nopCommerce not in compliance with EU GDPR Cookie law?

Hi
I believe that the nop EU cookie feature is not in compliance with eu gdpr law.
https://gdpr.eu/cookies/
So it´s important for next version to get in compliance or even before!!

Below is the main issue that visitors must select between different types of cookies and if the don´t accept eg. marketing cookies they can use site anyway.

Quote:
Cookie compliance
To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:

Receive users’ consent before you use any cookies except strictly necessary cookies.
Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
Document and store consent received from users.
Allow users to access your service even if they refuse to allow the use of certain cookies
Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

It is not allowed that visitors just accept all types of cookies!!

Br
Tommy

Hi Topy,

This feature already exists in nopCommerce.

You can check here - https://admin-demo.nopcommerce.com/Admin/Setting/Gdpr in the admin demo.

From here you can create different cookies as per your requirement.

Sorry but that is not good enough, it´s the Cookie pop up window thats not in compliance.
The type of cookies must be grouped (eg. needed to run site, marketing, others, targeting)and if you don´t accept all (but only the needed cookies) you must enter the site anyway.
br
Tommy

So at the moment you get the message "Cookies help us deliver our services. By using our services, you agree to our use of cookies."
You can click OK and continue
You can click "Learn more" to get more info which is displayed
You can close the browser and not continue

If this is as you say "not good enough"
Do you have the website address of a another site that does do it correctly ?

I'm no European lawyer, but I believe nopCommerce complies with the above list.  Let's go through them 1 by 1.

TCH wrote:

Admin > Settings > General Settings > Display EU cookie law warning

TCH wrote:

There is a link in the pop-up to https://yourwebsite/privacy-notice topic, wherein you can explain this.

TCH wrote:

Handled in GDPR settings, as explained by rajupaladiya.

TCH wrote:

Assuming that necessary cookies are allowed as per point 1, regardless of refusal, if you hit F12 to open your browser webtools and go to the storage tab, you can view exactly what cookies nopCommerce is using.  They are all completely anonymized and necessary to its functionality.  The "Customer" cookie references a GUID for uniqueness, and without any identifying information.

TCH wrote:

Easily handled from customer Account with GDPR enabled.

Having said all of that, if you wish to customize the pop-up language, you can find its text by searching your Language Resources for "EUCookieLaw"

Link to sites with the "new" cookie eu law setup:

https://www.volkswagen.de/de.html

https://www.kia.com/uk/

https://www.maersk.com/

https://www.marabou.se/

br
Tommy

TCH wrote:
Interesting - I wonder who is going to go through and manually check everyone of those 163 cookies on this site and decide if they will be  allowed
Most people don’t even want to read the general statement and just click OK
But if there is one thing this world does not have enough of and that is options - please let us have more options to fuel societies indecisions lol

Hello everyone,

I'm totally new to nopCommerce and want to start using this shop for our customers in Germany.
Unfortunately nopCommerce is really not in compliance with EU GDPR cookie law and this could be the issue why we won't be able to migrate from our solution (which is getting old..) to nopCommerce.

Using cookies in the EU is very strict now. Actually every website must run without cookies. Cookies are only allowed after the user gives consent.
Only cookies which are mandantory for the website may be used without notice, for example a cookie for session-id.

I would appreciate any idea to handle this with nopCommerce. Would be a great plugin for sale ;-)

Regards,
Simon

It's very strange how non-compliant nopCommerce is with GDPR given it's such a big piece of legislation in the EU.

Firstly, in terms of a cookie notice; simply displaying a consent popup stating that you use cookies isn't enough. The website visitor should have the option to allow or disallow different categories of cookies based upon their preferences, such as functional cookies, marketing cookies, analytical cookies etc.

Here's an example of the above requirement https://www.akikodesign.com/

Secondly, there should be automated ways of removing personal data after a set period of time in accordance with the website owner's privacy policy i.e. if the privacy policy states you will keep customer order history for a period of 3 years after which it will be anonymised, then this is what you must legally do! The same goes for inactive customer accounts, guest users and so on.

This is such a basic functional requirement in the UK/EU it would be really good to see nopCommerce pay a bit more attention to it.

[email protected] wrote:

Yes I can only agree, there seems to be a lack of interest for the UK/EUmarket from nopCommerce team.
I have subscriped for this function at cookie-script.com paying 150€ pr. year for two webshops to comply with EU law.
So for each webshop i setup in Denmark I need to tell clients they have to subscripe a 3rd party company script because nopCommerce don´t comply the EU law. Another reason for some clients to choose another webshop platform in EU.