Glenn Posted May 2, 2018 Posted May 2, 2018 Hello everybody, Which of the (PS-)modules mentioned below are using cookies that are only used to make the website work properly (or: which ones are using cookies that do need prior consent from the user before they may be used)? I am wondering how everybody else with limited technical knowledge is able to separate these cookies? It seems to me that only nr. 5 en 7 would need prior consent of the user? Social sharing send to friend product questions product comments (reviews) Kiyoh reviews exit popup module Matomo analytics
lesley Posted May 4, 2018 Posted May 4, 2018 They will need consent really. You have the main application cookie and then you have the 3rd party cookies. The plan is an all or nothing approach.
30knees Posted May 5, 2018 Posted May 5, 2018 One solution for 'services' like social sharing, send to friend, etc, if technically possible, would be to drop the cookie only when the service is requested. I think there's a good argument then that no consent is required.
lesley Posted May 5, 2018 Posted May 5, 2018 It honestly not really an option. The amount of control you have over 3rd party scripts is really limited. Like for social share buttons, we cannot actually show the button before the 3rd party script that cookies is loaded. If we wrote the 3rd party scripts we could fix the issue, but I suspect there are going to be a lot of things like that lost with gdpr.
Glenn Posted May 9, 2018 Author Posted May 9, 2018 @lesley: I am not sure if I understand your comment correctly. Do you mean all 7 in your opinion do need consent? Cookies from the social sharing and send to friend, aren't they built-in functions in PS?
lesley Posted May 9, 2018 Posted May 9, 2018 What I am saying is with GDPR for external scripts you cannot just have the script and then show a consent. You have to show the consent and they have to agree to it, then you can run the script on the page.
toplakd Posted May 9, 2018 Posted May 9, 2018 Also the main cookie (prestashop session) cookie should have the expiration set to 0, so it expires after session ends and acts as true session cookie.
NatalyaNieves Posted June 9, 2020 Posted June 9, 2020 You have to show the consent and they have to agree to it, then you can run the script on the page.
toplakd Posted June 9, 2020 Posted June 9, 2020 (edited) For GDPR: First-party session cookies (main thirty bees cookie) that expire when browser is closed do not require informed consent. Edited June 9, 2020 by toplakd 1
30knees Posted June 10, 2020 Posted June 10, 2020 It's about technically necessary cookies vs technically unnecessary cookies more than first-party or not first-party cookies.
Sigi Posted June 10, 2020 Posted June 10, 2020 so as far as I know, if you use matomo you don´t need cookie tool, because the data stays at your server and doesn´t go to google or some other third parties. Can somebody confirm this?
haylau Posted June 11, 2020 Posted June 11, 2020 11 hours ago, Sigi said: so as far as I know, if you use matomo you don´t need cookie tool, because the data stays at your server and doesn´t go to google or some other third parties. Can somebody confirm this? It does not matter where the data goes. If your site has cookies (it does) then you must have some sort of cookie banner / tool implemented
Traumflug Posted June 11, 2020 Posted June 11, 2020 3 hours ago, haylau said: It does not matter where the data goes. If your site has cookies (it does) then you must have some sort of cookie banner / tool implemented Agreement on the first part, not so much on the second part. Technically necessary cookies, e.g. to track a login or a filled cart, don't need consent. Describing these in the privacy statement and/or where they get created is sufficient. Matomo is obviously not technically necessary, as one can handle orders without just fine. Accordingly it needs consent. Anyways, it's hard to find clear descriptions and statements about this matter. Take my comment as educated opinion, not as authoritative answer. 3
30knees Posted June 11, 2020 Posted June 11, 2020 6 hours ago, Traumflug said: Agreement on the first part, not so much on the second part. Technically necessary cookies, e.g. to track a login or a filled cart, don't need consent. Describing these in the privacy statement and/or where they get created is sufficient. Matomo is obviously not technically necessary, as one can handle orders without just fine. Accordingly it needs consent. Anyways, it's hard to find clear descriptions and statements about this matter. Take my comment as educated opinion, not as authoritative answer. Your comment is correct. (How do I know? I work in this area.) 1
wakabayashi Posted June 12, 2020 Posted June 12, 2020 11 hours ago, 30knees said: (How do I know? I work in this area.) Does is it mean that you bake cookies? 😍 🍪 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now