Post by herve11170 » Thu Jan 21, 2021 4:25 pm

Hello,
After a lot of work and search I have managed to configure SECURE, HTTPonly and SameSite:Lax for the 3 necesary cookies (PHPSESSID, Currency & Language) in my Opencart Oc 2.0.1.1.
These 3 cookies are NECESSARY for the use of Opencart (Everybody is OK about that) but when I check my GDPR with CookieBot, that said that Currency IS NOT A NECESSARY COOKIE for Opencart, It's a Cookie PREFERENCE and NEED to be BLOCKED until ACCEPTED by User.
For PHPSESSID and Language no problem, they are NECESSARY.
I can't PASS the GDPR test for this problem.
Does anyone have the same problem?
How can I fix this? How to indicate to CookieBot that Currency is an essential Cookie?
I add a PrintScreen of the report of CookieBot.
Thanks for your help.
My website is: https://www.lecroissantfrances.com

I don't understand why ... And in this post, they officialy said that:
"What is allowed - without explicit consent All cookies about/with:
1. language
2. currency
3. session.
These 3 are standard cookies OpenCart sets/checks at every visit."
viewtopic.php?t=201183

Attachments

error-cookie-currency.jpg

error-cookie-currency.jpg (368.75 KiB) Viewed 314 times


New member

Posts

Joined
Wed Feb 15, 2017 1:39 pm

Post by ADD Creative » Thu Jan 21, 2021 9:36 pm

Just ignore it or tell CookieBot of their mistake. No online checker could ever give 100% accurate results. They will have no idea how your website works or know what your privacy notices say.

It could be argued that they are correct and the currency cookie should not be classed as necessary. Because OpenCart stores the currency in the session anyway, the currency cookie is a persistent cookie not a session cookie and the cookie is set without interaction from the user. It will also depend on the implementation of the ePrivacy Directive in the countries you sell to.

The cookie notice on your site is not GDPR correct for some countries anyway. Explicit “accept” AND “reject” buttons are required to be on the cookie notice. There is also no means for the user to change their mind.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by herve11170 » Fri Jan 22, 2021 3:20 am

Thank you for your answer.
Here in Spain a lot of Websites like government sites, Google Spain, and big websites do not have the reject button.
So I would add one later but not sure that I need it.
In any case, if you select (in my website) "Configure Cookies" and not check 3 empty cases (Analytics, preference and marketing) and click on ACCEPT, only Opencart cookies will work (it is equivalent to REJECT)
(The GDPR plugin that I use is from Opencart Marketplace).

New member

Posts

Joined
Wed Feb 15, 2017 1:39 pm

Post by paulfeakins » Fri Jan 22, 2021 7:30 pm

Just leave the EU and their stupid cookie laws, we did :laugh:
Image

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Guru Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by ADD Creative » Fri Jan 22, 2021 8:58 pm

paulfeakins wrote:
Fri Jan 22, 2021 7:30 pm
Just leave the EU and their stupid cookie laws, we did :laugh:
Leaving the EU, if anything, seems to have has made the laws affecting cookies even more stupid in the UK.
From: https://ico.org.uk/for-organisations/gu ... es/#rules5
What does ‘consent’ mean?
PECR requires that users or subscribers consent to cookies being placed or used on their device. There is no definition of consent given in PECR or in the ePrivacy Directive; instead, the UK GDPR definition of consent applies.

Regulation 8(2) of the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 clarifies that, for PECR:

"‘consent' by a user or subscriber corresponds to the data subject’s consent in the GDPR (as defined in section 3(10) of the Data Protection Act 2018)."
So before leaving the EU there was no actual law that said you have to record consent to the high standard required by the GDPR for all cookies, even the ones without personal data. One of the laws passed to leave the EU has now made it a legal requirement.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom
Who is online

Users browsing this forum: Majestic-12 [Bot] and 18 guests