With 25th of May fast approaching I would have thought getting Arastta compliant with the new rules would've been essential for its future at least within the EU countries.
Anybody doing anything about this? Or discovered extensions for OC that works straight out of the box? Thanks.
Anybody doing anything about this? Or discovered extensions for OC that works straight out of the box? Thanks.
In Extensions
Share this post:
Responses (40)
-
Accepted Answer
Hey folks, thanks to everyone who help me with this over a year ago when I was desperate to fix a couple of sites in Europe, including Mr. RUNE. https://arastta.org/rune-rasmussen thanks man. 5* -
Accepted Answer
Hi Martyn,
Isn't this a waste of time and is not enforced or needed for any web users in their browser and has largely been abandoned whether in the EU or not? It has merely become an annoying popup on out-of-date sites so why are you trying to promote it?
Possibly, some sites provide a better cookie consent and explain what they will be used for, but most just don't let you use the site unless you click yes regardless of the intended use and it certainly in our opinion does not enhance anybodies experience.
Surely not many users would like to be tracked by choice or give any data away if they do not have to as it is just for marketing purposes.
In any event if you are not providing an Arastta module (that was already partially written once) then what use is it to any Arastta users?
Regards,
Hackasacka -
Accepted Answer
A website can easily know about your interest through cookies, they will just track and target your interest to enhance the experience on their site. Generate cookie policy tailored specifically for your website and business in minutes with our easy to use wizard to comply with GDPR and EU cookie law. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
you know Rune, you're awesome man. thanks for the link/code work you done. I will check it out and try to help out as much as ai can next few days. Again thanks for your time. -
Accepted Answer
I created a integration for Cookiebot, that could help you with your cookies and GDPR.
Let's see if there is any interest in it: https://extensions.arastta.pro/other/cookiebot-integration
Demo: https://demo.arastta.no/cookies.html -
Accepted Answer
Иво Илиев wrote:
I'm sorry that the ARASTTA there is no GCDR yet, I hope to be a fact soon!
Yeah, let's see if someone will contribute to make it happen - or make a addon.
A good start would be to make the basic requirements clear, her or on the already linked GitHub issue.
https://github.com/arastta/arastta/issues/757 -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Hi Rune, yes, sorry about the confusion – I assumed you were in Norway based on your web address in your profile rather than the word Nordic.
Yes, you are right – it will be interesting to see how this develops, there are a lot of consultants, paid seminars etc for the new rules; and everybody has their own interpretation.
I found the UK based company Next's approach interesting as it blatantly ignores everything and their privacy policy is almost two fingers (a rude gesture in the UK) to the GDPR rules, saying all their cookies used for legitimate interest that includes tracking, marketing and analysing. Their turnover is around £4 billion, £1.9 billion of it coming from online sales. Spend around £50 million for their online presence – guessing that they can afford to employ a lawyer or two.
And as I said before some of the EU's own sites are not compliant either. Check out the European Councils site. -
Accepted Answer
I talked about Nordics, which is more than Norway.
Actually I browse and order more from Finland (where I live), Sweden, Germany, US and UK etc. Still both the cookie law and GDPR is valid also for Norway, but it comes into force later than in EU (GDPR in July, unless dealing with EU citizens requiring to comply already).
Beyond the popup and "I ACCEPT" button, plus the non complying text in the popup, pricespy.co.uk seems to have an interesting basic solution. Better to have it in a page like they have, than in some kind of narrowed popup.
Edit! Bang & Olufsen's popup was almost invisible in my browsers on Ubuntu, because of the colours, took me some time to see it. And there in no opt-in/out etc., even so a unnecessary popup as it doesn't add any opt-in/out possibilities etc. Karstadt also seems to have the misleading way. All in all, GDPR etc. is food for layers and courts, and we will see no clear advices before someone ends up in the court. All have their own interpretation of the rules. -
Accepted Answer
Yes, you should check the some of the EU's own official sites. The main one just gives some instructions how to remove cookies. One or two others has top bars, like Harrods, Next bottom ones. – and a question 'would you like to keep the cookies' a green tick and a red cross symbols. Pressing the cross do not remove the cookies! Pressing the green tick just gets rid of the top bar!
