EU cookie law 2012

[dusty108]

Is there any guidance for modifying presta shop sites to comply with this law. I would be grateful if anyone could direct me. Search brings up nothing of relevance to this topic.

[SpottedSparrow]

I've been looking for information on this as well. As of 26 May 2012, UK websites will be required to get permission from visitors prior to sending cookies. This is a huge issue affecting all websites in the EU as it is part of the EU e-Privacy Directive. As far as I'm aware, the UK is the fist to implement it into law, but it affects far more than just the UK. Surely there are steps being taken by PrestaShop as a French company.

[dusty108]

Its quite surprising that there is virtually nothing (at least that I can find) on Prestashop given the impact that this will have on ecommerce websites throughout Europe. From what I can find by googling, cookies related to shopping cart etc are ok as they are necessary for the sales function. Google Analytics is another matter. See the following for a possible solution: http://cookies.dev.wolf-software.com/ I'm not sure where to insert this code so I would greatly appreciate any assistance.

[dusty108]

Found this which will give information on cookies actually placed by your website. http://www.attacat.co.uk

[Mike Kranzler]

Hi everybody,

I just came across this bit of code that may help you accomplish this. Check it out here.

 

Please let me know if this works for you.

 

-Mike

[dusty108]

Hi stickees

"I went on a website yesterday and it had a nice pop up asking to accept cookies. Does anyone know how we can implement this into our prestashop stores?"

 

What was the name of the website with the nice pop up?

[dusty108]

I love it!!! How do I go about putting it on my site. Please keep in mind I am a

shopkeeper not a programmer. I would be extremely grateful for any assistance you can give. The more detailed the better!

Thanks

[dusty108]

Tks

[guest*]

You can check out mine; www.stickees.co.uk - I've implemented the same one I saw.

Hi, without JS enabled you will not see the cookie control block on your site.

 

The privacy rules you are referring are a really old one. In Germany we have this law since years... and as dusty108 told: you don't need to implement a box, cookies are a necessary technical issue and can't be removed on e-commerce sites.

The best way to fulfill the law is to indicate on a CMS-page that your site uses cookies (not the same thing as tracking with Google analytics !) and than on check-out-process/registering process force the user to accept the privacy rules.

 

By having a box behind a JS you will not fullfil the law. Better is to use the module "blockcustomerprivacy" and force the read/accept on check-out and registering process.

 

For Google Analytics it is better to replace this tracking software by one which you cannot find in the source code. One working only on your server... There are several good solutions for this on the market...

[SpottedSparrow]

The privacy rules you are referring are a really old one. In Germany we have this law since years...

 

The EU amended the rules applicable to cookies under the E-Privacy Directive, and EU Member States were obliged to implement the new legislation as of 25 May 2011. The UK was the first to implement these changes into national law, having done so in May 2011, with a deferred compliance date of 26 May 2011. Germany has made one draft change to the "Telemedia Act", but has not yet implemented the new EU rules it into law.

[dusty108]

Hi Stickees. Can I just upload cookieControl-4.1.min to my js files and then reference it from my header text? Is that all that is required? Seems very simple. I would also like to edit the text to refer to Google Analytics as they would seem to be the one placing cookies which are not strictly neccessary for my shop operations. ie:

This site uses some unobtrusive but essential cookies to store information on your computer. Google Analytic cookies are also used to provide web statistics used to evaluate site performance. In order to for us to comply with this directive you must give us consent to place this cookie on your computer.

[Fabien Serny]

Hi,

 

You have this free module too :

http://www.ecartservice.net/free-prestashop-modules/cookie-warning-free-eu-cookie-law-module/

The code seems to be okay, but I prefer to make no guarantee

 

Best regards,

[mega-value.co.uk]

Hi,

 

You have this free module too :

http://www.ecartserv...kie-law-module/

The code seems to be okay, but I prefer to make no guarantee

 

Best regards,

 

 

Can't seem to get either method to work ..... This module version won't even install just get the following:

"

The following module(s) could not be loaded:

• cookiewarning (parse error in /modules/cookiewarning/cookiewarning.php)
  
• cookiewarning (class missing in /modules/cookiewarning/cookiewarning.php) "
  

[Carolina Custom Designs]

We have developed a module called Cookie Notify that solves this problem.

