Btw! PrestaShop devs has solved it quite nicely, adding value for their own project, by releasing a official paid for extension:
https://addons.prestashop.com/en/legal/32323-official-gdpr-compliance-by-prestashop-16.html

I created a integration for Cookiebot, that could help you with your cookies and GDPR.
Let's see if there is any interest in it: https://extensions.arastta.pro/other/cookiebot-integration

Demo: https://demo.arastta.no/cookies.html

There is no extensions doing such magic as doing you compliant with GDPR, it's a much bigger change than that for your whole business.

Anyhow, please take a look at https://github.com/arastta/arastta/issues/757

Thanks, Rune. Yes, I understand the wider implications of GDPR as I have a number of websites/clients where they require different approaches to their websites to become compliant. Obviously, how the rest of their business becomes compliant is another subject.

Just specific to Arastta there isn't even a pop-up box warning extension that the site is using cookies where one could choose to accept or decline it. And, cookie laws has been around since 2011.

My main platform of development/web design is Joomla and there are plenty of free and paid extensions which allows users to accept site cookies explicitly and then withdraw this consent easily. Plus forms extensions that can delete the submissions after a given time, anonymise submitting IP address, able to use Google GA without cookies etc.

I tried most of the free OC extensions and none of them works out of box. There isn't much point asking at OC website, even for the paid ones, if it would work with Arastta as they seem to be quite 'uninterested' anything to do with Arastta and/or MijoShop for that matter. I use MijoShop quite a bit as I have a lifetime subscription and the support used to be great; pointing to the right OC extension and if necessary modifying it to work with the Mijoshop. However, for a time now, most support tickets are closed even before someone is assigned for it.

And there seems to be hardly any new extension or development for Arastta. Anyway, it seems like temporary solution would be to a have permanent panel in display to warn people about the use of cookies with a link to Privacy policy. And, incorporate wording in emails generated during the transactions to direct people to the right email address if they want to see their info (for guest checkouts) or delete their account permanently from the servers.

Not sure what the long term solutions is without changing the platform altogether.

First of, the popup about cookies isn't really required (as of today, until May 25th.), is just a common missinterprention about the rules. The info about it should be easily available, and a link to a info page about privacy covers it. Next, according to the GDPR this popup existing on most sites is a violation, as it doesn't give the users a real choice. So to comply, all those needs to change it, so the users actually can decline use of cookies - else they should remove it completely.

Now as you obviously is a website builder / consultant, you're more than late to the party yourself, so complaining isn't really an option. You, me, and everybody else, should rather start contributing to making the software we like to be great. That's why there is lots of extensions for Joomla, people contribute. OC is OC, not to friendly or understanding. Arastta, maybe dying because nobody cares to contribute ... I don't know ... I'm just a user as you (only difference is that I try to contribute) ...

I was not complaining but merely observing. I am a graphic designer not a programmer. My contributions, if one can say that, could only be limited to voicing my experience and expectations from the software; not developing or modifying an extension which is not in my skill set.

OK, I read it elseway. Anyhow, coding contributions is only a "small" part of it all, there is several way for all to contribute, especially when having paying clients it's kind of important also for ourself.

While Joomla includes it for free (more resources and contibutors): https://www.joomla.org/announcements/release-news/5731-joomla-3-9-and-joomla-3-10.html

Hi fellas, this may not be the perfect temp implementation for the GDPR delima, but what i've done for now to stick the consent cookies OK alert bar in arastta, like so:

go to catalog view template etc. via tools/file manager
edit catalog/view/theme/default(my case)/template/common/header.tpl

add this to

<head> 



<s-cript type="text/j-avascript" id="cookieinfo"

	src="//cookieinfoscript.com/js/cookieinfo.min.js"

	data-height="60px" 

	data-bg="#CC3333" 

	data-message="your alert cookie message " 

	data-linkmsg="More info"

	data-moreinfo="https://www.yourseite.com/cookies-policy.html" 

	data-fg="#FFF"

	data-position="top"

	data-link="#F1D600"

	data-cookie="we-love-cookies"

	data-text-align="left"

        data-divlinkbg="#33FF36" 

	data-divlink="#000"

	data-close-text="<b>I CONSENT</b>">

</script>

</HEAD>

This will do for the cookie alert etc.

go crazzy.