In the UK we just have to follow the ICO's example to be on the safe side. On their site says even the non-identifiying GA cookies need consent under PECR - (Privacy and Electronic Communications Act)
I think because Norway is not strictly in EU, you might have different implementations. Just been to Karstadt German site and Bang & Olufsen Danish Site - they implement in a very similar fashion to UK ones. -
Accepted Answer
With the edit/quote I was adding the info, told by GDPR and ICO, which proves the old solutions (incl. Sted's above) being outdated. There's no positive opt-in, and no log of it etc.
I'm still not sure how much Joomla will include by default, seems to be some basics, making it easier to built some more standardised stuff on top of. Guess we just have to wait and see how it will be there.
Harrods seems to have the old unneeded misleading cookie law popup, and quite a bunch of trackers. Liberties tell they doesn't use cookies identifying users, and thus probably is fine according to GDPR, except they use that old unneeded misleading popup thing. Next seems to do the same mistake as most others.
In the Nordics I haven't seen any webshop using cookie popup till this date. Haven't seen it in any of the German shops I have ordered from neither, actually only in UK. -
Accepted Answer
I should have said some of the new stuff, sorry.
About your edit: not sure if I get what you are saying but with these free platforms, developers write the extensions to add more facilities to the basic platform, and, we, the users, are happy to pay for it – as I have done for my Joomla platform. Having said that I understand that Joomla is prioritising this to be included as part of the basic platform for their next release. Not sure to what extent though.
As a matter of interest I was checking some big UK store sites like Harrods, Liberties and Next (it is a big clothing store in UK, if you are not familiar with the name). Didn't analysed all of them but Next listed all their cookies and marked them all as legitimate interest! and suggest that people do not want their data analysed install appropriate add-on to their browsers. -
Accepted Answer
Not all, still a lot of old popups out there, who actually never did comply (Sted's solution being one of those). Something I mentioned quite early.
Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.
Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.
Keep evidence of consent – who, when, how, and what you told people.
-
Accepted Answer
-
Accepted Answer
Exactly, webshops fall into your #4.
There is no big webshops using any popup, because they don't need to, and because it would break the cart. Also it just pisses of people, it's annoying.
GA etc can be used without any personal identifying information stored. Still GA isn't something coming included by default anyway, so it's customisations needed by the store (both to include, and to get consent if using any personal identifying information/tracking).
Btw! regarding #2 - It's anyhow not good enough to have a "I agree to all cookies", as it should be clear, for each "type" and use.
I still claim it's no need for any popup in Arastta or other default webshop systems. If anyone can prove anything else, I will reconsider.
Edit! There is btw one thing many has overseen in all this, and that is the fact that it's said that privacy should be built into all new systems. I haven't seen anything about forcing everyone to build new systems, or rebuild their system, from day one of GDPR. -
Accepted Answer
OK. Here is what the ICO (Information Commissioner's Office) site says about cookies - without giving any links this is the authority in charge of overseeing GDPR implementation in the UK.
Quote from their site (I numbered it – not on the original)
---------------
1 – You must tell people if you set cookies, and clearly explain what the cookies do and why.
2 – You must also get the user’s consent.
3 – Consent must be actively and clearly given.
4 – There is an exception for cookies that are essential to provide an online service at someone’s request (eg to remember what’s in their online basket, or to ensure security in online banking).
5 – The same rules also apply if you use any other type of technology to store or gain access to information on someone’s device.
------------------
End of Quote
Whilst item '1' can be done by a policy/cookie document the others require some kind of user interaction with the site. And that what I was seeking.
It can be argued that a shopping platform could fall under category 4, however most sites use Google Analytics, Facebook links etc.
Whether these (2,3,5) is done by a popup window or in constant view is neither here or there and that's I think where our wires is crossed. -
Accepted Answer
If you have any solution or code, feel free to post it. But then again, I don't see what it is you try to solve, as you told the popup wasn't there to comply with any law or regulation. All I see for now is long texts without any point, looking most like search engine food to promote links. Short and clear is better than long and unclear.
Anyhow, when you implies you know better than anyone else, including EU departments and offices, most will stop listening. -
Accepted Answer
No idea what you are saying, Rune, maybe something is getting lost in translation. But you have a good day, too.
Thanks to removed the link from my last post really stops people seeing what could have been a real solution.
