Skip to content
Snippets Groups Projects

Consent Management

Last edited by Adam G-H 

title: Consent Management - Choosing the Klaro! module
status: "accepted"
date: 2024-11-15
decision-makers: Jürgen Haas, Nico Grienauer, Laurens Van Damme, Kai Gertz, Richard Papp, Ralf Koller, Valery Lourie, Martin Normann, Sven Berg Ryan
consulted: Pamela Barone, Adam Hoenich, Jan Kellermann

Consent Management - Choosing the Klaro! module

Context and problem statement

Drupal CMS requires a recommended setup for consent management that covers compliance requirements globally.

Decision drivers

  • Provide privacy compliance that covers all the requirements from various legislation across different countries
  • Softening the configuration later on is easier than manually adding new features
  • An existing, well maintained and extensible module is preferred
  • The module should not rely on any commercial service
  • While the module should reliably protect privacy, it should not be annoying
  • The UI of the module must meet basic a11y requirements

Considered options

Decision outcome

Chosen option: "Klaro Consent Management", because it comes out best (see below).

Consequences

  • Good, because Klaro meets all the requirements
  • Neutral, because it appears to be very popular according to the usage statistics - it turns out to be a hidden champion
  • Neutral, because the EU Cookie Compliance has almost 100k users at the time of this decision - the maintainers are working on a migration path to Klaro for all those users

Pros and cons of the options

EU Coookie Compliance

  • Good, because it comes with a lot of feature
  • Good, because it has almost 100k installations at the time of the evaluation
  • Neutral, because it hasn't been actively maintained for a couple of years
  • Bad, because it lacks a11y compliance
  • Bad, because a rewrite would be required, but the existing approach for a version 2 couldn't be done in a timely manner
  • Bad, because the name of the module would be hard to communicate for a global product

Cookies Consent Management

  • Good, because its feature set is brilliant
  • Bad, because it uses an external JavaScript library that is free but not open-source licenced
  • Bad, because the maintainer of the external library is unavailable

General Data Protection Regulation

  • Good, because it has tempting features
  • Bad, because it doesn't provide consent management itself, it just provides integration to various consent management solutions
  • Bad, because the name of the module would be hard to communicate for a global product

Klaro Consent Management

  • Good, because its feature set is brilliant
  • Good, because it uses a free and open source external JavaScript library
  • Good, because it's almost fully a11y compliant, and remaining gaps are under development
  • Good, because the maintainers are very active and experienced, both in module maintenance and regarding the legal aspects of consent management
  • Good, because it's the only solution that can be configured to be fully non-intrusive

More Information

An additional and unexpected outcome of this research, evaluation and decision process has been that maintainers of modules that were not selected are on board with this decision. Not only that, EU Cookie Compliance maintainers from Ramsalt and from DropSolid will become co-maintainers of Klaro so that the Drupal Community and project not only gets a recommended default and configuration in Drupal CMS, but also an even stronger maintainer team behind that recommended solution. The fragmentation of the solution space gets reduced, which makes it easier for site builders to find the best solution for consent management in Drupal.