Cookie consent, yes or no?

[Glenn]

Hello everybody,

Which of the (PS-)modules mentioned below are using cookies that are only used to make the website work properly (or: which ones are using cookies that do need prior consent from the user before they may be used)?

I am wondering how everybody else with limited technical knowledge is able to separate these cookies? It seems to me that only nr. 5 en 7 would need prior consent of the user?

1. Social sharing
2. send to friend
3. product questions
4. product comments (reviews)
5. Kiyoh reviews
6. exit popup module
7. Matomo analytics

[lesley]

They will need consent really. You have the main application cookie and then you have the 3rd party cookies. The plan is an all or nothing approach.

[30knees]

One solution for 'services' like social sharing, send to friend, etc, if technically possible, would be to drop the cookie only when the service is requested. I think there's a good argument then that no consent is required.

[lesley]

It honestly not really an option. The amount of control you have over 3rd party scripts is really limited. Like for social share buttons, we cannot actually show the button before the 3rd party script that cookies is loaded. If we wrote the 3rd party scripts we could fix the issue, but I suspect there are going to be a lot of things like that lost with gdpr.

[Glenn]

@lesley: I am not sure if I understand your comment correctly. Do you mean all 7 in your opinion do need consent? Cookies from the social sharing and send to friend, aren't they built-in functions in PS?

[lesley]

What I am saying is with GDPR for external scripts you cannot just have the script and then show a consent. You have to show the consent and they have to agree to it, then you can run the script on the page.

[toplakd]

Also the main cookie (prestashop session) cookie should have the expiration set to 0, so it expires after session ends and acts as true session cookie.

[NatalyaNieves]

You have to show the consent and they have to agree to it, then you can run the script on the page.

[toplakd]

For GDPR: First-party session cookies (main thirty bees cookie) that expire when browser is closed do not require informed consent.

Edited June 9, 2020 by toplakd

[30knees]

It's about technically necessary cookies vs technically unnecessary cookies more than first-party or not first-party cookies.

[Sigi]

so as far as I know, if you use matomo you don´t need cookie tool, because the data stays at your server and doesn´t go to google or some other third parties. Can somebody confirm this?

[haylau]

11 hours ago, Sigi said:

so as far as I know, if you use matomo you don´t need cookie tool, because the data stays at your server and doesn´t go to google or some other third parties. Can somebody confirm this?

It does not matter where the data goes. If your site has cookies (it does) then you must have some sort of cookie banner / tool implemented

[Traumflug]

3 hours ago, haylau said:

It does not matter where the data goes. If your site has cookies (it does) then you must have some sort of cookie banner / tool implemented

Agreement on the first part, not so much on the second part. Technically necessary cookies, e.g. to track a login or a filled cart, don't need consent. Describing these in the privacy statement and/or where they get created is sufficient.

Matomo is obviously not technically necessary, as one can handle orders without just fine. Accordingly it needs consent.

Anyways, it's hard to find clear descriptions and statements about this matter. Take my comment as educated opinion, not as authoritative answer.

[30knees]

6 hours ago, Traumflug said:

Agreement on the first part, not so much on the second part. Technically necessary cookies, e.g. to track a login or a filled cart, don't need consent. Describing these in the privacy statement and/or where they get created is sufficient.

Matomo is obviously not technically necessary, as one can handle orders without just fine. Accordingly it needs consent.

Anyways, it's hard to find clear descriptions and statements about this matter. Take my comment as educated opinion, not as authoritative answer.

Your comment is correct.
(How do I know? I work in this area.)

[wakabayashi]

11 hours ago, 30knees said:

(How do I know? I work in this area.)

Does is it mean that you bake cookies? 😍 🍪