I am assuming there are other people using this forum. And that was my contribution. -
Accepted Answer
Haluk Gurer wrote:
Rune, I am using the term popup to refer to the information and choices that are displayed without being permanently in view, not as part of any requirement either by cookie law of 2011 or GDPR.
Why do you hate your visitors so much that would bother them with that then ... and why is it then a problem that there is no such crap added to Arastta?
Sorry, but you're writing a lot, without any point.I have no clue where you're heading, and what you would like to achieve. And honestly, I have better things to do.
All the best, have a nice weekend. -
Accepted Answer
Rune, I am using the term popup to refer to the information and choices that are displayed without being permanently in view, not as part of any requirement either by cookie law of 2011 or GDPR.
The difference between the original cookie law and GDPR is distinguished by the information cookie gathers. I think EU accepted that some cookies are essential for the site to function but do not gather identifable information about the user and it concerns itself more with the cookies that can lead to user being identified and where this info processed (within EU or outside EU) and to what purpose. And that should be made clear to the users with an option to opt out / opt in and reverse their decision with ease.
All the web servers log user interaction complete with IP addresses, platform, time duration, pages visited and much more. Any webmaster has an access to this. AWstats puts into a more understandable format but not as slick as Google. And there are extensions that can be used in Joomla and the other platforms; again these can display this information rather elegantly without any cookies.
Anyway, any discussion about your understanding of my understanding of GDPR is futile as we can only write so much about what we know and keep repeating it, and that really does not solve anything.
Here is the most probably the best example I could find so far and can be implemented on Arastta platform by the brave ones and it is used by ICO site. I think maybe it requires bit of better wording so it it obvious that clicking on cookie preferences brings the choices that user can make.
[...]
They do publish their code so with a bit of work it can be made to work with any platform – incorporating in the head section.
This allows acceptance of site session cookies separately to the acceptance of other third party cookies for marketing or other reasons (as many different types one can think of!)
They have community edition which is free, usable for one domain. They do have Joomla and WordPress modules which makes it easier to integrate but still requires bit of work especially for people like me who are designers.
The extension I bought for Joomla capable of doing this too, however front end user interface is not as well thought as this one. So I am hoping that at least for my joomla sites that extension will be a long term solution when they get its UX right. For my e-commerce sites whilst I love Arastta and what it offers to designers, I might start using Mijoshop which works with Joomla again (made by the same people from Arastta). At the moment if the site is a company site with an e-commerce option I use mijoshop and if it is purely e-commerce site I use Arastta. -
Accepted Answer
The thing is, the cockie law is kind of dead, it's replaced/overruled with GDPR ...
2011 is long time ago, GDPR came into force yesterday.
Regarding your view about the Eu sites, you have missinprented the cookie law like som many others, as i wrote early in this tread.
Rune Rasmussen wrote:
First of, the popup about cookies isn't really required (as of today, until May 25th.), is just a common missinterprention about the rules. The info about it should be easily available, and a link to a info page about privacy covers it. Next, according to the GDPR this popup existing on most sites is a violation, as it doesn't give the users a real choice. So to comply, all those needs to change it, so the users actually can decline use of cookies - else they should remove it completely.
With the cookie law you had to inform the users clearly, and the EU sites indeed does it by having a cookie link in footer. Now with GDPR you need the users consent, or if the cookie is required for the site to work, still inform them.You should not have a cookie popup, unless it gives the users a real choice to block ALL cookies that can identify them (which is making the cookie personal info). -
Accepted Answer
Hi Rune,
The one in your link is one of the extensions I am using but not for the cookie 'bit'. This extension is great if you allow user registration on a Joomla site. It will allow modifications to user profile by the user and log every change that has been made and by whom, as well as allowing users to delete their own profile. The cookie part falls bit short of what I needed and found the end user experience bit confusing. For example with this ext. user can agree site cookies but decline marketing and tracking cookies – however, reversing or changing these decisions creates totally confusing display of user's choice - average user would not know what they have allowed.
For that I use a free extension.
https://www.richeyweb.com/software/joomla/packages/9-eu-e-privacy-directive
Although it does not distinguish between functional and statistical cookies – the user is much clear about if they agreed the use of cookies or not.
