With 25th of May fast approaching I would have thought getting Arastta compliant with the new rules would've been essential for its future at least within the EU countries.

Anybody doing anything about this? Or discovered extensions for OC that works straight out of the box? Thanks.
Tuesday, May 15 2018, 02:09 PM
Like
1
Share this post:
Responses (40)
  • Accepted Answer

    Thursday, May 17 2018, 08:35 AM - #Permalink
    There is no extensions doing such magic as doing you compliant with GDPR, it's a much bigger change than that for your whole business.

    Anyhow, please take a look at https://github.com/arastta/arastta/issues/757
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 17 2018, 12:02 PM - #Permalink
    Thanks, Rune. Yes, I understand the wider implications of GDPR as I have a number of websites/clients where they require different approaches to their websites to become compliant. Obviously, how the rest of their business becomes compliant is another subject.

    Just specific to Arastta there isn't even a pop-up box warning extension that the site is using cookies where one could choose to accept or decline it. And, cookie laws has been around since 2011.

    My main platform of development/web design is Joomla and there are plenty of free and paid extensions which allows users to accept site cookies explicitly and then withdraw this consent easily. Plus forms extensions that can delete the submissions after a given time, anonymise submitting IP address, able to use Google GA without cookies etc.

    I tried most of the free OC extensions and none of them works out of box. There isn't much point asking at OC website, even for the paid ones, if it would work with Arastta as they seem to be quite 'uninterested' anything to do with Arastta and/or MijoShop for that matter. I use MijoShop quite a bit as I have a lifetime subscription and the support used to be great; pointing to the right OC extension and if necessary modifying it to work with the Mijoshop. However, for a time now, most support tickets are closed even before someone is assigned for it.

    And there seems to be hardly any new extension or development for Arastta. Anyway, it seems like temporary solution would be to a have permanent panel in display to warn people about the use of cookies with a link to Privacy policy. And, incorporate wording in emails generated during the transactions to direct people to the right email address if they want to see their info (for guest checkouts) or delete their account permanently from the servers.

    Not sure what the long term solutions is without changing the platform altogether.
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 17 2018, 01:03 PM - #Permalink
    First of, the popup about cookies isn't really required (as of today, until May 25th.), is just a common missinterprention about the rules. The info about it should be easily available, and a link to a info page about privacy covers it. Next, according to the GDPR this popup existing on most sites is a violation, as it doesn't give the users a real choice. So to comply, all those needs to change it, so the users actually can decline use of cookies - else they should remove it completely.

    Now as you obviously is a website builder / consultant, you're more than late to the party yourself, so complaining isn't really an option. You, me, and everybody else, should rather start contributing to making the software we like to be great. That's why there is lots of extensions for Joomla, people contribute. OC is OC, not to friendly or understanding. Arastta, maybe dying because nobody cares to contribute ... I don't know ... I'm just a user as you (only difference is that I try to contribute) ...
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 17 2018, 03:30 PM - #Permalink
    I was not complaining but merely observing. I am a graphic designer not a programmer. My contributions, if one can say that, could only be limited to voicing my experience and expectations from the software; not developing or modifying an extension which is not in my skill set.
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 17 2018, 05:26 PM - #Permalink
    OK, I read it elseway. Anyhow, coding contributions is only a "small" part of it all, there is several way for all to contribute, especially when having paying clients it's kind of important also for ourself.
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, May 17 2018, 07:57 PM - #Permalink
    Btw! PrestaShop devs has solved it quite nicely, adding value for their own project, by releasing a official paid for extension:
    https://addons.prestashop.com/en/legal/32323-official-gdpr-compliance-by-prestashop-16.html
    Like
    2
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, May 20 2018, 03:11 PM - #Permalink
    While Joomla includes it for free (more resources and contibutors): https://www.joomla.org/announcements/release-news/5731-joomla-3-9-and-joomla-3-10.html
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    Friday, May 25 2018, 09:02 PM - #Permalink
    Hi fellas, this may not be the perfect temp implementation for the GDPR delima, but what i've done for now to stick the consent cookies OK alert bar in arastta, like so:

    go to catalog view template etc. via tools/file manager
    edit catalog/view/theme/default(my case)/template/common/header.tpl

    add this to
    <head> 

    <s-cript type="text/j-avascript" id="cookieinfo"
    src="//cookieinfoscript.com/js/cookieinfo.min.js"
    data-height="60px"
    data-bg="#CC3333"
    data-message="your alert cookie message "
    data-linkmsg="More info"
    data-moreinfo="https://www.yourseite.com/cookies-policy.html"
    data-fg="#FFF"
    data-position="top"
    data-link="#F1D600"
    data-cookie="we-love-cookies"
    data-text-align="left"
    data-divlinkbg="#33FF36"
    data-divlink="#000"
    data-close-text="<b>I CONSENT</b>">
    </script>
    </HEAD>


    This will do for the cookie alert etc.

    go crazzy. :)
    Like
    1
    The reply is currently minimized Show
  • Accepted Answer

    Friday, May 25 2018, 09:30 PM - #Permalink
    Have you investigated the script, and confirmed it doesn't add malware or even more tracking and cookies?

