Post by timstudio » Sun Jan 14, 2018 6:34 am

As all EU shopowners should now, 25th of may 2018 the new GDPR EU law rules have to be followed.
The main problem is the placement of tracking cookies (adwords, facebook etc.) Just a notification will not do, users have to be able to opt out of these specific cookies.

Since this is quite a 'thing' for all website/shop i'm surprised to see that there is no obvious extension or solution for this. It might be that I am looking in the wrong place. How are you all going to comply to this new law?

I see a lot of cookie bar extensions, but as far as i can tell, these only display messages and non of the actually blocks (part) of the cookie installation.

I'm looking for something like this:
https://cookiesv2.publiekeomroep.nl/dat ... =612789976

I guess a developer could be rich by making such an extension since all EU opencart shops need one in may :laugh:

New member

Posts

Joined
Sun Oct 25, 2015 3:51 pm

Post by IP_CAM » Sun Jan 14, 2018 9:15 am

well, when it comes to EC-related problems and rules, OsWorx usually has
some working solutions for OC's, as I am aware of.
Ernie
https://osworx.net/

Ernie's OpenCart v.1.5.6.5 LIGHT + V-Pro + OpenShop Admin v.1.75 Test Sites
http://www.bigmax.ch - http://www.opencart.li/shop/ - http://www.velomech.ch/cart/
Image


User avatar
Guru Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by thekrotek » Sun Jan 14, 2018 10:11 pm

It really saddens me, that site owners try to comply with this stupid cookie law instead of boycotting it and signing a petition to ban it. EVERYBODY hates this cookie notification crap. It's annoying for customers and everybody today installs "I don't care about cookies" extensions in their browsers to never see these notifications anymore. It's annoying for site owners, because now they have to display the useless notification, which only annoys visitors and gives absolutely nothing in return. But that's not all!

Current regulations basically tell you, that you need to display some kind of disclaimer. User clicks "Accept" and that's it, problem solved, site owner doesn't hold any responsibility. But what are you gonna do, if user clicks "Decline"? How you gonna filter cookies? Besides default per-session cookies, which are allowed to use without notification, there might be other ones, set by 3rd party extensions. So basically every site owner now should be aware, which extension adds which cookies and somehow handle them. Or every developer should read some kind of "global cookie" with user's choice and if cookies were declined, don't create any cookies. Gosh, this is sooooooooooo stupid! Cookies are all over the net nowadays, everybody knows about them, and who doesn't know simply don't care!

Let's write a petition to BAN this stupid law instead of looking for extension to comply! I refused to comply right from the start, and yes, I'm in EU. Guess what? Nothing happened, because nobody cares! Besides, it's only required in EU, the rest of the world lives happily without any cookie notifications.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Active Member

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by IP_CAM » Sun Jan 14, 2018 11:57 pm

Well, you don't seem to be aware of the European History. In most countries,they
had 'Emperors' and Rulers up into the 20th Century, so, they are still used to get
ruled by their so-called blue-blooded Masters, and controlled by an all mighty
System of anonymous Buerocrats.

That's why it works, the way it does. And as long as they print Cash like hell,
to send it down South, to those, rather relaxing out on the beach, instead of
wasting a nice day with hard work, it will stay alive and well, for those in charge
at least. :D

Lucky me, in the (still) Free Zone of Europe, in most other places, north of the
big mountains, I would be called an Extremist, and possibly 'handled' accordingly
too, because I am used to call things by their names. But my forefathers also had
no dark history either, so, my Family would have nothing to hide ... 8)

if you know, what I'm trying to tell ya ...
Ernie

Ernie's OpenCart v.1.5.6.5 LIGHT + V-Pro + OpenShop Admin v.1.75 Test Sites
http://www.bigmax.ch - http://www.opencart.li/shop/ - http://www.velomech.ch/cart/
Image


User avatar
Guru Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by timstudio » Mon Jan 15, 2018 12:53 am

I agree with the above. But....

that doesn't solve the problem. Just saying...hey, I don't like the new law so f.c. u isn't going to do it i'm afraid.
In holland last year a little shop was fined 50.000 euro for having their own textual interpretation of the rules. The shop followed the rules, but wrote them in a non legally correct way....

So, my shop provides several people with an income. I'm not in the position to take up the fight and boycot the law. If you are, that's fine.
I just want to know how I am able to implement this technically into my opencart store.

New member

Posts

Joined
Sun Oct 25, 2015 3:51 pm

Post by MrPhil » Mon Jan 15, 2018 1:07 am

From the other side of the Pond, it sounds like much ado about nothing (to coin a phrase ;) ). But, bureaucrats will be bureaucrats, and need to find something to do to justify their existence... Anyway, my understanding is that (session) cookies that are necessary for the basic function of a site are exempt from notification rules (and ignore those rules if they don't exempt such cookies). What they're trying to bring under control are annoying and privacy-invading "tracking" and "beacon" cookies and the like. If you use these, you have to ask permission first. This is more or less reasonable in theory, but in application can be quite annoying. I would think that if a person doesn't want tracking cookies for your store, that they don't want them for any site. Thus, a global switch (perhaps maintained by the browser) to tell a site that tracking cookies are not appreciated would be a Good Thing, no? The Bad Guys will continue to ignore any such requests, and the Good Guys can be relieved of having to worry about asking (if the browser does it), and people shopping at your store will be happy not to be bothered by pop-ups asking permission to drop cookies.

I don't think it's possible to set a global cookie readable by any site (is it?) to store tracking/beacon cookie permission, so if the browser isn't required by law to handle it, your site will have to manage it. I suppose you could drop your own permanent cookie on this machine, and look for that (ironically, you would probably have to ask permission to drop a cookie that says you don't give permission for tracking/beacon cookies!). You could also keep this setting in the customer profile, although that may be too late to avoid asking the user (before they've signed on).

User avatar
Active Member

Posts

Joined
Wed May 10, 2017 11:52 pm

Post by willows » Wed Feb 28, 2018 5:55 pm

Hi

We have developed an addon for this.

All you need is an updated Cookie Policy, Privacy Statement and this https://www.opencart.com/index.php?rout ... date_added. Addon.

The addon looks after personal data requests automatically, right to be forgotten. All actions are logged in case there is a Data Protection Audit in the future.

BTW we are looking for translations into other languages in exchange for the addon for free.

ecommerce web design and opencart experts.

Available for hire for maintenance, installs, hacks, SEO disasters, and integrations with epos, logistics and accounts systems.
Image


User avatar
New member

Posts

Joined
Sun Mar 17, 2013 5:19 am
Location - Dublin Ireland

Post by OSWorX » Fri Mar 02, 2018 9:20 pm

willows wrote:
Wed Feb 28, 2018 5:55 pm
All you need is an updated Cookie Policy, Privacy Statement ..
Not completely true, because Cookies shall be set only after explicit permission by users.
Only updating texts will not solve the new legislation.

Image


User avatar
Expert Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by willows » Fri Mar 02, 2018 10:47 pm

To make your site comply fully, you will need to

1. update your cookie statement
2. have a cookie permission dialogue on entering the site
3. have a privacy statement covering aspects of the new GDPR Law
4. Personal information request application. ( our addon does this )
5. Right to be forgotten request application ( our addon does this )

GDPR covers your whole organisation and this addon is only intended to make the requesting and the right to be forgotten requests automated.

ecommerce web design and opencart experts.

Available for hire for maintenance, installs, hacks, SEO disasters, and integrations with epos, logistics and accounts systems.
Image


User avatar
New member

Posts

Joined
Sun Mar 17, 2013 5:19 am
Location - Dublin Ireland

Post by Gobbo » Mon Mar 05, 2018 6:53 pm

What extension is this?

Using opencart version 2.1.0.2


Active Member

Posts

Joined
Tue Jun 22, 2010 12:38 am

Post by OSWorX » Wed Apr 25, 2018 12:49 am

willows wrote:
Fri Mar 02, 2018 10:47 pm
To make your site comply fully, you will need to

1. update your cookie statement
2. have a cookie permission dialogue on entering the site
3. have a privacy statement covering aspects of the new GDPR Law
4. Personal information request application. ( our addon does this )
5. Right to be forgotten request application ( our addon does this )

GDPR covers your whole organisation and this addon is only intended to make the requesting and the right to be forgotten requests automated.
Again wrong - and gross negligent!
You point the users in the wong direction.

What is allowed - without explicit consent
All cookies about/with:
1. language
2. currency
3. session
These 3 are standard cookies OpenCart sets/checks at every visit.
Beside them is an affiliate cookie, but if you are a partner of this site, you should agree and know that.

What is NOT allowed - user must explicit agree
Simply: every and each cookie which can track users.
Which also means, if you use for example GA (Google Analytics) you have to set in your GA-Account that the IP has to be anonymized!
Which also means, if the tracking cookie allows to easy track the user - e.g. all 'Social Media' cookies and so on, AND it cannot be anoymized > you are not allowed to use it.

Beside this: everyone who intend to use GA (furthermore), has to sign a contract with Google!

The so called 'Cookie Banner' was introduced because of the UK-Law and Cookies.
This 'banner' is normally not required if your country (where your shop/company is registered) is outside the UK.
The more, it is useless if you are not from the UK.

Beside this all, latest Court decisions (High Court in Germany - some EU countries are following those decisions) recommend to disable all Social Share Buttons and Solutions.
If not, you may get punished.

Punishment: well, I guess everybody knows in the meantime what this can be .. or not?
Just to recap:

up to 20 Mill. Euro or 4% of your worldwide revenue

Guess nobody has such lousy amount in his pocket .. or?

So better to follow the 'new' regulations - the get in effect on the 25th of May 2018.
Not a second later!

p.s. talking about 'useless' or to 'boycott' or 'starting a petition' ..
Nice talk, but a waste of time - and you did not understand the background of these regulations!

Accept what is coming and make the best of it - the 'good' shopowners have nothing to fear.
But all those lousy and fake 'chinese' shops using OpenCart and my Translation, selling fake goods - such shops will be stopped by these laws.
Hopefully.

Sitzerland (@IP_CAM): also not true - or partly!
If you sell only in Switzerland, you can do what you want (following Swiss Regulations).
But the moment you sell outside Switzerland, you have to follow the rules of the Country the customer comes - see Consumer Rights!

Image


User avatar
Expert Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by JNeuhoff » Thu Apr 26, 2018 8:56 pm

@OSWorX:

So is there any comprehensive OpenCart extension covering all the aspects of the GDPR for OpenCart?

MHC Web Design
Override Engine * Integrated VQMod * Multilingual SEO * Instant Option Price Calculator * TrustPilot Reviews * Download Options * Free Download Buttons * Export/Import Tool * Template Switcher PHP/Twig


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by OSWorX » Thu Apr 26, 2018 9:50 pm

JNeuhoff wrote:
Thu Apr 26, 2018 8:56 pm
@OSWorX:

So is there any comprehensive OpenCart extension covering all the aspects of the GDPR for OpenCart?
Will be published soon.

Image


User avatar
Expert Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by JNeuhoff » Fri Apr 27, 2018 8:28 pm

OSWorX wrote:
Thu Apr 26, 2018 9:50 pm
JNeuhoff wrote:
Thu Apr 26, 2018 8:56 pm
@OSWorX:

So is there any comprehensive OpenCart extension covering all the aspects of the GDPR for OpenCart?
Will be published soon.
Thanks, looking forward to it.

MHC Web Design
Override Engine * Integrated VQMod * Multilingual SEO * Instant Option Price Calculator * TrustPilot Reviews * Download Options * Free Download Buttons * Export/Import Tool * Template Switcher PHP/Twig


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by willows » Mon Apr 30, 2018 5:10 pm

Quoting parts of the law to support your case serves no one.

Fines an penalties are on 2 tiers and are changing all the time. Your text on this matter is not correct
https://www.gdpreu.org/compliance/fines-and-penalties/

The law as set by the EU, let the interpretation of it rest with the lawyers.

Note : There is no such thing as GDPR certified or compliant, the accreditation does not exist.

ecommerce web design and opencart experts.

Available for hire for maintenance, installs, hacks, SEO disasters, and integrations with epos, logistics and accounts systems.
Image


User avatar
New member

Posts

Joined
Sun Mar 17, 2013 5:19 am
Location - Dublin Ireland

Post by willows » Mon Apr 30, 2018 5:13 pm

JNeuhoff wrote:
Thu Apr 26, 2018 8:56 pm
@OSWorX:

So is there any comprehensive OpenCart extension covering all the aspects of the GDPR for OpenCart?

Yes we have a GDPR addon on the market place. See it here. https://www.opencart.com/index.php?rout ... load_id=17

We also have a video about it here too.
[youtube]mboR7L1Z1yA[/youtube]

ecommerce web design and opencart experts.

Available for hire for maintenance, installs, hacks, SEO disasters, and integrations with epos, logistics and accounts systems.
Image


User avatar
New member

Posts

Joined
Sun Mar 17, 2013 5:19 am
Location - Dublin Ireland

Post by marius-ciclistu » Tue May 01, 2018 1:15 am

Hi all. Does opencart intend to make a new version that will comply with these new regulations?
I did not saw a complete extention/plugin for opencart yet.
I counted over 20 tables in DB that store personal data for OC 2.3.x and about 19 tables for OC 3.x....
Now try writhing all those table columns from those tables that contain personal data in your privacy terms.... :)

I share here the google analytics cookies loading only after user accepts them.

You might modify the css and you need to modify the Google Analytics code and domain of your website.