This one allows – acceptance and decline – however, as I stated in my previous post, decline puts a cookie to remember the choice! As I said before it is easy to put a link to 'leave site' to a simple html page without setting any cookies. Of course, one can navigate around the site without accepting or declining the cookies, depending how the pop is displayed. There are many ways of displaying the message box – some of which does not allow, like a system alert or top ribbon which might obscure the menu. After the user's choice there is a module displayed on each page to change this choice i.e withdraw consent or reconsider.
However, all these extensions rely on javascript being enabled on the web browser!
You can see how I implemented this on one of my sites.
[self promotion removed]
In any case, at the moment there is nothing for Arastta even for a warning!
By the way, as I said before, when the 2011 'cookie' law came in, the wording implied the same thing - user must consent prior to any cookie is placed. The UK organisation who were meant the police this and new GDPR laws failed short of this and they still do! - Just check it out.
https://ico.org.uk
and so does the EU site who informs us about this new GDPR law
http://eur-lex.europa.eu/legal-content/en/all/?uri=celex:32002l0058
You can try it with Firefox / Storage inspector - and all the cookies are there, regardless of one's choice!
So I wouldn't worry too much about the courts!
I did emailed the relevant EU department in 2011 to point out their websites' short comings regarding this and I was referred to their technical department thinking I had a technical issue! -
Accepted Answer
Btw! If you look at t.ex. the Joomla GDPR extension: https://extensions.joomla.org/extensions/extension/site-management/cookie-control/gdpr/
You'll find this info for it:
GDPR Cookie consent: the standard cookie banner is no longer enough for EU GDPR, now you need a more effective solution to really block local cookies and third-party cookies before the consent is given even supporting revocable consent and modal block of the website
On the other hand, a webshop working without cookies ... eh ...
Anyhow, the "old" cookie popup is outdated. -
Accepted Answer
If you make yourself familiar with the GDPR you will see why it's no good anymore. Simply because it should be a user choice, and you need their consent before storing anything. Telling them that they have to accept your use of cookies if they continue to use the site is out, you have to let them browse your site without cookies if they prefer, without them having to change browser settings. At least this is what the lawyers will tell us, if the courts will do the same... well let's see if anyone takes the chance on figuring it out. -
Accepted Answer
Rune Rasmussen wrote:
Have you investigated the script, and confirmed it doesn't add malware or even more tracking and cookies?
Anyhow, those are no good any more as GDPR is in force. Meaning you have two choices, remove cookies for all, or give the users a real option to decline use of cookies.
No good anymore? the user can just use his browser to eliminate the cookies and go back to window 95 or way back. What you suggest we do within arastta? btw, arastta is tops baby. Stop being so grumpy. ...kiddin -
Accepted Answer
hi ya Haluk, i totally agree with you and Rune, the code source fellow (at a glance) looked white hat, good thing, and a quick solution for now.
It would be nice to have some paid ext. for this...
personally i like how https://akaunting.com/ is building up. and love the privacy policy. 5***** -
Accepted Answer
Hi Sted, thank you for that. Tried on one of my sites and it works. However, after seeing Rune's comment – I took it out and investigated further.
The cookie that is set (we-love-cookies) expires in year 9999! Don't know enough about to comment on the js file's content. But it would be much desirable if the script was within my site rather than establishing a connection to external site to be read. It seems like asking for trouble in the future date!
Not sure if one can load the .js file and adapt to be used locally and be on the right side of the intellectual property laws technically or in spirit. No idea whatsoever how this things work in that aspect.
The cookie laws are funny one and they had been around since 2011. When it came about it was not possible to implement as it was worded. Even the organisations supposed to police this could not comply as the visitors had a cookie as soon as they arrived to the site.
However, this time around, at least for the Joomla platform, there is an extension that blocks any cookies being set without users consent. However, cookie is set even if the user declines it, to remember that decision. But, it is not a big job to explain this and provide a third option via link within the warning popup window. This link can take the user some where else without setting any cookies from the site; maybe link it google's search site or direct to a simple html page on some where explaining why the user ended up there.
The extension also has 'remove' and 'reconsider' facility. Checking it on Firefox's Local storage window - it does removes cookies except for the session cookie which expires as soon as user leaves the site.
Meanwhile, back on to Arastta land, I am using HTML module on the home layout to display a warning about cookies with links to cookie and privacy policies. I have another HTML module on the Accounts layout asking people to email admin if they want to delete their account permanently.
We will see how this developer in the future.