    Anyhow, those are no good any more as GDPR is in force. Meaning you have two choices, remove cookies for all, or give the users a real option to decline use of cookies. ;)
    The reply is currently minimized Show
  • Accepted Answer

    Friday, May 25 2018, 11:02 PM - #Permalink
    Hi Sted, thank you for that. Tried on one of my sites and it works. However, after seeing Rune's comment – I took it out and investigated further.

    The cookie that is set (we-love-cookies) expires in year 9999! Don't know enough about to comment on the js file's content. But it would be much desirable if the script was within my site rather than establishing a connection to external site to be read. It seems like asking for trouble in the future date!

    Not sure if one can load the .js file and adapt to be used locally and be on the right side of the intellectual property laws technically or in spirit. No idea whatsoever how this things work in that aspect.

    The cookie laws are funny one and they had been around since 2011. When it came about it was not possible to implement as it was worded. Even the organisations supposed to police this could not comply as the visitors had a cookie as soon as they arrived to the site.

    However, this time around, at least for the Joomla platform, there is an extension that blocks any cookies being set without users consent. However, cookie is set even if the user declines it, to remember that decision. But, it is not a big job to explain this and provide a third option via link within the warning popup window. This link can take the user some where else without setting any cookies from the site; maybe link it google's search site or direct to a simple html page on some where explaining why the user ended up there.

    The extension also has 'remove' and 'reconsider' facility. Checking it on Firefox's Local storage window - it does removes cookies except for the session cookie which expires as soon as user leaves the site.

    Meanwhile, back on to Arastta land, I am using HTML module on the home layout to display a warning about cookies with links to cookie and privacy policies. I have another HTML module on the Accounts layout asking people to email admin if they want to delete their account permanently.

    We will see how this developer in the future.

    Edited to remove duplicated bits.
    The reply is currently minimized Show
  • Accepted Answer

    Friday, May 25 2018, 11:30 PM - #Permalink
    hi ya Haluk, i totally agree with you and Rune, the code source fellow (at a glance) looked white hat, good thing, and a quick solution for now.

    It would be nice to have some paid ext. for this...

    personally i like how https://akaunting.com/ is building up. and love the privacy policy. :) 5*****
    The reply is currently minimized Show
  • Accepted Answer

    Friday, May 25 2018, 11:35 PM - #Permalink
    Rune Rasmussen wrote:

    Have you investigated the script, and confirmed it doesn't add malware or even more tracking and cookies?

    Anyhow, those are no good any more as GDPR is in force. Meaning you have two choices, remove cookies for all, or give the users a real option to decline use of cookies. ;)


    No good anymore? the user can just use his browser to eliminate the cookies and go back to window 95 or way back. What you suggest we do within arastta? btw, arastta is tops baby. Stop being so grumpy. ...kiddin :)
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, May 26 2018, 12:18 AM - #Permalink
    If you make yourself familiar with the GDPR you will see why it's no good anymore. Simply because it should be a user choice, and you need their consent before storing anything. Telling them that they have to accept your use of cookies if they continue to use the site is out, you have to let them browse your site without cookies if they prefer, without them having to change browser settings. At least this is what the lawyers will tell us, if the courts will do the same... well let's see if anyone takes the chance on figuring it out. :)
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, May 26 2018, 12:28 AM - #Permalink
    Btw! If you look at t.ex. the Joomla GDPR extension: https://extensions.joomla.org/extensions/extension/site-management/cookie-control/gdpr/

    You'll find this info for it:
    GDPR Cookie consent: the standard cookie banner is no longer enough for EU GDPR, now you need a more effective solution to really block local cookies and third-party cookies before the consent is given even supporting revocable consent and modal block of the website


    On the other hand, a webshop working without cookies ... eh ... ;)

    Anyhow, the "old" cookie popup is outdated. :)
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, May 26 2018, 01:24 AM - #Permalink
    Hi Rune,

    The one in your link is one of the extensions I am using but not for the cookie 'bit'. This extension is great if you allow user registration on a Joomla site. It will allow modifications to user profile by the user and log every change that has been made and by whom, as well as allowing users to delete their own profile. The cookie part falls bit short of what I needed and found the end user experience bit confusing. For example with this ext. user can agree site cookies but decline marketing and tracking cookies – however, reversing or changing these decisions creates totally confusing display of user's choice - average user would not know what they have allowed.

    For that I use a free extension.

    https://www.richeyweb.com/software/joomla/packages/9-eu-e-privacy-directive

    Although it does not distinguish between functional and statistical cookies – the user is much clear about if they agreed the use of cookies or not.

    This one allows – acceptance and decline – however, as I stated in my previous post, decline puts a cookie to remember the choice! As I said before it is easy to put a link to 'leave site' to a simple html page without setting any cookies. Of course, one can navigate around the site without accepting or declining the cookies, depending how the pop is displayed. There are many ways of displaying the message box – some of which does not allow, like a system alert or top ribbon which might obscure the menu. After the user's choice there is a module displayed on each page to change this choice i.e withdraw consent or reconsider.

    However, all these extensions rely on javascript being enabled on the web browser!

