|
Re: Gdpr - upcoming law for European merchants
There seems to be an issue with the GDPR Module on XC Stores that are using the X-Cart Mobile module. (In my case I installed it on v4.6.6)
Firstly - The Cookie Popup appears to reload every time you visit a page. Secondly - Clicking on the 'Learn More' link goes to a 404 page. XC - Are you able to look into this? |
Re: Gdpr - upcoming law for European merchants
And so it begins….
"Name: xyzzy Email: xyz@gmail.com Subject: EU As a US citizen why is it mandatory that I concur with EU requirements in order to process my order from Japan?" |
Re: Gdpr - upcoming law for European merchants
@kevinrm
Hi, Use GEoIP to only display GDPR to EU customers :-) :-) :-) Regards ITVV |
Re: Gdpr - upcoming law for European merchants
https://www.express.co.uk/news/world/967585/gdpr-eu-personal-data-hack-leak-personal-data-brussels
:grin: ...Obviously I wouldn't advise ignoring the legislation. |
Re: Gdpr - upcoming law for European merchants
Quote:
I don't believe the module allows for that, you have to show it to everyone, no? |
Re: Gdpr - upcoming law for European merchants
Hi kevinrm,
I do not use x-cart 5 but I am sure I have seen a screenshot somewhere on the forums of an EU GEoIP setting for x-cart 5? Regards ITVV |
Re: Gdpr - upcoming law for European merchants
Quote:
It does allow. You have to install the Geolocation module though. GDPR applies to EU only. You are not required to show it to anyone else although you can. You can adjust the policy text to cover everyone however non-EU customers may feel forced to something they don't want in the first place. |
Re: Gdpr - upcoming law for European merchants
I have Geolocation module, I do not see anywhere in XC5 where you can turn off the GDPR checkbox at the checkout. I see how you can disable the *pop-up*, but at checkout the checkbox for that remains for non-EU countries.
|
Re: Gdpr - upcoming law for European merchants
Oh that's for the checkbox. Sorry. I don't think you can turn this off. The Geolocation is for the popup only.
|
Re: Gdpr - upcoming law for European merchants
One would *assume* that if the cookie popup is disabled then the cookie would not set the GDPR checkout boxes - that's how it works in x-cart 4.6.6
Regards ITVV |
Re: Gdpr - upcoming law for European merchants
The issue here is the checkbox shows for everyone regardless where or who they are. GDPR applies to EU only. Anyone living/residing/shipping to any other part of the worlds should not be required to agree to this in order to purchase.
It doesn't matter if this is your first visit to the site or not. |
Re: Gdpr - upcoming law for European merchants
@cflsystems - not sure what you mean Steve?
Here is some code from GDPR Module for x-cart 4.6.6 Code:
// disable module for non-EU customersWith GEoIP set the above code would immediately disable GDPR notice / cookie for any visit. This works fine and disables any form of GDPR notice / checkout requirements Regards ITVV |
Re: Gdpr - upcoming law for European merchants
That's what I saw on XC4 installing on few client's sites as well yes.
Not sure XC5 is the same though. I was just pointing out what Kevin's issue is - the box shows for everyone regardless of their location and he has the Geolocation module active. @Kevin - do you have a box to select countries the GDPR applies to in the module's settings? If not then you need to install the geoip on the server - it is a PHP extension. Without it the service won't work, at least this is how XC4 module works. |
Re: Gdpr - upcoming law for European merchants
1 Attachment(s)
Hi Guys,
The attached is a shot from x-cart main site referring to x-cart 5 GDPR Looks like you have some degree of control over GDPR? Regards ITVV |
Re: Gdpr - upcoming law for European merchants
Quote:
It's NOT for the GDPR checkbox at checkout, which is the issue @kevinrm currently has... @PhilJ posted THIS which tells you a little 'more' about GDPR :wink: |
Re: Gdpr - upcoming law for European merchants
@TripleARacing
If you disable the pop-up (via GEoIP) then you disable the cookie setting which enables the GDPR checkbox at checkout. That's how it works on x-cart 4.6.6 I would have thought that the logic would be the same on x-cart 5? Regards ITVV |
Re: Gdpr - upcoming law for European merchants
Quote:
Quote:
Quote:
The answer to that should makes things clearer for anybody following this possible issue |
Re: Gdpr - upcoming law for European merchants
@TripleARacing
You are a big user / custom dev of x-cart 5 - how is the GDPR Module working for you? Do you have geoip active? I believe that "Geolocation module" IS NOT geoip PHP extension. Perhaps that is why it is not working for @kevinrm? Once again I have it working for x-cart 4.6.6 8O 8O 8O My 2 cents - I'll get my coat... Regards ITVV |
Re: Gdpr - upcoming law for European merchants
Quote:
1) There any many ways to skin a cat :D Using a default XC GDPR Module is one way, yes. There are plenty of others... 2) Running an XC GeoIP Module is a waste of time in our opinion (and current setup). VPN and/or IP spoofing totally negates its use, in terms of trying to accurately deal with XC customer data. If we want to do anything with IP addresses, then we can do this at server level, outside of XC |
Re: Gdpr - upcoming law for European merchants
Quote:
Using GeoIP will get you the answer 98% of the time. Agree that perhaps 2% use VPN / Spoof but it is very limited. Most customers just browse for the products they want. |
Re: Gdpr - upcoming law for European merchants
Geolocation module for XC5 uses MaxMind GeoLite database - as mentioned in the module description. It uses static file supplied with the module which means - it can be inaccurate in many cases.
