains the files from the Javascript library that are necessary for the Klaro Drupal module.
The module's documentation on drupal.org is better than most contributed modules, and goes into a reasonable amount of detail for each of the available configuration options. For this article, I'll focus on some of the highlights.
The real installation
In order for the Klaro Javascript library to do its thing, third-party HTML script tags must be slightly modified with different attributes.
Luckily, the Klaro Drupal module provides an Automatic Attribution Drupal Javascript behavior that attempts to automatically update third-party script tag attributes. Script libraries added via Drupal libraries, page attachments, and preprocess fields should work out-of-the-box. The module also includes experimental support for processing the final HTML of each page request for any third-party script tags that don't fall into one of the standard categories (iframe tags added directly to body fields, for example.)
As an example, here's a script tag from DrupalEasy.com before using Klaro:
<script async="" src="https://www.googletagmanager.com/gtag/js?id=G-WYJ99ZQTFR"></script>
Here's the same tag after Klaro is installed and configured:
<script async="" data-src="https://www.googletagmanager.com/gtag/js?id=G-WYJ99ZQTFR" type="text/plain" data-type="text/javascript" data-name="unknown_app"></script>
By modifying all of a page's third-party script tags, their loading can be controlled by Klaro's consent dialog. This is the basic functionality that the module provides.
It is also important to note that this Automatic Attribution functionality has some configuration options - on DrupalEasy.com, we needed to enable all options, including the experimental Process final HTML.
But, there's a big caveat - you might have some third-party script tags on your site that Klaro's Automatic Attribution doesn't catch; and this could leave your site always loading those third-party javascript files despite what Klaro is telling you. To help find any of these missed tags, the module provides a handy Log unknown resources option - I found this extremely useful when configuring the module.
On DrupalEasy.com, for example, we use analytics from AdRoll and marketing automation from Mautic and neither of these were automatically picked up by Klaro due to their implementation details.
For both, we had to manually adjust the way their script tags were written - see details about how Mautic's code was modified in this issue.
Basic configuration
Once the module is installed, the next step is to manage permissions for the module. Most sites will want to configure the module so that all users, including anonymous and authenticated ones are presented with the Klaro UI via the Use Klaro UI permission.
Its main configuration page, via Configuration | User interface | Klaro! (/admin/config/user-interface/klaro) contains a slightly-intimidating number of configuration options spread across six vertical tabs.
Perhaps the most important is the Klaro! dialog mode - four options are presented:
- Silent (no dialog, only modify attribute and block sources) - in this mode there is no "global" dialog box to decline/accept/customize consent, and all third-party sources are blocked. Instead, there are individual accept links inline for 3rd-party content (from YouTube, for example.) This is the default setting that is currently used in Drupal CMS.
Notice dialog - displays a dialog asking the user to decline/accept/customize third-party cookie data. This is the option currently being used on DrupalEasy.com.
- Notice dialog as modal - displays a modal dialog asking the user to decline/accept/customize third-party cookie data.
Consent dialog modal - displays the Customize version of the modal dialog.
Other functionality available on the default General vertical tab include options for various buttons and availability of the consent dialog.
Additional configuration options allow you to customize the styling of the Klaro dialog boxes as well as controlling the Klaro cookie data and some advanced options.
Final thoughts
As of the publishing of this article, the most recent version of the Klaro module is a release candidate, but based on the issue queue, it seems that work is actively moving toward a full release in the near future.
I can't overstate how much I appreciate that it is built on a well-supported open-source library that appears to have the momentum and financial backing to keep it updated.
After spending a few hours with the module, I recognize the value of how it works and have a good deal of confidence that it is working correctly.
Thank you to Jürgen Haas (jurgenhaas,) contributor to the Klaro Cookie & Consent Management module and Drupal CMS Privacy track lead, for reviewing this article prior to publication.
Add new comment