Cookies being set before customer consent

We use the woocommerce plugin for facebook and cookiebot on our site.

Recently, the ICO has audited our site and found that the _fbq cookie was being set on the site before the customer had opted in to cookies.

Our integration of cookiebot is hardcoded to the top of the site, as recommended by them, so it’s the first JS firing.

Still, the _fbq pixel is being set.

They have a further guide, specific for facebook that can be found here https://support.cookiebot.com/hc/en-us/articles/360004461894-Require-consent-before-loading-Facebook-pixel and instructs to remove noscript, something that’s not currently possible with the default fb plugin.

The ICO is threatening us with a fine if we don’t get this resolved ASAP.

I suspect this issue would be present to most of your clients using this plugin and cookiebot, possibly also cookieyes and other cookie platforms, so those clients are probably also likely to receive threats and fines from the ICO if they ever get audited.

In theory, this could also be caused by Cloudflare, but this is yet another standard platform that  many people use.

Unless this issue is raised with website owners, I don’t think anyone will realise. They’ll just rely on Cookiebot and think everything is fine until they get audited.

To resolve this issue, we had to hardcode the following changes

1. Remove noscript
2. Added fbq('consent', 'revoke');
3. Added window.addEventListener('CookiebotOnConsentReady',function(e){
   fbq('consent',Cookiebot.consent.marketing?'grant':'revoke')},!1)

In WC_Facebookcommerce_EventsTracker we need to be able to remove the actions, and add our own, or we need to be able to edit the output from those two functions

• add_action( ‘wp_head’, array( $this, ‘inject_base_pixel’ ) );
• add_action( ‘wp_footer’, array( $this, ‘inject_base_pixel_noscript’ ) );