Hey folks, thanks to everyone who help me with this over a year ago when I was desperate to fix a couple of sites in Europe, including Mr. RUNE. https://arastta.org/rune-rasmussen thanks man. 5*

Hi Martyn,

Isn't this a waste of time and is not enforced or needed for any web users in their browser and has largely been abandoned whether in the EU or not? It has merely become an annoying popup on out-of-date sites so why are you trying to promote it?

Possibly, some sites provide a better cookie consent and explain what they will be used for, but most just don't let you use the site unless you click yes regardless of the intended use and it certainly in our opinion does not enhance anybodies experience.

Surely not many users would like to be tracked by choice or give any data away if they do not have to as it is just for marketing purposes.

In any event if you are not providing an Arastta module (that was already partially written once) then what use is it to any Arastta users?

Regards,

Hackasacka

A website can easily know about your interest through cookies, they will just track and target your interest to enhance the experience on their site. Generate cookie policy tailored specifically for your website and business in minutes with our easy to use wizard to comply with GDPR and EU cookie law.

I am using the gdpr cookie consent free. This extension is great. While seers includes it for free. I needed and found this website they are providing good services.

Yes it costs a few euros per month if you're having many products or multi-domain, but hopefully those webshops do earn some money, and still - it's way less than the fines the stores is in risk getting if not complying.

Hey Rune, that's great.

Unfortunately the two stores that I used Arastta for, both have more than 100 pages and cookiebot monthly charges makes it not feasible for me to use it. If I get smaller shops to do and use Arastta I will certainly get your extension.

you know Rune, you're awesome man. thanks for the link/code work you done. I will check it out and try to help out as much as ai can next few days. Again thanks for your time.

I created a integration for Cookiebot, that could help you with your cookies and GDPR.
Let's see if there is any interest in it: https://extensions.arastta.pro/other/cookiebot-integration

Demo: https://demo.arastta.no/cookies.html

Иво Илиев wrote:

I'm sorry that the ARASTTA there is no GCDR yet, I hope to be a fact soon!

Yeah, let's see if someone will contribute to make it happen - or make a addon.

A good start would be to make the basic requirements clear, her or on the already linked GitHub issue.
https://github.com/arastta/arastta/issues/757

I'm sorry that the ARASTTA there is no GCDR yet, I hope to be a fact soon!

Haluk Gurer wrote:
And as I said before some of the EU's own sites are not compliant either.

Most likely yes, but that also depends on the info collected (if any personal), and the lawyer being consulted.

Hi Rune, yes, sorry about the confusion – I assumed you were in Norway based on your web address in your profile rather than the word Nordic.

Yes, you are right – it will be interesting to see how this develops, there are a lot of consultants, paid seminars etc for the new rules; and everybody has their own interpretation.

I found the UK based company Next's approach interesting as it blatantly ignores everything and their privacy policy is almost two fingers (a rude gesture in the UK) to the GDPR rules, saying all their cookies used for legitimate interest that includes tracking, marketing and analysing. Their turnover is around £4 billion, £1.9 billion of it coming from online sales. Spend around £50 million for their online presence – guessing that they can afford to employ a lawyer or two.

And as I said before some of the EU's own sites are not compliant either. Check out the European Councils site.

I talked about Nordics, which is more than Norway.

Actually I browse and order more from Finland (where I live), Sweden, Germany, US and UK etc. Still both the cookie law and GDPR is valid also for Norway, but it comes into force later than in EU (GDPR in July, unless dealing with EU citizens requiring to comply already).

Beyond the popup and "I ACCEPT" button, plus the non complying text in the popup, pricespy.co.uk seems to have an interesting basic solution. Better to have it in a page like they have, than in some kind of narrowed popup.

Edit! Bang & Olufsen's popup was almost invisible in my browsers on Ubuntu, because of the colours, took me some time to see it. And there in no opt-in/out etc., even so a unnecessary popup as it doesn't add any opt-in/out possibilities etc. Karstadt also seems to have the misleading way. All in all, GDPR etc. is food for layers and courts, and we will see no clear advices before someone ends up in the court. All have their own interpretation of the rules.