 

You can read more about it here--

http://prestashopusa.com/front-office-features/14-cookie-notify.html

 

 

 

 

Disclaimer: this is a paid module.

 

Marty Shue

Edited September 30, 2012 by Carolina Custom Designs (see edit history)

[mega-value.co.uk]

We have developed a module called Cookie Notify that solves this problem.

 

You can read more about it here--

http://shop.carolina...kie-notify.html

 

 

 

 

Disclaimer: this is a paid module.

 

Marty Shue

 

 

 

Thank you Marty,

 

Just purchased, installed in seconds... Shame i had to pay for this though, it should be a presta priority as it will be a LEGAL requirement in the UK in less than 5 hours time!

[Carolina Custom Designs]

Thank you Marty,

 

Just purchased, installed in seconds.

 

You are welcome. And thank you for purchasing the module. I'm glad to hear installation went as expected.

 

If we can be of any further assistance please let us know.

 

Marty Shue

[Fabien Serny]

Hi,

 

I fixed the issue on the module of e-cart available here :

http://www.ecartserv...kie-law-module/

I attached the fixed version to this post.

 

Ps: I only fixed the bug, I tested it on my install and it works now.

But this is not my module so there is no warranty with it.

 

Do not forget to thanks e-cart for their contribution.

I will notify them about the bug I fixed.

 

Best regards,

cookiewarning.zip

[badger1010]

Hi,

 

You have this free module too :

http://www.ecartserv...kie-law-module/

The code seems to be okay, but I prefer to make no guarantee

 

Best regards,

 

 

This module does work, however it gives the option of agreeing to the use of cookies or the alternative is "No thanks, get me out of here" with a redirect to another site.

I thought the idea was to just block tracking cookies, not send customers away.

[Paul C]

Thanks Fabien. Packaged it up quickly.. and.... well, you know how it is

 

Well it's all down to your own legal interpretation. The law is about "Privacy" not technology and it has been openly discussed that things such as session cookies to store a shopping cart are exempt (since they are fundamentally essential to the site's operation).

 

What isn't exempt are things like analytics tracking (including 3rd party facilities introduced by your site), cookies used to gather statistics, browsing habits etc.

 

How you interpret the law, of course, is entirely up to you.

 

This is a quick fix, not a solution (anyone who thinks they can install a module and "fix" this is being extremely naive). You need to look at what tracking you are doing and what you can do to make it optional based on an "informed choice". Currently with this module the customer either accepts that you will track them, or they don't; and they leave.

 

You can get users to make "informed consent" on accepting your terms and conditions, so for a user that has an account you will likely be fine with just getting them to agree at registration. Organic visitors to your site on the other hand are more difficult to handle. I don't think you can get away with displaying a message somewhere and hope visitors spot it; You need to force their attention - whether they make a decision or not cannot be optional.

 

Another approach is to not track non-logged in users at all, but that will lose you a lot of valuable information which you could be using to improve your site. Remember your use of things like Google Analytics, Clicky etc. are your responsibility to disclose, not the responsibility of the tracking service provider.

 

A couple of interesting articles on the subject though:

 

Firstly, UK-specific guidance that makes things a whole lot easier:

 

http://www.guardian....implied-consent

 

However, and this is important:

 

Commentary on non-EU websites:

 

http://blogs.wsj.com...u-privacy-laws/

 

The problem is that these are in huge conflict as the EU courts could take action against a UK (or non-EU site potentially) company even if the UK site follows the Information Commissioner's advice; assuming (and it's a safe bet) that the EU court's interpretation disagrees with that in the UK.

Edited May 28, 2012 by Paul C (see edit history)

[david_king]

Actually, redirecting is perfect. The module allows you to direct to your own 'cookieless' page with and explaination and a return button.