Edited to remove duplicated bits. -
Accepted Answer
-
Accepted Answer
Hi fellas, this may not be the perfect temp implementation for the GDPR delima, but what i've done for now to stick the consent cookies OK alert bar in arastta, like so:
go to catalog view template etc. via tools/file manager
edit catalog/view/theme/default(my case)/template/common/header.tpl
add this to<head>
<s-cript type="text/j-avascript" id="cookieinfo"
src="//cookieinfoscript.com/js/cookieinfo.min.js"
data-height="60px"
data-bg="#CC3333"
data-message="your alert cookie message "
data-linkmsg="More info"
data-moreinfo="https://www.yourseite.com/cookies-policy.html"
data-fg="#FFF"
data-position="top"
data-link="#F1D600"
data-cookie="we-love-cookies"
data-text-align="left"
data-divlinkbg="#33FF36"
data-divlink="#000"
data-close-text="<b>I CONSENT</b>">
</script>
</HEAD>
This will do for the cookie alert etc.
go crazzy. -
Accepted Answer
While Joomla includes it for free (more resources and contibutors): https://www.joomla.org/announcements/release-news/5731-joomla-3-9-and-joomla-3-10.html -
Accepted Answer
Btw! PrestaShop devs has solved it quite nicely, adding value for their own project, by releasing a official paid for extension:
https://addons.prestashop.com/en/legal/32323-official-gdpr-compliance-by-prestashop-16.html -
Accepted Answer
OK, I read it elseway. Anyhow, coding contributions is only a "small" part of it all, there is several way for all to contribute, especially when having paying clients it's kind of important also for ourself. -
Accepted Answer
I was not complaining but merely observing. I am a graphic designer not a programmer. My contributions, if one can say that, could only be limited to voicing my experience and expectations from the software; not developing or modifying an extension which is not in my skill set. -
Accepted Answer
First of, the popup about cookies isn't really required (as of today, until May 25th.), is just a common missinterprention about the rules. The info about it should be easily available, and a link to a info page about privacy covers it. Next, according to the GDPR this popup existing on most sites is a violation, as it doesn't give the users a real choice. So to comply, all those needs to change it, so the users actually can decline use of cookies - else they should remove it completely.
Now as you obviously is a website builder / consultant, you're more than late to the party yourself, so complaining isn't really an option. You, me, and everybody else, should rather start contributing to making the software we like to be great. That's why there is lots of extensions for Joomla, people contribute. OC is OC, not to friendly or understanding. Arastta, maybe dying because nobody cares to contribute ... I don't know ... I'm just a user as you (only difference is that I try to contribute) ... -
Accepted Answer
Thanks, Rune. Yes, I understand the wider implications of GDPR as I have a number of websites/clients where they require different approaches to their websites to become compliant. Obviously, how the rest of their business becomes compliant is another subject.
Just specific to Arastta there isn't even a pop-up box warning extension that the site is using cookies where one could choose to accept or decline it. And, cookie laws has been around since 2011.
My main platform of development/web design is Joomla and there are plenty of free and paid extensions which allows users to accept site cookies explicitly and then withdraw this consent easily. Plus forms extensions that can delete the submissions after a given time, anonymise submitting IP address, able to use Google GA without cookies etc.
I tried most of the free OC extensions and none of them works out of box. There isn't much point asking at OC website, even for the paid ones, if it would work with Arastta as they seem to be quite 'uninterested' anything to do with Arastta and/or MijoShop for that matter. I use MijoShop quite a bit as I have a lifetime subscription and the support used to be great; pointing to the right OC extension and if necessary modifying it to work with the Mijoshop. However, for a time now, most support tickets are closed even before someone is assigned for it.
And there seems to be hardly any new extension or development for Arastta. Anyway, it seems like temporary solution would be to a have permanent panel in display to warn people about the use of cookies with a link to Privacy policy. And, incorporate wording in emails generated during the transactions to direct people to the right email address if they want to see their info (for guest checkouts) or delete their account permanently from the servers.
Not sure what the long term solutions is without changing the platform altogether. -
Accepted Answer
There is no extensions doing such magic as doing you compliant with GDPR, it's a much bigger change than that for your whole business.
Anyhow, please take a look at https://github.com/arastta/arastta/issues/757
Your Reply
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »