Kryptronic Software Support Forum

You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.

#1 05-12-2018 10:36:14

helenconnolly
Member
Registered: 04-08-2007
Posts: 15

Cookie notification

Hi,

I need to add a cookie notification to our website which customers must explicitly accept - it cannot be implied consent as we are in the EU and laws are changing at the end of May.

How can I add a cookie notification and accept button easily to Europa cart v 8 please?

Thanks
Helen

Offline

 

#2 05-14-2018 08:11:30

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19798
Website

Re: Cookie notification

Check this post concerning GDPR in the K9 forum:

https://forum.kryptronic.com/viewtopic.php?id=33694

I think you are mistake about needing to explicitly allow cookies, I believe that pertains to things like the mail list (see above).


Nick Hendler

Offline

 

#3 05-14-2018 08:44:08

helenconnolly
Member
Registered: 04-08-2007
Posts: 15

Re: Cookie notification

This link takes me to a post in the V9 forum. Where do I find help for V8?

My understanding of the new laws is that all consent must be explicit and this does not just refer to mailing lists. Can you please advise how I can add a consent ticker to my site?

thanks
Helen

Offline

 

#4 05-14-2018 09:09:49

helenconnolly
Member
Registered: 04-08-2007
Posts: 15

Re: Cookie notification

Sorry Nick where did you post the question to me om this? Can you embed the link to the right thread too for speed.

Offline

 

#5 05-14-2018 09:10:45

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19798
Website

Re: Cookie notification

My understanding of the new laws is that all consent must be explicit and this does not just refer to mailing lists

I believe your understanding of the new laws is incorrect.  The explicit requirement is for opt-in items like mailing lists.  I think it would be impossible to enforce a cookie-based explicit opt-in on most of the Internet with all of the external/third-party scripts sites load these days.

Can you please advise how I can add a consent ticker to my site?

You don't need to - just activate the Cookie Information skin widget and put it in a prominent location in your skin.


Nick Hendler

Offline

 

#6 05-14-2018 09:52:15

helenconnolly
Member
Registered: 04-08-2007
Posts: 15

Re: Cookie notification

I've taken the advice straight from the legal horses mouth as it were: https://ico.org.uk/for-organisations/gu … hnologies/

There's a section here that states,

[extract begins]

"What counts as consent?
To be valid, consent must be freely given, specific and informed. It must involve some form of unambiguous positive action – for example, ticking a box or clicking a link – and the person must fully understand that they are giving you consent. You cannot show consent if you only provide information about cookies as part of a privacy policy that is hard to find, difficult to understand, or rarely read.

Consent does not necessarily have to be explicit consent. However, consent must be given by a clear positive action. You need to be confident that your users fully understand that their actions will result in specific cookies being set, and have taken a clear and deliberate action to give consent. This must be more than simply continuing to use the website. To ensure that consent is freely given, users should be able to disable cookies, and you should make this easy to do.

You should take particular care to ensure clear and specific consent for more privacy-intrusive cookies, such as those collecting sensitive personal data such as health details, or used for behavioural tracking. The ICO will take a risk-based approach to enforcement in this area, in line with our regulatory action policy." [/ extract ends]

To me this means they need to click something to acknowledge they have accepted that cookies are being used but you link to your cookie policy to tell them how they can disable them.

I've got the cookie information skin widget on and added it to the header section and amended the text but it isn't displaying on the site.

I've amended the words to say, ....To give consent to the cookies being used please click ACCEPT.....
On other sites I use the ACCEPT button then closes the cookie bar. However, can I do something similar to this on Kryptronic?

Offline

 

#7 05-14-2018 12:26:53

zanart
Member
From: bedford
Registered: 04-02-2008
Posts: 1706

Re: Cookie notification

I haven't looked too much into this law, and I am sure Nick will correct me if I am wrong, however...
CC8 creates a session cookie that stores details of the users session, including shopping basket, breadcrumbs, etc. No personal data is stored in the cookie as it is only a random number.

The link you have provided is quite clear:
At the very top:

There is an exception for cookies that are essential to provide an online service at someone’s request (eg to remember what’s in their online basket, or to ensure security in online banking).

and further down under the Any Exemptions question:

This means you are unlikely to need consent for:

    cookies used to remember the goods a user wishes to buy when they add goods to their online basket or proceed to the checkout on an internet shopping website;

    session cookies providing security that is essential to comply with data protection security requirements for an online service the user has requested – eg online banking services;

The link you have provided is quite clear that permission is not required when a cookie is "essential to provide an online service at someone’s request". If a user adds something to their basket(their request), it is essential for a cookie to be created for the basket to be stored and therefore consent is not required.

The cookie consent law has been around for a while, the new law is to do with opting into maillists


Rob

Offline

 

#8 05-15-2018 08:15:16

webmaster
Administrator
From: York, PA
Registered: 04-20-2001
Posts: 19798
Website

Re: Cookie notification

CC8 creates a session cookie that stores details of the users session, including shopping basket, breadcrumbs, etc. No personal data is stored in the cookie as it is only a random number.

Correct.

And for those of you interested in K9, it doesn't automatically set any cookies.  Cookies are used to track sessions in K9 once a user is logged in, or a guest does something that warrants a session being created (adds item to cart, enters email address, info, etc).  Additional cookies are used to track items individually like breadcrumb/location trail, currency selection, and a few others.

All versions are compliant with the existing and new laws provided: (1) the cookie info widget is displayed and (2) the opt-out default change is made to the mail list form fields (via SQL statement to update versions 9.0.2 and earlier, version 9.0.3 will have no defaults set when released).


Nick Hendler

Offline

 

Board footer