On 1st of October 2019, the European Court of Justice decided that browser cookies (and similar technical possibilities) can only be stored on the computer of a visitor of a website if he explicitly gives his consent. This decision was confirmed by German Federal Court of Justice on 28th of May 2020.
In the past we have taken efforts to provide you with the necessary information on this topic in webinars, blog posts etc.
Necessary and essential cookies set by OXID eShop
In the case of only technically necessary cookies for running this website (for example in a shopping cart system like OXID eShop to keep the content of a cart) it is okay to inform the visitor about the name of the cookie, how long it will be valid and what it actually does. These cookies do not have to be confirmed by the visitor of your Online shop. And here’s a list of essential and technically necessary cookies used in the storefront of OXID eShop:
Name | Group | Valid how long | What is it for |
---|---|---|---|
sid and sid_key | essential | until end of session, until browser will be closed | These cookies identify you to the shop with a unique identifier, e.g. to save the shopping cart. |
language | functional | ends after 167 minutes | Saves the currently used language. |
displayedCookiesNotification | functional | ends after 167 minutes | Stores the decision about cookie consent of the visitor of the website. |
aHistoryArticles | functional | until end of session, until browser will be closed | Saves a list of the last seen product items. |
oxid_ and oxid__autologin | functional | ends after 60 minutes | Saves the information if a visitor of your Online shop want’s to autologin to the application. |
amazon_Login_state_cache | functional | ends after 60 minutes | Saves the information if a visitor of your Online shop is presently logged in to Amazon as well for autologin. (Only valid if the AmazonPay module is in use) |
Tracking and marketing cookies
It’s different with tracking and marketing cookies: if you make use of them, you have to provide a tool (mostly implemented as a modal popup storefront-side) where your visitor explicitly may give his consent that cookies for this purpose might be set.
Hint #1
In an Online store it is easy to urge your visitors to accept such cookies by giving the right incentive: maybe you can offer a discount of x percent I hope there will be a technical solution for this nice idea (isn’t it?) soon.
Hint #2
Be prepared that your tracking data will never again be the same as it was before: Even if you could persuade your prospect to give his consent for getting tracked, more and more modern browsers are about to stop cross-site cookies. And with this, your visitor might accept burning in hell but you’ll never see him there.
With the themes Flow and Wave OXID eShop deliveres a possibility to have your Google Analytics ID entered via admin panel. This will activate Google Analytics tracking, the JavaScript code will download tracking cookies named _ga, _gid and *gat_gtag_UA**. Unfortunately, we cannot 100% say what they do and for how long they will be valid as these are cookies set by Google and could be changed anytime.
You guys need solutions
The topic is anything but simple: there are very different technical approaches and still only vague statements about how such a Cookie Consent Tool should look like in detail. The worst thing about it is that if only 5% of the implementation is wrong or only 90% of the implementation is right, the implementation as a whole is 100% wrong. However, experts are sure that there will be no legal notices about this in the near future. But of course, in a perspective, you guys need solutions for your (or your client’s) Online shops, don’t you?
Consent Management Providers
An external solution could be the usage of a so called “Consent Management Platform”, abbreviated as CMP. These CMPs are on the market for a while now (for different purposes, not only cookie consent) and offer their services as SaaS-Providers. The implementation is often very easy: just register, get your JavaScript snippet and implement it into your (child) template. We’ve seen a lot of enterprise clients turning to these solutions within the last few weeks. Their pricing is often bound to the number of pages of a website but also to languages used or the number of domains. Depending on their plans, they can do a one-time or a regular cookie scan.
As all of your projects might be different, I can’t give a hint of the one and only CMP to go with. Just google it yourself. For our own sites, we go with Usercentrics.
Generic open source tools
“Generic” is in a manner that there are open source solutions independent from the above named SaaS platforms that can be implemented in your project but there’s no OXID module yet to implement them with a simple composer require
.
- OIL: wow, this project seems to be in a “movement”. Actually I wanted to present you the OIL solution but it seems to be deprecated by now. Instead, the former OIL project leads to another framework called “IAB” right now.
- However, there’s still the tarte au citron project alive like a fish in the water
- Klaro! is another open source solution, licensed under BSDv3.
Available modules for OXID eShop
Modules for OXID eShop can be easily installed via composer require
or any other method available.
Commercial plugins
- Startseite | eComStyle.de | OXID eShop und WordPress Agentur (no encryption, from 25 €)
- OXID eShop Modul: Cookie Consent Manager | Netensio (encrypted: 99 €, unencrypted: 149 €)
- Cookie Consent Modul | | OXID Shop (might be encrypted, zero Euros, apparently using Klaro!)
- My dear friend Keywan has got something on the plans but didn’t send me links to his solutions so far.
UPDATE: Under the brand name “Stainless Plugins” there are connections to Usercentrics and Cookiefirst available, but still need some fine-tuning. Further CMPs are to be connected via the same base module (under AGPL).
Open source plugins
- GitHub - ThomasJanda/oxid-cookiemanager: Manage cookie and generate a cookie popup the user can accept (GPLv3)
- GitHub - aggrosoft/oxid-cookie-compliance: GDPR Compliance (MIT)
These are the tools I know so far. Please feel free to complete them in the comments
I have a dream
As a Community Manager, I am allowed to have a dream, aren’t I? How about bundling all of our forces to have a freely available tool for that issue on the basis of the named open source plugins or modules for OXID eShop? I summon all of you guys with the same intention: Instead of doing your own personal stuff, heading for that two and a half pens you could earn with your private solution, please join one of the open source modules and hammer them with your pull requests for better handling of these hilarious requirements that might change with the wind within the next few weeks. Savvy?
Can’t wait to discuss this in the comments/the forums or in dev-general Slack.