If you have any solution or code, feel free to post it. But then again, I don't see what it is you try to solve, as you told the popup wasn't there to comply with any law or regulation. All I see for now is long texts without any point, looking most like search engine food to promote links. Short and clear is better than long and unclear.

Anyhow, when you implies you know better than anyone else, including EU departments and offices, most will stop listening.

Hi Rune, yes, sorry about the confusion – I assumed you were in Norway based on your web address in your profile rather than the word Nordic.

Yes, you are right – it will be interesting to see how this develops, there are a lot of consultants, paid seminars etc for the new rules; and everybody has their own interpretation.

I found the UK based company Next's approach interesting as it blatantly ignores everything and their privacy policy is almost two fingers (a rude gesture in the UK) to the GDPR rules, saying all their cookies used for legitimate interest that includes tracking, marketing and analysing. Their turnover is around £4 billion, £1.9 billion of it coming from online sales. Spend around £50 million for their online presence – guessing that they can afford to employ a lawyer or two.

And as I said before some of the EU's own sites are not compliant either. Check out the European Councils site.

you know Rune, you're awesome man. thanks for the link/code work you done. I will check it out and try to help out as much as ai can next few days. Again thanks for your time.

Have you investigated the script, and confirmed it doesn't add malware or even more tracking and cookies?

Anyhow, those are no good any more as GDPR is in force. Meaning you have two choices, remove cookies for all, or give the users a real option to decline use of cookies.

Hi Sted, thank you for that. Tried on one of my sites and it works. However, after seeing Rune's comment – I took it out and investigated further.

The cookie that is set (we-love-cookies) expires in year 9999! Don't know enough about to comment on the js file's content. But it would be much desirable if the script was within my site rather than establishing a connection to external site to be read. It seems like asking for trouble in the future date!

Not sure if one can load the .js file and adapt to be used locally and be on the right side of the intellectual property laws technically or in spirit. No idea whatsoever how this things work in that aspect.

The cookie laws are funny one and they had been around since 2011. When it came about it was not possible to implement as it was worded. Even the organisations supposed to police this could not comply as the visitors had a cookie as soon as they arrived to the site.

However, this time around, at least for the Joomla platform, there is an extension that blocks any cookies being set without users consent. However, cookie is set even if the user declines it, to remember that decision. But, it is not a big job to explain this and provide a third option via link within the warning popup window. This link can take the user some where else without setting any cookies from the site; maybe link it google's search site or direct to a simple html page on some where explaining why the user ended up there.

The extension also has 'remove' and 'reconsider' facility. Checking it on Firefox's Local storage window - it does removes cookies except for the session cookie which expires as soon as user leaves the site.

Meanwhile, back on to Arastta land, I am using HTML module on the home layout to display a warning about cookies with links to cookie and privacy policies. I have another HTML module on the Accounts layout asking people to email admin if they want to delete their account permanently.

We will see how this developer in the future.

Edited to remove duplicated bits.

hi ya Haluk, i totally agree with you and Rune, the code source fellow (at a glance) looked white hat, good thing, and a quick solution for now.

It would be nice to have some paid ext. for this...

personally i like how https://akaunting.com/ is building up. and love the privacy policy. 5*****

Rune Rasmussen wrote:

Have you investigated the script, and confirmed it doesn't add malware or even more tracking and cookies?

Anyhow, those are no good any more as GDPR is in force. Meaning you have two choices, remove cookies for all, or give the users a real option to decline use of cookies.

