|
Applies to: WordPress Plugin + Admin Portal WP Admin: Settings tab > Privacy Policy |
Overview
GDPR Article 13 requires that you inform visitors about third-party data processors before collecting consent. This includes naming each third-party partner, explaining the purpose of data processing, and linking to their privacy policy.
This article explains how to achieve third-party cookie disclosure using Compliance by Hu-manity.co’s current features.
What Compliance by Hu-manity.co Provides
- Cookie categories (Essential, Analytics, Advertising, Functional) — Visitors see which categories are in use when they open the consent details or customization modal.
- Privacy Policy link — Displayed in the banner footer with every consent request. Configure this in the WordPress admin at
Settings tab → Privacy Policy. - Script blocking by category — Third-party scripts are blocked until consent is given for their category, managed via the Admin Portal at
app.hu-manity.co → Autoblocking.
The Recommended Approach for GDPR Article 13
The most defensible approach for GDPR Article 13 compliance is a dedicated cookies and privacy disclosure page on your website, linked from your consent banner.
Your disclosure page should include:
- Third-party partner name and data controller contact
- Purpose of processing (for example, “Analytics to measure page views”)
- Legal basis for processing (consent, legitimate interest)
- Link to the third party’s privacy policy
- Cookie names, types, and retention periods
How to link your disclosure page from the banner
- In the WordPress admin, go to
WP Admin → Compliance → Settings tab. - Open the Privacy Policy section.
- Check Enable privacy policy link.
- Set the Link type to either:
- Page link — Select your disclosure page from the WordPress pages dropdown.
- Custom link — Enter the full URL of your disclosure page.
- Enter descriptive Link text (for example, “Cookie Policy” or “Third-Party Disclosure”).
- Click Save Settings.
This link appears in the banner footer on every page of your site.
Adding Disclosure to the Banner Message
If you want a specific disclosure statement in the banner text itself (not just a link), you can customize the banner message in the Admin Portal:
- Log in to
app.hu-manity.co. - Go to
Configuration → Consent. - Edit the banner body text to include your disclosure statement.
- Click Publish Now.
Example banner text:
“We use cookies from our advertising and analytics partners to improve your experience. See our cookie policy for details on what is shared and with whom.”
Note: Banner text editing is available only in the Admin Portal, not in the WordPress admin. See Portal vs WP Admin: What Lives Where for details.
What a Complete Disclosure Page Should Contain
For reference, a GDPR-compliant disclosure page typically includes a table structured like this for each third-party service:
| Field | Example |
|---|---|
| Third-party name | Google Analytics |
| Purpose | Website usage analytics |
| Legal basis | Consent |
| Privacy policy | https://policies.google.com/privacy |
| Cookies set | _ga, _gid, _gat |
| Retention | 2 years (_ga), 24 hours (_gid) |
Repeat this structure for each third-party service on your site (advertising networks, video embeds, social media widgets, analytics providers, etc.).
Planned Improvements
A dedicated third-party disclosure configuration UI — allowing you to define partner names, privacy policy links, and cookie tables directly in the dashboard — is planned for a future release. If this feature is important to your compliance needs, contact us so we can track your interest.
Cooperative Plugins (WP Consent API Consumers)
Some third parties are loaded by WordPress plugins that participate in the WP Consent API. From Compliance v3.1.0 onward, these plugins read the visitor’s banner choice directly and self-gate their own analytics, advertising, and personalization features. Currently registered consumer plugins include:
- WooCommerce
- Google Site Kit
- Burst Statistics
- WP Statistics
- Pixel Manager for WooCommerce
- AddToAny
- AFL UTM Tracker
What this means for your disclosure page:
- You still need to disclose the third-party endpoints these plugins talk to (for example, WooCommerce’s Stripe and PayPal calls, or Site Kit’s Google Analytics/Ads endpoints) — the cooperative plugin only gates its own behaviour, not the underlying processor’s legal basis.
- You generally do not need a separate cookie disclosure for the plugin’s own first-party cookies (for example, Burst’s internal counters) provided the plugin honours the visitor’s denial.
- Smash Balloon Instagram (
sbi) and Twitter/X (ctf) feeds are handled via a native bridge inside Compliance — they consume consent state directly without needing the WP Consent API plugin. Smash Balloon Facebook (cff) and YouTube (sby) still need the legacy-cookie bridge snippet.
For uncooperative third parties (pasted pixels, hardcoded GA4 snippets, embedded iframes, etc.) the standard autoblocking + disclosure approach above still applies.
Related Articles
- Privacy Policy Link — How to configure the privacy policy link in the banner.
- Customizing Autoblocking — How to categorize and block third-party scripts.
- Portal vs WP Admin: What Lives Where — Which settings are portal-only vs. WP admin.