Yes, you should check the some of the EU's own official sites. The main one just gives some instructions how to remove cookies. One or two others has top bars, like Harrods, Next bottom ones. – and a question 'would you like to keep the cookies' a green tick and a red cross symbols. Pressing the cross do not remove the cookies! Pressing the green tick just gets rid of the top bar!

In the UK we just have to follow the ICO's example to be on the safe side. On their site says even the non-identifiying GA cookies need consent under PECR - (Privacy and Electronic Communications Act)

I think because Norway is not strictly in EU, you might have different implementations. Just been to Karstadt German site and Bang & Olufsen Danish Site - they implement in a very similar fashion to UK ones.

With the edit/quote I was adding the info, told by GDPR and ICO, which proves the old solutions (incl. Sted's above) being outdated. There's no positive opt-in, and no log of it etc.

I'm still not sure how much Joomla will include by default, seems to be some basics, making it easier to built some more standardised stuff on top of. Guess we just have to wait and see how it will be there.

Harrods seems to have the old unneeded misleading cookie law popup, and quite a bunch of trackers. Liberties tell they doesn't use cookies identifying users, and thus probably is fine according to GDPR, except they use that old unneeded misleading popup thing. Next seems to do the same mistake as most others.

In the Nordics I haven't seen any webshop using cookie popup till this date. Haven't seen it in any of the German shops I have ordered from neither, actually only in UK.

I should have said some of the new stuff, sorry.

About your edit: not sure if I get what you are saying but with these free platforms, developers write the extensions to add more facilities to the basic platform, and, we, the users, are happy to pay for it – as I have done for my Joomla platform. Having said that I understand that Joomla is prioritising this to be included as part of the basic platform for their next release. Not sure to what extent though.

As a matter of interest I was checking some big UK store sites like Harrods, Liberties and Next (it is a big clothing store in UK, if you are not familiar with the name). Didn't analysed all of them but Next listed all their cookies and marked them all as legitimate interest! and suggest that people do not want their data analysed install appropriate add-on to their browsers.

Not all, still a lot of old popups out there, who actually never did comply (Sted's solution being one of those). Something I mentioned quite early.

Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.

Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.

Keep evidence of consent – who, when, how, and what you told people.

Regarding #2 - yes, the new stuff around for GDPR can do that: accept, decline and after that: withdraw/reconsider. And with some of them you can set as many different types to accept or reject individually. You can see it implemented on ICO site or you can check it on my site from my profile.

Exactly, webshops fall into your #4.

There is no big webshops using any popup, because they don't need to, and because it would break the cart. Also it just pisses of people, it's annoying.

GA etc can be used without any personal identifying information stored. Still GA isn't something coming included by default anyway, so it's customisations needed by the store (both to include, and to get consent if using any personal identifying information/tracking).

Btw! regarding #2 - It's anyhow not good enough to have a "I agree to all cookies", as it should be clear, for each "type" and use.

I still claim it's no need for any popup in Arastta or other default webshop systems. If anyone can prove anything else, I will reconsider.

Edit! There is btw one thing many has overseen in all this, and that is the fact that it's said that privacy should be built into all new systems. I haven't seen anything about forcing everyone to build new systems, or rebuild their system, from day one of GDPR.

OK. Here is what the ICO (Information Commissioner's Office) site says about cookies - without giving any links this is the authority in charge of overseeing GDPR implementation in the UK.

Quote from their site (I numbered it – not on the original)
---------------

1 – You must tell people if you set cookies, and clearly explain what the cookies do and why.

2 – You must also get the user’s consent.

3 – Consent must be actively and clearly given.

4 – There is an exception for cookies that are essential to provide an online service at someone’s request (eg to remember what’s in their online basket, or to ensure security in online banking).

5 – The same rules also apply if you use any other type of technology to store or gain access to information on someone’s device.

------------------
End of Quote

Whilst item '1' can be done by a policy/cookie document the others require some kind of user interaction with the site. And that what I was seeking.

It can be argued that a shopping platform could fall under category 4, however most sites use Google Analytics, Facebook links etc.

Whether these (2,3,5) is done by a popup window or in constant view is neither here or there and that's I think where our wires is crossed.