Is Nelio A/B Testing compliant with GDPR and cookie consent?

The main feature of Nelio A/B Testing is to design and execute A/B and multivariate testing experiments in order to change your site based on the results of said experiments. To provide the results of the experiments, the plugin passively collects information gathered by analyzing page views and user navigation through cookies and other analytics.

In the Specific Terms and Conditions for Nelio A/B testing Service you will find more details about the information collected by the plugin (exactly what data we store, some examples of this data, how long we store it and for what purpose we use this data).

Note that from the perspective of the Client’s visitors, no personal information is stored at all. From the Client’s perspective, this is what we store:

  • The tests they run in the past or are currently running: its name, description, IDs of the variants (the variant itself is stored in your WordPress server), and other data.
  • A summary of the results: conversions, page views, ratios, and other data.
  • The URL of the site in which the plugin was or is installed.

How Does Nelio A/B Testing Work to Fulfill the GDPR?

According to EU regulations and, in particular, the GDPR, visitors must be able to decide whether they want to be tracked by your website or not. In this context, it is necessary to obtain the informed consent of visitors before installing any cookies. One way to do this is to display a cookie consent pop-up.

Nelio A/B Testing adheres to data protection regulations in order to not collect sensitive information. However, the decision to integrate the cookie consent control with Nelio A/B Testing is yours.

To do this you have a filter, nab_gdpr_cookie, which you can use to specify the name of the cookie that must exist before our plugin is executed.

By using this filter and specifying the name of a cookie, you are setting the plugin to:

(a) if the cookie does not exist, Nelio A/B Testing is not executed and does not track your users.
(b) if the cookie exists, it is executed, the variants are loaded correctly and the events of your visitors are tracked.

The process we follow is done in two steps. In general, we assume that when a user accepts your cookie consent pop-up, the JavaScript to create the pop-up will create a cookie in their browser. This way, when they return in the future, your website will know that cookies have already been accepted and there will be no need to show them the pop-up again. Please note that if you do not use this method, you will need to modify your cookie consent pop-up so that after you accept it, the cookie will be created.

Once such a cookie exists, you will need to “extend” your WordPress site using our filter to tell Nelio A/B Testing what is the name of the “consent cookie”. You can do this by creating a “customizations” plugin as described in this post.

For example, suppose that, after your visitors accept your consent popup, the ConsentAccepted cookie is set. Well, in this case you will need to add the following code snippet to your website:

add_filter(
  'nab_gdpr_cookie',
  function() {
    return 'ConsentAccepted';
  }
);

which uses the nab_gdpr_cookie filter to make sure that Nelio A/B Testing complies with the RGPD and it is only active when the expected cookie is present.

Moreover, if you want the first visit to the page to also be part of the test, you must refresh the page via JavaScript after the user has accepted the cookies. This way, the cookie will already be present and Nelio A/B Testing will be able to show you the alternative version and start tracking the visitor’s actions.