No good anymore? the user can just use his browser to eliminate the cookies and go back to window 95 or way back. What you suggest we do within arastta? btw, arastta is tops baby. Stop being so grumpy. ...kiddin

If you make yourself familiar with the GDPR you will see why it's no good anymore. Simply because it should be a user choice, and you need their consent before storing anything. Telling them that they have to accept your use of cookies if they continue to use the site is out, you have to let them browse your site without cookies if they prefer, without them having to change browser settings. At least this is what the lawyers will tell us, if the courts will do the same... well let's see if anyone takes the chance on figuring it out.

Btw! If you look at t.ex. the Joomla GDPR extension: https://extensions.joomla.org/extensions/extension/site-management/cookie-control/gdpr/

You'll find this info for it:

GDPR Cookie consent: the standard cookie banner is no longer enough for EU GDPR, now you need a more effective solution to really block local cookies and third-party cookies before the consent is given even supporting revocable consent and modal block of the website

On the other hand, a webshop working without cookies ... eh ...

Anyhow, the "old" cookie popup is outdated.

Hi Rune,

The one in your link is one of the extensions I am using but not for the cookie 'bit'. This extension is great if you allow user registration on a Joomla site. It will allow modifications to user profile by the user and log every change that has been made and by whom, as well as allowing users to delete their own profile. The cookie part falls bit short of what I needed and found the end user experience bit confusing. For example with this ext. user can agree site cookies but decline marketing and tracking cookies – however, reversing or changing these decisions creates totally confusing display of user's choice - average user would not know what they have allowed.

For that I use a free extension.

https://www.richeyweb.com/software/joomla/packages/9-eu-e-privacy-directive

Although it does not distinguish between functional and statistical cookies – the user is much clear about if they agreed the use of cookies or not.

This one allows – acceptance and decline – however, as I stated in my previous post, decline puts a cookie to remember the choice! As I said before it is easy to put a link to 'leave site' to a simple html page without setting any cookies. Of course, one can navigate around the site without accepting or declining the cookies, depending how the pop is displayed. There are many ways of displaying the message box – some of which does not allow, like a system alert or top ribbon which might obscure the menu. After the user's choice there is a module displayed on each page to change this choice i.e withdraw consent or reconsider.

However, all these extensions rely on javascript being enabled on the web browser!

You can see how I implemented this on one of my sites.

[self promotion removed]

In any case, at the moment there is nothing for Arastta even for a warning!

By the way, as I said before, when the 2011 'cookie' law came in, the wording implied the same thing - user must consent prior to any cookie is placed. The UK organisation who were meant the police this and new GDPR laws failed short of this and they still do! - Just check it out.

https://ico.org.uk

and so does the EU site who informs us about this new GDPR law

http://eur-lex.europa.eu/legal-content/en/all/?uri=celex:32002l0058

You can try it with Firefox / Storage inspector - and all the cookies are there, regardless of one's choice!

So I wouldn't worry too much about the courts!

I did emailed the relevant EU department in 2011 to point out their websites' short comings regarding this and I was referred to their technical department thinking I had a technical issue!

The thing is, the cockie law is kind of dead, it's replaced/overruled with GDPR ...
2011 is long time ago, GDPR came into force yesterday.

Regarding your view about the Eu sites, you have missinprented the cookie law like som many others, as i wrote early in this tread.

Rune Rasmussen wrote:
First of, the popup about cookies isn't really required (as of today, until May 25th.), is just a common missinterprention about the rules. The info about it should be easily available, and a link to a info page about privacy covers it. Next, according to the GDPR this popup existing on most sites is a violation, as it doesn't give the users a real choice. So to comply, all those needs to change it, so the users actually can decline use of cookies - else they should remove it completely.

With the cookie law you had to inform the users clearly, and the EU sites indeed does it by having a cookie link in footer. Now with GDPR you need the users consent, or if the cookie is required for the site to work, still inform them.You should not have a cookie popup, unless it gives the users a real choice to block ALL cookies that can identify them (which is making the cookie personal info).