For this module to show accurate results the GeoLite database must be downloaded on a regular bases however this may require subscription with MaxMind. The XC4 module uses geoip PHP extension. Completely different approach for the GDPR module. In XC4 I believe ITVV is correct that in XC4 if you are not coming from EU the checkbox will not show - the code is tied to the geoip and turns off the module in this case. With module off nothing from it will work. I am not sure if this is the case with XC5 version of the module. |
Re: Gdpr - upcoming law for European merchants
Quote:
I voted to stay in the EU btw. |
Re: Gdpr - upcoming law for European merchants
Quote:
Quote:
|
Re: Gdpr - upcoming law for European merchants
1 Attachment(s)
Hello,
I have reuploaded the modules. The fixed bug affects all the stores located in the root and having clean URLs enabled. A patch has been attached. Thank you. |
Re: Gdpr - upcoming law for European merchants
Quote:
Fortunately, as we have created all our own CWS mods within a custom module, we can switch that off and test again, just to see if it was the cause of this failure, but it isn't. It's exactly the same result with or without our own custom module enabled. Anyone else who is currently using this XC5 GDPR module release noticed this? |
Re: Gdpr - upcoming law for European merchants
@TripleARacing
Glad to see that you are taking steps to become compliant - better late than never :lol: :lol: :lol: Quote:
Regards ITVV |
Re: Gdpr - upcoming law for European merchants
Quote:
Quote:
|
Re: Gdpr - upcoming law for European merchants
GeoIP is PHP module. There is nothing wrong with using what's out there already coded for the framework/language XC is built on. It is actually something you better do - why reinvent the wheel in this. case. But the GeoIP applies to XC4 only.
XC5 uses the GeoLocation module which is another XC5 module based on data provided by MaxMind. So in this case the Module A/B remark can be used. |
Re: Gdpr - upcoming law for European merchants
Quote:
Regards ITVV |
Re: Gdpr - upcoming law for European merchants
Quote:
|
Re: Gdpr - upcoming law for European merchants
After some more testing in our Dev Store, what's become clear (to us anyway) is this:
1) The free XC5 GDPR Module will work when installed on its own yes, but... it has compromised functionality. A little reminiscent of a Chocolate Fireguard... 2) Using just the XC5 GDPR Module, the cookie-pop up on/off switch in settings is ineffective i.e. It serves no purpose whatsoever, because it does not function. Cookie pop-ups are always displayed regardless. 3) If the XC5 GDPR Module is installed AND the free XC Geolocation Module is installed, then the XC5 GDPR Module cookie-pop up on/off switch in settings does (finally) begin to function-ish 4) However, this is subject to: a) ensuring that the Display location select widget is switched on in the settings section of the XC5 Geolocation Module AND b) selecting each country that a cookie pop-up is desired for (otherwise cookie pop-ups will not be displayed at anytime, regardless of the cookie-pop up on/off switch in settings of the XC5 GDPR Module in our example testing... Further to 4) above, Obviously, it is only Countries that are enabled as "live" within XC Admin (Countries, states, zones) that physically appear within the widget provided drop down box and are then selectable for Yes to a cookie-pop up status... The normal GDPR notifications / tick boxes are applied to any country by default by the XC5 GDPR Module at present unfortunately...with no way of altering that at all, within settings in the XC5 GDPR Module. This is effectively what we referred too when we previously said "...If you must use Module A just to make Module B work, that's a clear example of why Module A is far from ideal and could be better prepared surely?" and to which @cflsystems commented on in POST #148 in this very thread. We don't have XC4 anymore, so can't accurately comment on what the GDPR setup is like there, but from posts in this thread where people are using it, it does appear to be a lot more configurable when used on it's own and...is not dependent on additional XC4 'add-ons' in order to function correctly (It appears to be PHP module dependent yes, but that's easy by comparison and free...) Our current feeling is that XC5 GDPR Module is not finished yet and/or suitable for accurate configuration by XC5 Admin in it's current state. It is dependent on the XC Geolocation Module being installed (which is a major own-goal we think) and this additional module is pure comedy (we think) when the costs of maintaining/updating the module's accuracy are also factored in. Have a quick look at these COSTS from Maxmind... Really? :roll: That's feeling like the aforementioned Module C to us :mrgreen: Disappointing that XC5 appears to be way behind XC4 in making this functionality available, easily configurable and fit for purpose via a solo "add-on". Maybe this particular module can be re-designed soon, so that all those XC5 storeowners who have no need or desire to run any additional, cash-cow-style modules, just to achieve functionality, will have free choice not to do so? Harsh but fair we think 8) |
Re: Gdpr - upcoming law for European merchants
perhaps a better way of doing the checkbox would be once a customer selects an EU country as their shipping or billing address, then the consent box appears?
