Post by OSWorX » Thu Mar 31, 2022 5:38 pm

On the 2nd February 2022 Belgiums Authority for Data Protection decided, that Cookiebanners are violating the GDPR.
The Authority punished the organization IAB Europe (which has developed the underlying framework TCF several years ago) with a fine of 250.000,- Euro.

The decision: https://www.autoriteprotectiondonnees.b ... nglish.pdf
IAB itself has appealed against that decision: https://iabeurope.eu/all-news/iab-europ ... ty-ruling/

In detail, the Inspection Service finds that IAB Europe is in breach of the following legal provisions
and principles of the GDPR
with its Transparency and Consent Framework:

▪ Articles 5.1.a and 5.2 (principles of fairness, transparency and accountability)
▪ Article 6.1 (lawfulness of processing);
▪ Article 9.1 and 9.2 (processing of special categories of personal data);
▪ Article 12.1 (transparency of information, communications and modalities for
exercising data subjects' rights);
▪ Article 13 (information to be provided when personal data have been obtained from
the data subject);
▪ Article 14 (information to be provided when personal data have not been obtained
from the data subject);
▪ Article 24.1 (responsibility of the data controller);
▪ Articles 32.1 and 32.2 (security of processing)

Outside the scope of the complaints, the Inspection Service also finds additional
infringements of the following provisions of the GDPR:
▪ Article 30 (register of processing activities);
▪ Article 31 (cooperation with the supervisory authorities);
▪ Article 24.1 (responsibility of the data controller);
▪ Article 37 (appointment of a data protection officer.

Article about that all (in German): https://www.zeit.de/digital/2022-03/coo ... atenschutz

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by rjcalifornia » Fri Apr 01, 2022 10:51 am

Are current Cookie banners extensions for OpenCart not compliant with GDPR?

Image
A2 Hosting features: Shared Turbo Boost, Managed Warp 1, Unmanaged Hyper 1, and Warp 2 Turbo


Active Member

Posts

Joined
Fri Sep 02, 2011 1:19 pm
Location - Worldwide

Post by OSWorX » Fri Apr 01, 2022 6:55 pm

rjcalifornia wrote:
Fri Apr 01, 2022 10:51 am
Are current Cookie banners extensions for OpenCart not compliant with GDPR?
General and in short: NO - they are not!

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by straightlight » Fri Apr 01, 2022 9:06 pm

Without any restrictions implied during checkout and the API, while these laws are simply growing with time, what a shame.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by OSWorX » Fri Apr 01, 2022 10:13 pm

straightlight wrote:
Fri Apr 01, 2022 9:06 pm
Without any restrictions implied during checkout and the API, while these laws are simply growing with time, what a shame.
What a useless comment!

Generally no website need a cookie to work.
Cookies are meant (and used) basically to follow visitors only - not to provide functions or something like that.

The so called "technical" cookies (e.g. for language and session) are the only one nobody needs to confirm (or any consent).
"Marketing" cookies are the evils, and for all of them, the website needs the consent of the visitor.

The visitors must have to opportunity to decide wether to accept cookies - or not.
And as long this consent is not given, beside the "technical" cookies not one may be set.

So, all Googles services setting a cookie (like Google Analytics) before the visitor has agreed to receive any cookie from them - are not allowed.

Don't know which "restrictions implied during checkout" or any "API" do you mean?!
And these laws are not "growing with time", since the 25th May 2018 we have already something called GDPR.
Soon 4 years later .. and you say "growing"?

A shame is a statement like yours.
And a shame how most cookie banners are styled.
99% of them use "dark patterns", try to confuse the visitor, hide settings or behind several clicks - only the get a "pseudo consent" because too many visitors just click on every thing which looks like a "success" button.

And with none of the solutions for OpenCart the storing of cookies before the consent is given is avoided.

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by straightlight » Fri Apr 01, 2022 10:43 pm

OSWorX wrote:
Fri Apr 01, 2022 10:13 pm
straightlight wrote:
Fri Apr 01, 2022 9:06 pm
Without any restrictions implied during checkout and the API, while these laws are simply growing with time, what a shame.
What a useless comment!

Generally no website need a cookie to work.
Cookies are meant (and used) basically to follow visitors only - not to provide functions or something like that.

The so called "technical" cookies (e.g. for language and session) are the only one nobody needs to confirm (or any consent).
"Marketing" cookies are the evils, and for all of them, the website needs the consent of the visitor.

The visitors must have to opportunity to decide wether to accept cookies - or not.
And as long this consent is not given, beside the "technical" cookies not one may be set.

So, all Googles services setting a cookie (like Google Analytics) before the visitor has agreed to receive any cookie from them - are not allowed.

Don't know which "restrictions implied during checkout" or any "API" do you mean?!
And these laws are not "growing with time", since the 25th May 2018 we have already something called GDPR.
Soon 4 years later .. and you say "growing"?

A shame is a statement like yours.
And a shame how most cookie banners are styled.
99% of them use "dark patterns", try to confuse the visitor, hide settings or behind several clicks - only the get a "pseudo consent" because too many visitors just click on every thing which looks like a "success" button.

And with none of the solutions for OpenCart the storing of cookies before the consent is given is avoided.
Regardless how one may believe to be useless, you're still going to address these issues to inform the people while it's people above our pay grade that takes care of these. Regarding the banners, however, that is something else that's been happening for a long time but I do understand where this is going especially since, being the case, that none of the solutions with Opencart for cookie storage have been considered without the use of extensions. In the end, that comment isn't that useless after all.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by SchmidtC » Thu Aug 25, 2022 6:09 pm

Great article! I realized these are my favorite kinds of GI articles. Enough news and reviews, more stuff like this! Let the writers get creative!

Newbie

Posts

Joined
Thu Aug 25, 2022 6:07 pm
Who is online

Users browsing this forum: No registered users and 9 guests