View Single Post
Old 06-08-2018, 09:25 PM
Triple A Racing Triple A Racing is offline

Join Date: Jul 2008
Location: Manchester UK
Posts: 1,003

Default Re: Gdpr - upcoming law for European merchants

Originally Posted by KevTheIrish
perhaps a better way of doing the checkbox would be once a customer selects an EU country as their shipping or billing address, then the consent box appears?
Is not as simple as that

If the 'customer' is from an EU country, but, creates an account, using ONLY their e-mail address and a password (which is the default XC5 setup and does work well) then (technically) GDPR has already been compromised, if..... all the correct consent notifications / get out of jail free cards with regard to cookies, have not already been provided to that customer. Would love to see a successful court case on that issue; The EU V XC5 and its unidentifiable visitor... but technically it is a '...failure to comply'

This is why when using the XC GDPR module on its own, there is no way to switch off the cookies pop-up warning (see our previous post and more below) It's a #Scattergun #CoverAll approach which is, in theory GDPR compliant, in terms of advance consent notifications / get out of jail free cards for cookies. It's explained (but in poor English unfortunately but...) on THIS XC blog page, as follows (extract):

3) The cookie popup
The addon settings allow disabling the cookie popup at all or showing it only for customers from particular countries only. You’ll need the Geolocation addon for it.

Which equates to; the customer's physical "country" is unknown at that point, so unless there is some form of tandem ID tracing (e.g. GeoIP) or some other source of ID / location verification, it's just a pure guess at to which country they are from and so by default, the cookies pop-up can't be switched off...

Your suggestion of the consent notifications / get out of jail free cards etc being dependent on the country that is specified as part of the customer's checkout process is a good one for customers that do place orders. The irony is that XC are clever enough to have done that from the off, but instead, we have the current dogs breakfast / dual module offering, which is what we have summarised in our previous post.

We'll post (and other should) suggestions for a revised module as opposed to any more fault finding of the existing ones shortly.
Dev Store & Live Store: XC Business
Server; Ubuntu 20.04.3 LTS ( Kernel) / Plesk Obsidian
Nginx 1.20.1 / Apache 2.4.41 (Ubuntu Backported) / MariaDB 10.5.12 / PHP 7.4.23
Reply With Quote