Reason why there is no delete account for user in user account?

Thank you. You know better than me the osclass script, so any step towards GDRP compliance is good news. I have some old customers that still use opencart 1.5.x and 2.3.x and that is the reason I rised the GDPR compliance discussion.

I would address this concerned matter on also upgrading their OC stores due to prior use of cookies that may not comply with GDRP.

The best solution (for 1.5.x for shure) would be a newer version of opencart, GDPR compliant:) but I doubt that until 25th of may this could be possible:)

I know about that payed plugin (GDPR PERSONAL DATA REQUEST) but I think it doesn't cover 100% the GDRP terms.

EDIT
The official text of GDPR
https://eur-lex.europa.eu/legal-content ... 32016R0679

I wouldn't worry about the 100% coverage of those policies since the payment providers will already cover those tracks once the customer will try to pay or when a store owner will want to test its transaction. The API codes will already provide the facts whether the transaction could be completed or not at that particular time.

What about the users just browsing the site? For example google's analytics cookies fall under the GDPR terms.

That still won't prevent programmers to create a cookie no matter where the store is located. In order to prevent that to happen, a remote API / webservices would be required. Opencart can operate on its own without remote services except to provide promises regarding payment and shipping transaction policies.

Yes, the "session" cookie is a delicate issue and it's not in the same pot with google's analytics cookies that can be managed via js.
Anyway I would be curious to know the point of view of some enploee that must impose those regulations...

I asked for an opinion from others... some say session cookies are not under gdpr law and they mentioned about anonymisation......but they admited this being unclear...
Below the law about that:

(26)


The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly. To ascertain whether means are reasonably likely to be used to identify the natural person, account should be taken of all objective factors, such as the costs of and the amount of time required for identification, taking into consideration the available technology at the time of the processing and technological developments. The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.
....
(30)


Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

Just let the providers handle those. Their API codes will provide the reasons on why there were rejections when the transaction occurred.

For local transactions to the store, no worries, just read this post: viewtopic.php?f=23&t=51859&p=719181#p719329 . This issue has been resolved recently on anyhow.

marius-ciclistu wrote: ↑

Thu Apr 12, 2018 2:45 am

I still don't know the defaults cookie purpose.( in 2.3.x)

This is also my question. I need to declare cookie intent in the privacy documents, and I can't find any info about this "default" session cookie... what is it? What does it store?

Regard,
Darjan

Session cookies are used to "glue together" individual page requests from a browser, to tell the server that they are related (i.e., belong to one user in one session). They are vital if you have a user logged in, or there is a shopping cart, in order to carry a logical session from one page to another. Tim Berners-Lee did some brilliant work in creating HTTP, but he did not think far enough ahead to cover such things (HTTP itself is stateless). Although such cookies may contain identifiable information, they should be erased when the browser is shut down, so there is no issue with personal privacy. Therefore, session cookies are exempt from your having to ask permission to use them. It is sufficient to note their existence and use somewhere on the site.

I think there is following reason opencart didn't add delete account your self.
1. Anybody can delete your account just by clicking "Delete my account" button simply from an account if a customer is logged in his computer and his computer is not locked. it can be changed in another way by like someone gets delete account link for confirmation in his email and from that link he can delete his account easily.
2. Some country has the policy that customer can't delete their account directly. so that he can't do post or harm to someone post or things and just delete his account and run away. so store owner will be blamed for that. so for the security purpose. it must be reconfirmed by the store owner. but some country or some website doesn't' matter to these things. so, in that case, the customer must have "delete account" option.

I hope this satisfies your answer. In my case, a UK client told me that he needs "delete account option" for his customer. so I made the module for them. this is the extension you can download if you need. https://www.opencart.com/index.php?rout ... ul2013sifa

If any question related to this .you can also contact me here: https://support.devinlabs.com/
My Other extension is here:- https://www.opencart.com/index.php?rout ... ul2013sifa

ravikumar22 wrote: ↑

Fri May 25, 2018 10:33 pm

I think there is following reason opencart didn't add delete account your self.
1. Anybody can delete your account just by clicking "Delete my account" button simply from an account if a customer is logged in his computer and his computer is not locked. it can be changed in another way by like someone gets delete account link for confirmation in his email and from that link he can delete his account easily.
2. Some country has the policy that customer can't delete their account directly. so that he can't do post or harm to someone post or things and just delete his account and run away. so store owner will be blamed for that. so for the security purpose. it must be reconfirmed by the store owner. but some country or some website doesn't' matter to these things. so, in that case, the customer must have "delete account" option.

I hope this satisfies your answer. In my case, a UK client told me that he needs "delete account option" for his customer. so I made the module for them. this is the extension you can download if you need. https://www.opencart.com/index.php?rout ... ul2013sifa

If any question related to this .you can also contact me here: https://support.devinlabs.com/
My Other extension is here:- https://www.opencart.com/index.php?rout ... ul2013sifa

Thank you. I got it for some time now. I could have made the mods my self but I decided not to:) My shop is now just a presentation website, until a core will be released in compliance with gdpr.