 

Must admit I hadn't thought that even though the UK gov has made a step back...the rest of Euro has not and I am guessing the EU courts would make mince meat of any UK company that doesn't comply..

[Kash123]

Hi Stickees,

 

It was very helpful. Have implemented on my site Maauma Boutique and working perfectly.

 

Many Thanks. Much appreciated.

 

Regards.

 

Edited: Replied in Wrong thread I guess.. sorry guys.. it was ment to be for this entry.

Edited May 29, 2012 by Kash123 (see edit history)

[Kash123]

Sorry guys for multiple post... ..

Edited May 29, 2012 by Kash123 (see edit history)

[SpottedSparrow]

Stickees, I'm getting an insecure content warning on secure pages after implementing your fix. Is there something in the JS file that needs to be secure? The images perhaps?

 

Ah, found it. http://www.google-analytics.com/ga.js in header.tpl just needs to be changed to https.

Edited May 29, 2012 by SpottedSparrow (see edit history)

[phrasespot]

I fixed the issue on the module

 

Nice attempt but the cookie is still added first, by the time consent is asked. That is not OK, at least in the UK. Information Commissioner's Office's [1] wording is quite explicit about this:

 

Setting cookies before users have had the opportunity to look at the information provided about cookies, and make a choice about those cookies, is likely to lead to compliance problems.

 

This is of course not the fault of the developer of that module in any way. The way PrestaShop handles cookies is a disgrace. It is haphazard, not planned and trying to change it now would be a nightmare as almost every line of code expects a cookie be there to function properly. A user should be able to not accept a cookie but still be able to see products. Maybe then they will accept the cookie to buy the product.

 

I am guessing the EU courts would make mince meat of any UK company that doesn't comply

 

No kidding

 

Commissioner has a range of options to available to him to take formal action where this is necessary...to pay a monetary penalty of an amount determined by the ICO, up to a maximum of £500,000

 

[1] http://www.ico.gov.u...cookie-law.aspx

Edited June 23, 2012 by phrasespot (see edit history)

[Scotty501]

Setting cookies before users have had the opportunity to look at the information provided about cookies, and make a choice about those cookies, is likely to lead to compliance problems.

 

So basically there is no solution to the cookie issue right now due to PS coding. Needs a fix and fast PS guys and girls.

Edited May 30, 2012 by Scotty501 (see edit history)

[Tivoli]

Hi stickees,

 

Thank you for sharing your solution. I've spent hours trying to get it working but without any success.

 

But this was my fault! I just forgot to put the {literal} {/literal} around the code and now it works.

 

Thank you very very much :-)

 

Best,

 

Tivoli

[guest*]

As I told before: Customers not having JS activated will not see the cookie warning of the module proposed. So it is the same as not having implemented nothing... It does not fulfil the law.

 

I'm one of the users not allowing JS by default, only if I know that the site is really secure and has no spam or malware on it I release this...

[totallybike]

Hi,

 

I can't get this to work, here is the code I put in after <body {if $page_name}id="{$page_name|escape:'htmlall':'UTF-8'}"{/if}>:

 

 

 

{literal}

<script src="http://www.geoplugin.net/javascript.gp" type="text/javascript"></script>

<script src="/themes/34027/js/cookieControl-4.1.min.js" type="text/javascript"></script>

<script type="text/javascript">//<![CDATA[

cookieControl({

introText:'<p>This site uses some unobtrusive cookies to store information on your computer.</p>',

fullText:'<p>Some cookies on this site are essential, and the site won\'t work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.</p><p>We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. If you\'re not happy with this, we won\'t set these cookies but some nice features of the site may be unavailable.</p><p>By using our site you accept the terms of our <a href="http://www.totallybike.com/content/14-privacy-policy">Privacy Policy</a>.</p>',

position:'left', // left or right

shape:'triangle', // triangle or diamond

theme:'light', // light or dark

startOpen:true,

autoHide:6000,

subdomains:true,

onAccept:function(){ccAddAnalytics()},

onReady:function(){},

onCookiesAllowed:function(){ccAddAnalytics()},

onCookiesNotAllowed:function(){},

countries:'United Kingdom' // Or supply a list ['United Kingdom', 'Greece']

});

 

function ccAddAnalytics() {

jQuery.getScript("http://www.google-analytics.com/ga.js", function() {

var GATracker = _gat._createTracker('');

GATracker._trackPageview();

});

}

//]]>

</script>

{/literal}

 

I've also installed the file in the correct folder /themes/34027/js.