Code: Select all

<div style='position:relative;display:none;' id='gaaccept'>
    <div style='
            text-decoration: none;
            position: fixed;
            bottom: 0;
            padding: 20px;
            text-align: center;
            border: 2px solid #35C3D9;
            height:auto;
            background: linear-gradient(#E3AF02,#EBEB38,#E3AF02);
            width: 100%;
            '> <a style='color: #285fee;' href='https://support.google.com/analytics/answer/6004245' target='_blank'>Google Analytics</a> cookie
            <button style='line-height: normal;background: #35C3D9;color:white !important;box-shadow:none;text-shadow:none;' onclick='g_a_user_accept();$("#gaaccept").hide();set_gaaccept();'>Accept</button>
            
    </div>
</div>
<script>
    
    var _gaq = _gaq || [];
    var pluginUrl = 
    '//www.google-analytics.com/plugins/ga/inpage_linkid.js';
    _gaq.push(['_require', 'inpage_linkid', pluginUrl]);
    _gaq.push(['_setAccount', 'UA-....']);
    _gaq.push(['_setDomainName', 'yoursite.com']);
    _gaq.push(['_trackPageview']);
          
    function g_a_user_accept(){       
          (function() {
            var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
            ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
            var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
          })();
    }
    
    function set_gaaccept(){
        sessionStorage['g_a_user_accept'] = 'accepted';
    }
    
    if(sessionStorage['g_a_user_accept'] && sessionStorage['g_a_user_accept'] == 'accepted'){
            g_a_user_accept();
    } else {
        $('#gaaccept').show();
    }
        
</script>
You can place this in your theme's footer.

You can replace g_a_user_accept with g_a_user_accept_yoursitecom for example.

New member

Posts

Joined
Sat Nov 24, 2012 6:22 am

Post by tresj » Sat May 12, 2018 5:27 am

@marius-ciclistu

Hi, I tried your code. It seems to work. That is: I have a banner on my site and when I accept it dissapears. But how do I know it really works? Does it put a cookie on my site? If yes, what is the name of that cookie.
But thank you very much for putting the effort in this script.
Best regard,
Angelique

Newbie

Posts

Joined
Fri Jan 25, 2013 8:49 am

Post by marius-ciclistu » Sat May 12, 2018 3:48 pm

tresj wrote:
Sat May 12, 2018 5:27 am
@marius-ciclistu

Hi, I tried your code. It seems to work. That is: I have a banner on my site and when I accept it dissapears. But how do I know it really works? Does it put a cookie on my site? If yes, what is the name of that cookie.
But thank you very much for putting the effort in this script.
Best regard,
Angelique
sessionStorage['g_a_user_accept'] stores the info in session storage in the visitor's browser. That means if you open a new tab, the request will show again.
To add another indefinitely accept button(stores the accept in localStorage of the browser) this is the way:

Remember to personalize the g_a_user_accept with g_a_user_accept_your_site_address to avoid situations when 2 sites gave this functionality and the same visitor visits them. In the second site, the request will not show if g_a_user_accept is used in both sites.

Code: Select all

           <button style='line-height: normal;background: #35C3D9;color:white !important;box-shadow:none;text-shadow:none;' onclick='g_a_user_accept();$("#gaaccept").hide();set_gaaccept();'>Accept</button>
            <button style='line-height: normal;background: #35C3D9;color:white !important;box-shadow:none;text-shadow:none;'  onclick='g_a_user_accept();$(\"#gaaccept\").hide();set_gaaccept(\"local\");'>Accept indefinitely</button>

Code: Select all

    function set_gaaccept(place = 'session'){
        switch (place) {
            case 'local':
                localStorage['g_a_user_accept'] = 'accepted';
                break;
            default:        
                sessionStorage['g_a_user_accept'] = 'accepted';
        }
    }

Code: Select all

    if((localStorage['g_a_user_accept'] && localStorage['g_a_user_accept'] == 'accepted') || (sessionStorage['g_a_user_accept'] && sessionStorage['g_a_user_accept'] == 'accepted')){
          g_a_user_accept();
    } else {
        
        $('#gaaccept').show();
    }
Edit. With f12 in chrome incognito you can see that the cookies are loaded only after accept.
Last edited by marius-ciclistu on Mon May 14, 2018 12:17 am, edited 1 time in total.

New member

Posts

Joined
Sat Nov 24, 2012 6:22 am

Post by OSWorX » Sat May 12, 2018 5:12 pm

willows wrote:
Mon Apr 30, 2018 5:10 pm
Quoting parts of the law to support your case serves no one.

Fines an penalties are on 2 tiers and are changing all the time. Your text on this matter is not correct
https://www.gdpreu.org/compliance/fines-and-penalties/

The law as set by the EU, let the interpretation of it rest with the lawyers.

Note : There is no such thing as GDPR certified or compliant, the accreditation does not exist.
Not interpreting or else ..
Here the legal part of the GDPR/DSGVO regarding fines: https://gdpr-info.eu/art-83-gdpr/

Image


User avatar
Expert Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria
Who is online

Users browsing this forum: No registered users and 12 guests