|
Re: Gdpr - upcoming law for European merchants
Quote:
If the 'customer' is from an EU country, but, creates an account, using ONLY their e-mail address and a password (which is the default XC5 setup and does work well) then (technically) GDPR has already been compromised, if..... all the correct consent notifications / get out of jail free cards with regard to cookies, have not already been provided to that customer. Would love to see a successful court case on that issue; The EU V XC5 and its unidentifiable visitor... but technically it is a '...failure to comply' This is why when using the XC GDPR module on its own, there is no way to switch off the cookies pop-up warning (see our previous post and more below) It's a #Scattergun #CoverAll approach which is, in theory GDPR compliant, in terms of advance consent notifications / get out of jail free cards for cookies. It's explained (but in poor English unfortunately but...) on THIS XC blog page, as follows (extract): 3) The cookie popup The addon settings allow disabling the cookie popup at all or showing it only for customers from particular countries only. You’ll need the Geolocation addon for it. Which equates to; the customer's physical "country" is unknown at that point, so unless there is some form of tandem ID tracing (e.g. GeoIP) or some other source of ID / location verification, it's just a pure guess at to which country they are from and so by default, the cookies pop-up can't be switched off... Your suggestion of the consent notifications / get out of jail free cards etc being dependent on the country that is specified as part of the customer's checkout process is a good one for customers that do place orders. The irony is that XC are clever enough to have done that from the off, but instead, we have the current dogs breakfast / dual module offering, which is what we have summarised in our previous post. We'll post (and other should) suggestions for a revised module as opposed to any more fault finding of the existing ones shortly. |
Re: Gdpr - upcoming law for European merchants
:arrow: XC Team
Here is our suggested "Re-Work" of the free XC5 GDPR Module It's easier, fully complaint (we think :wink: ) and is more user friendly / easily configurable than the current module / modules combination that's offered This is a stand alone module and must NOT be dependent on other modules or third party plug-in items A chargeable version of this module could offer these interactions c/w greater configurability. That's not within the scope of this 'suggestion' post however Cookie Pop-Up Warning / Consent Note 1) The cookie pop-up warning / consent note option, must function directly from the on/off choice, made in settings by the XC5 store owner's administrator 2) Assuming that this a single module (see above) then this setting can only be generic i.e. not country specific in the free module version. Country specific options could be offered in the chargeable version if the correct interactions are applied with another module / third party source 3) The cookie pop-up pop-up warning / consent note must be an easily identified XC5 label, which the XC5 store owner's administrator, can edit themselves within XC5 (like other labels) Account Warning / Consent Note 1) Assuming that this a single module (see above) then this setting can only be generic i.e. not country specific in the free module version. Country specific options could be offered in the chargeable version if the correct interactions are applied with another module / third party source 2) The account warning / consent note wording must be an easily identified XC5 label, which the XC5 store owner's administrator, can edit themselves within XC5 (like other labels) 3) The account warning / consent note MUST be a different warning / consent note than the warning / consent note utilised at checkout. That means TWO different XC5 labels are required. These two areas are not the same (actions carried out within them may not be the same) so the notes must be separate and different than each other, hence the requirement for two tables not one shared label, as is currently provided 4) The delete note / forget me note however (the one that is displayed, once the warning / consent note has been accepted) CAN be the same and can be used for both Account and Checkout areas. The required wording can be generic and easy to apply to both. This must also be an easily identified XC5 label, which the XC5 store owner's administrator, can edit themselves within XC5 (like other labels) Checkout Warning / Consent Note 1) Assuming that this a single module (see above) then this setting must be country specific by default 2) The single module checkout warning / consent note, can be made country specific site without needing an additional module or IP checks or any other third party plug-ins 3) XC5 customers must choose a country (i.e. a "live" country in XC5 admin terms) as part of their order's delivery address requirements. Obviously this is a mandatory choice and not just an option. All "live" countries are provided within a drop down list in XC5 and customers must choose from this list or they cannot submit an order. This is a customer selected country from a defined list. It is not automatic IP address location query return. The two are different 4) The single module checkout warning / consent note, can be made country specific, by deriving it's display option (Yes or No) directly from the current list of countries, that have been deemed as "Live" and appropriately setup previously, by the XC5 store owner's administrator (see 