 

Any advice/ideas? I've deleted everything off again just to stop any errors occurring.

[caseyoli]

I have managed to find a neat fix for this but credit must go to www.silktide.com where you can download code specific to your requirements.

 

1. Go to directory modules | blockwishlist

2. Locate file blockwishlist-header.tpl

3. Add the following code before the existing <script type statement....

 

 

<!-- Begin Cookie Consent plugin by Silktide - http://silktide.com/cookieconsent -->

<link rel="stylesheet" type="text/css" href="http://assets.cookieconsent.silktide.com/current/style.min.css"/>

<script type="text/javascript" src="http://assets.cookieconsent.silktide.com/current/plugin.min.js"></script>

<script type="text/javascript">

// <![CDATA[

cc.initialise({

cookies: {

social: {

title: 'Social media',

description: 'Facebook, Twitter and other so'+

'cial websites may add their ow'+

'n cookies if you click on thei'+

'r image links.'

},

analytics: {

title: 'Analytics',

description: 'We anonymously measure your us'+

'e of this website to improve y'+

'our experience.'

}

},

settings: {

consenttype: "implicit",

bannerPosition: "bottom",

hideprivacysettingstab: true,

disableallsites: true,

onlyshowbanneronce: true,

refreshOnConsent: true

}

});

// ]]>

</script>

<!-- End Cookie Consent plugin -->

 

Hope this helps...

[robchef]

hi stickees

please help in put cookieControl-4.1.min in the folder /public_html/themes/theme164/js

i put the code in the header.tpl

can you please tell me why it want work and how to fix it please

</head>

<body {if $page_name}id="{$page_name|escape:'htmlall':'UTF-8'}"{/if}>

{literal}<script src="http://www.geoplugin.net/javascript.gp" type="text/javascript"></script>

<script src="/public_html/themes/theme164/js/cookieControl-4.1.min.js" type="text/javascript"></script>

<script type="text/javascript">//<![CDATA[

cookieControl({

introText:'<p>This site uses some unobtrusive cookies to store information on your computer.</p>',

fullText:'<p>Some cookies on this site are essential, and the site won\'t work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.</p><p>We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. If you\'re not happy with this, we won\'t set these cookies but some nice features of the site may be unavailable.</p><p>By using our site you accept the terms of our <a href=~~~~~~~~~~~">Privacy Policy</a>.</p>',

position:'left', // left or right

shape:'triangle', // triangle or diamond

theme:'light', // light or dark

startOpen:true,

autoHide:6000,

subdomains:true,

onAccept:function(){ccAddAnalytics()},

onReady:function(){},

onCookiesAllowed:function(){ccAddAnalytics()},

onCookiesNotAllowed:function(){},

countries:'United Kingdom' // Or supply a list ['United Kingdom', 'Greece]

});

 

function ccAddAnalytics() {

jQuery.getScript("http://www.google-analytics.com/ga.js", function() {

var GATracker = _gat._createTracker('');

GATracker._trackPageview();

});

}

//]]>

</script>

{/literal}

[SpottedSparrow]

I had been using this, but since the past week or so it is slowing my site down to a crawl. My host has confirmed that it's hung up on the Javascript call to geoplugin.net. It's a shame as it was working fine until recently.

 

Ok....this is what you need to do....