    You can see how I implemented this on one of my sites.

    [self promotion removed]

    In any case, at the moment there is nothing for Arastta even for a warning!

    By the way, as I said before, when the 2011 'cookie' law came in, the wording implied the same thing - user must consent prior to any cookie is placed. The UK organisation who were meant the police this and new GDPR laws failed short of this and they still do! - Just check it out.

    https://ico.org.uk

    and so does the EU site who informs us about this new GDPR law

    http://eur-lex.europa.eu/legal-content/en/all/?uri=celex:32002l0058

    You can try it with Firefox / Storage inspector - and all the cookies are there, regardless of one's choice!

    So I wouldn't worry too much about the courts!

    I did emailed the relevant EU department in 2011 to point out their websites' short comings regarding this and I was referred to their technical department thinking I had a technical issue!
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, May 26 2018, 10:44 AM - #Permalink
    The thing is, the cockie law is kind of dead, it's replaced/overruled with GDPR ...
    2011 is long time ago, GDPR came into force yesterday.

    Regarding your view about the Eu sites, you have missinprented the cookie law like som many others, as i wrote early in this tread.

    Rune Rasmussen wrote:
    First of, the popup about cookies isn't really required (as of today, until May 25th.), is just a common missinterprention about the rules. The info about it should be easily available, and a link to a info page about privacy covers it. Next, according to the GDPR this popup existing on most sites is a violation, as it doesn't give the users a real choice. So to comply, all those needs to change it, so the users actually can decline use of cookies - else they should remove it completely.


    With the cookie law you had to inform the users clearly, and the EU sites indeed does it by having a cookie link in footer. Now with GDPR you need the users consent, or if the cookie is required for the site to work, still inform them.You should not have a cookie popup, unless it gives the users a real choice to block ALL cookies that can identify them (which is making the cookie personal info).
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, May 26 2018, 06:29 PM - #Permalink
    Rune, I am using the term popup to refer to the information and choices that are displayed without being permanently in view, not as part of any requirement either by cookie law of 2011 or GDPR.

    The difference between the original cookie law and GDPR is distinguished by the information cookie gathers. I think EU accepted that some cookies are essential for the site to function but do not gather identifable information about the user and it concerns itself more with the cookies that can lead to user being identified and where this info processed (within EU or outside EU) and to what purpose. And that should be made clear to the users with an option to opt out / opt in and reverse their decision with ease.

    All the web servers log user interaction complete with IP addresses, platform, time duration, pages visited and much more. Any webmaster has an access to this. AWstats puts into a more understandable format but not as slick as Google. And there are extensions that can be used in Joomla and the other platforms; again these can display this information rather elegantly without any cookies.

    Anyway, any discussion about your understanding of my understanding of GDPR is futile as we can only write so much about what we know and keep repeating it, and that really does not solve anything. ;)

    Here is the most probably the best example I could find so far and can be implemented on Arastta platform by the brave ones and it is used by ICO site. I think maybe it requires bit of better wording so it it obvious that clicking on cookie preferences brings the choices that user can make.

    [...]

    They do publish their code so with a bit of work it can be made to work with any platform – incorporating in the head section.

    This allows acceptance of site session cookies separately to the acceptance of other third party cookies for marketing or other reasons (as many different types one can think of!)

    They have community edition which is free, usable for one domain. They do have Joomla and WordPress modules which makes it easier to integrate but still requires bit of work especially for people like me who are designers.

    The extension I bought for Joomla capable of doing this too, however front end user interface is not as well thought as this one. So I am hoping that at least for my joomla sites that extension will be a long term solution when they get its UX right. For my e-commerce sites whilst I love Arastta and what it offers to designers, I might start using Mijoshop which works with Joomla again (made by the same people from Arastta). At the moment if the site is a company site with an e-commerce option I use mijoshop and if it is purely e-commerce site I use Arastta.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, May 26 2018, 07:03 PM - #Permalink
    Haluk Gurer wrote:

    Rune, I am using the term popup to refer to the information and choices that are displayed without being permanently in view, not as part of any requirement either by cookie law of 2011 or GDPR.


    Why do you hate your visitors so much that would bother them with that then ... and why is it then a problem that there is no such crap added to Arastta?

    Sorry, but you're writing a lot, without any point.I have no clue where you're heading, and what you would like to achieve. And honestly, I have better things to do.

    All the best, have a nice weekend.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, May 26 2018, 07:43 PM - #Permalink
    No idea what you are saying, Rune, maybe something is getting lost in translation. But you have a good day, too.

    Thanks to removed the link from my last post really stops people seeing what could have been a real solution.

    I am assuming there are other people using this forum. And that was my contribution.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, May 26 2018, 09:12 PM - #Permalink
    If you have any solution or code, feel free to post it. But then again, I don't see what it is you try to solve, as you told the popup wasn't there to comply with any law or regulation. All I see for now is long texts without any point, looking most like search engine food to promote links. Short and clear is better than long and unclear.

    Anyhow, when you implies you know better than anyone else, including EU departments and offices, most will stop listening.
    Like
    1
    The reply is currently minimized Show
Your Reply