2 above). In simple terms, When the customer chooses a country for their delivery address, their selection will (or will not - depending on both the country and the XC5 storeowners advance administrative work!) force the display of the checkout warning / consent note BEFORE the order can proceed or not proceed (if for example the customer refuses to tick the box adjacent to the checkout warning / consent note. It's a similar process to the dynamic shipping integration that already exists in XC5 The setting for checkout warning / consent note (Yes or No) can be made via a drop down box / multi selectable XC5 widget, very similar to the one already provided when using the two current, separate XC5 modules, but in that case it's used for country specific cookie pop-up selection only (by IP) in XC5 That's it. It's simple, effective, compliant but easy to customise and use. Queue a long list of XC objections / faults / corrections / additions / reasons why it can't be done :mrgreen: But it is what is is. For XC5 storeowners who want even more bells & whistles and/or even more customisation options, then a chargeable module alternative would be the real world option. If you are one of these, then get involved with XC soon and share your ideas / preferences with them The current XC5 free GDPR module has already been assessed (previous posts). The suggestions in this post are only in relation to a re-worked XC5 free GDPR single module. This post is not about any future additional XC5 chargeable GDPR single module or modules and does not relate to XC4 at all. |
Re: Gdpr - upcoming law for European merchants
So GDPR says you have to get consent from EU customers. If you use any way of identifying where any customer is coming from (country specific based on IP location) without first asking this customer if it is ok to do that - isn't this technically a breach?
The fact is in order to show message/save cookies for particular group of customers only you have to identify them first. While the IP may not be consider personal info it is still something that is tied to particular customer or his/her location. This basically forces every site to show consent yes/no to all customers in order to get permission for any further cookies/tracking. At least this is how it looks like to me |
Re: Gdpr - upcoming law for European merchants
Quote:
Quote:
There still has to be this freedom of choice for store owners and their approach. It's NOT an Orwellian XC1984 that we're all using :D/ |
Re: Gdpr - upcoming law for European merchants
I changed the wording to sound a bit less invasive to this:
"I consent to the collection and processing of my personal data (Name, address, email, IP address, etc)." So far it hasn't affected sales and everyone, EU or wherever, sees it and has to click on the box. So far outside of one customer no one seems to cares and it doesn't seem to be affecting our USA sales. Basically, it's not turning out to be much of a big deal. Of course who knows what their next step will be… |
Re: Gdpr - upcoming law for European merchants
Quote:
|
Re: Gdpr - upcoming law for European merchants
The only thing I don't like about it is that it shows up for USA residents when it's unnecessary to show that to them. I have the Geolocation module installed because it works with the multi currency module and that is very important for us. It has no effect with the GDPR module on our installation except for the pop-up, but at checkout EVERYONE has to check that stupid box whether they are in Europe or not. Supposedly there is a php geo module, I looked into installing it and it was a headache and gave up on that.
So outside of having it show up for EU only, I'm fine with the module as it is. |
Re: Gdpr - upcoming law for European merchants
Quote:
FWIW We think it's badly designed, poorly thought out and not fit for purpose as a stand-alone module. Being dependent on another module to be of any real use (and allow useful self-configuration) still equates to our 'dogs breakfast' analogy in our opinion. Sledgehammer to crack a nut etc Good for you that you already have (and use/need elsewhere) the additional free XC Geolocation Module because without that, currently, on it's own, the the XC GDPR module is pointless. Other XC5 storeowners have no need or desire for this additional module, other than having to use it alongside the XC GDPR module... All of which, XC seem to have conveniently ignored / by passed / placed in the 'too hard' pile... 8O Again FWIW, as far as we're aware, there is no 'compliant' way round the cookie pop-up warning for any visitor, regardless of country (e.g. see @cflsystems previous post) but there should be the ability to turn that OFF without needing another module to do so. In our re-work suggestion, we've covered that settings change already On your final point, the inability to remove the mandatory warning / consent notice at check out for non-affected counties. Yep, it's pure comedy and underlines the lack planning / sufficient effort that's very clear on this module's "functionality". We have also covered this particular shortfall too, in our re-work suggestions, which you may have noticed and without banging the drum for too long, the re-worked module will work, entirely on it's own and... provide the answers to all of these queries / nags / bugs / errors / lack of planning / poor interaction etc It just needs providing - soon! XC Team step up and be counted please. This module needs a re-work ASAP 8) |
| All times are GMT -8. The time now is 01:43 PM. |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.