 

1. Upload the cookie file I have attached to this message and place it in the js file of your current theme.

 

2. Copy the following code....

 

<script src="http://www.geoplugin.net/javascript.gp" type="text/javascript"></script>

<script src="/PATH_TO_COOKIE_CONTROL/cookieControl-4.1.min.js" type="text/javascript"></script>

<script type="text/javascript">//<![CDATA[

cookieControl({

introText:'<p>This site uses some unobtrusive cookies to store information on your computer.</p>',

fullText:'<p>Some cookies on this site are essential, and the site won\'t work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.</p><p>We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. If you\'re not happy with this, we won\'t set these cookies but some nice features of the site may be unavailable.</p><p>By using our site you accept the terms of our <a href=~~~~~~~~~~~">Privacy Policy</a>.</p>',

position:'left', // left or right

shape:'triangle', // triangle or diamond

theme:'light', // light or dark

startOpen:true,

autoHide:6000,

subdomains:true,

onAccept:function(){ccAddAnalytics()},

onReady:function(){},

onCookiesAllowed:function(){ccAddAnalytics()},

onCookiesNotAllowed:function(){},

countries:'United Kingdom' // Or supply a list ['United Kingdom', 'Greece]

});

 

function ccAddAnalytics() {

jQuery.getScript("http://www.google-analytics.com/ga.js", function() {

var GATracker = _gat._createTracker('');

GATracker._trackPageview();

});

}

//]]>

</script>

 

 

On the second line where it says "PATH_TO_COOKIE_CONTROL/cookieControl-4.1.min.js" - remove the path_to_cookie_control and replace with the location of where you just uploaded the cookie to. A bit further down you also need to add the href for the privacy policy on your site so that it provides a link straight to it from your pop up.

 

You can also swap between the themes by changing where it says 'light' to dark if you would prefer it to have a black background. Depends on your site, which will stand out more. You can also swap the position to left or right of the screen as well.

 

Place the copied code into the header.tpl file from your theme. You need to place it in the body section, mine starts on line 40. Line 39 is: <body {if $page_name}id="{$page_name|escape:'htmlall':'UTF-8'}"{/if}> and then I have put the code. You will also need to surround the code by {literal} {/literal} so that it gets read correctly.

 

That should be it. Let me know how you get on

[patrickvbw]

As I told before: Customers not having JS activated will not see the cookie warning of the module proposed. So it is the same as not having implemented nothing... It does not fulfil the law.

 

I'm one of the users not allowing JS by default, only if I know that the site is really secure and has no spam or malware on it I release this...

 

What do you recommend we should do then? Do you have an alternative we could use?

 

Would be very much appreciated

[willemt]

What do you recommend we should do then? Do you have an alternative we could use?

 

Would be very much appreciated

 

Why not avoid all the asking for permission?

As I understand the cart cookie is allowed without permission since it is necessary for the shop to function and has no personal data in it, the analytics cookie(s) are not allowed.

So a solution might be not to place a cookie for the analytics at all. No cookie, no law to consider

 

Maybe a module has to be developped for server side cookieless analytics as described on the google code pages

http://code.google.com/p/php-ga/

 

I'm not fit to make a module out of it, but maybe someone else is. No cookie..... problem solved, right?

Edited October 13, 2012 by willemt (see edit history)

[le0n]

I've made a (javascript) module available here: Prestashop Cookie Compliance Live demonstration on the same website.

 

This module sets a functional cookie, named 'cc' with the value of true when the user gives consent. Basicly this module is only the question itself.

Further implementation to show or hide tracking code in your page, is up to the website builder. The included template file, gives an commented overview of what can be done with the questionbox

Edited November 4, 2012 by le0n (see edit history)

[visioned]

I've made a (javascript) module available here: Prestashop Cookie Compliance Live demonstration on the same website.

 

This module sets a functional cookie, named 'cc' with the value of true when the user gives consent. Basicly this module is only the question itself.

Further implementation to show or hide tracking code in your page, is up to the website builder. The included template file, gives an commented overview of what can be done with the questionbox

 

Hi,

 

Do you have a live version of this cookie module and is it compatible with PS 1.5.2 etc.

 

Look forward to hear from you,

 

Ed Boon