The information in this thread might be outdated
If the solution did not help, please, check our Help Portal or contact Ecwid Team.
Closed Thread
 
Thread Tools Display Modes
  #1  
Old 03-28-2013, 04:32 PM
DeeJewels's Avatar
DeeJewels is offline
 
Join Date: Feb 2010
Posts: 26
Exclamation

New EU Law AND Cookie Do i need to do any or Ecwid coved?


DO I NEED TO DO ANYTHING WITH THIS NEW LAW THIS IS MY SITE: www.deejewels.com


New EU cookie law (e-Privacy Directive)
The law which applies to how you use cookies and similar technologies for storing information on a user’s equipment such as their computer or mobile device changed on 26 May 2011.

We’ve answered some of your FAQs in a YouTube video, summarising how you can comply and the approach the ICO is taking to enforcement. (NB: playing YouTube videos sets a cookie - more information.)


ICO guidance
Updated in May 2012, our cookies guidance (pdf) sets out the changes to the cookies law and explains the steps you need to take to ensure you comply. The updated guidance provides additional information around the issue of implied consent:

Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.
If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.
You should not rely on the fact that users might have read a privacy policy that is perhaps hard to find or difficult to understand.
In some circumstances, for example where you are collecting sensitive personal data such as health information, you might feel that explicit consent is more appropriate.
European data protection authorities opinion
In June 2012, European data protection authorities (as part of the Article 29 Working Party) adopted an opinion which clarifies that some cookie uses might be exempt from the requirement to gain consent:

Some cookies can be exempted from informed consent under certain conditions if they are not used for additional purposes. These cookies include cookies used to keep track of a user’s input when filling online forms or as a shopping card, also known as session-id cookies, multimedia player session cookies and user interface customisation cookies, eg language preference cookies to remember the language selected by the user.
First party analytics cookies are not likely to create a privacy risk if websites provide clear information about the cookies to users and privacy safeguards, eg a user friendly mechanism to opt out from any data collection and where they ensure that identifiable information is anonymised.
Cookies and personal data
Regulation 6 covers the use of electronic communications networks to store information, eg using cookies, or gain access to information stored in the terminal equipment of a subscriber or user.

Although devices which process personal data give rise to greater privacy and security implications than those which process data from which the individual cannot be identified, the Regulations apply to all uses of such devices, not just those involving the processing of personal data.

Where the use of a cookie type device does involve the processing of personal data, service providers will need to make sure they comply with the additional requirements of the Data Protection Act 1998 (the Act). This includes the requirements of the third data protection principle which states that data controllers must not process personal data that is excessive. Where personal data is collected, the data controller should consider the extent to which that data can be effectively processed anonymously. This is likely to be particularly relevant where the data is to be processed for a purpose other than the provision of the service directly requested by the user, for example, counting visitors to a website.

Confidentiality of communications and spyware
It should be remembered that the intention behind this Regulation is also to reflect concerns about the use of covert surveillance mechanisms online. Here, we are not referring to the collection of data in the context of conducting legitimate business online but the fact that so-called spyware can enter a terminal without the knowledge of the subscriber or user to gain access to information, store information or trace the activities of the user and that such activities often have a criminal purpose behind them.

Information to be provided
Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

(b) has given his or her consent.

The Regulations are not prescriptive about the sort of information that should be provided, but the text should be sufficiently full and intelligible to allow individuals to clearly understand the potential consequences of allowing storage and access to the information collected by the device should they wish to do so. This is comparable with the transparency requirements of the first data protection principle.

The Regulations state that once a person has used such a device to store or access data in the terminal equipment of a user or subscriber, that person will not be required to provide the information described and obtain consent (and discussed above) on subsequent occasions, as long as they met these requirements initially. Although the Regulations do not require the relevant information to be provided on each occasion, they do not prevent this.

Responsibility for providing the information and obtaining consent
The Regulations do not define who should be responsible for providing the information and obtaining consent. Where a person operates an online service and any use of a cookie type device will be for their purposes only, it is clear that that person will be responsible for complying with this Regulation.

Exemptions from the right to refuse a cookie
The Regulations specify that service providers should not have to provide the information and obtain consent where that device is to be used:

for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or
where such storage or access is strictly necessary to provide an information society service requested by the subscriber or user.
In defining an 'information society service' the Electronic Commerce (EC Directive) Regulations 2002 refer to 'any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service'.

The term 'strictly necessary' means that such storage of or access to information should be essential, rather than reasonably necessary, for this exemption to apply. However, it will also be restricted to what is essential to provide the service requested by the user, rather than what might be essential for any other uses the service provider might wish to make of that data. It will also include what is required to comply with any other legislation the service provider might be subject to, for example, the security requirements of the seventh data protection principle.

Where the use of a cookie type device is deemed 'important' rather than 'strictly necessary', those collecting the information are still obliged to provide information about the device to the potential service recipient and obtain consent.

Wishes of subscribers and users
Regulation 6 states that consent for the cookie type device should be obtained from the subscriber or user but it does not specify whose wishes should take precedence if they are different. There may well be cases where a subscriber, for example, an employer, provides an employee with a terminal at work along with access to certain services to carry out a particular task, where to effectively complete the task depends on using a cookie type device. In these cases, it would not seem unreasonable for the employer’s wishes to take precedence. However, it also seems likely that there will be circumstances where a user’s wish should take precedence. To continue the above example, an employer’s wish to accept such a device should not take precedence where this will involve the unwarranted collection of personal data of that employee.
  #2  
Old 03-28-2013, 04:35 PM
DeeJewels's Avatar
DeeJewels DeeJewels is offline
 
Join Date: Feb 2010
Posts: 26
Exclamation Cookie Add info

Cookie consent laws come into force
Laws requiring a website to ask users what data they consent to having stored about them online have come into effect.

Some websites, such as online shops, store information in cookies to make things easier for return visitors. Photo: REX
By Matt Warman, Consumer Technology Editor7:00AM BST 27 May 201231 Comments
The new EU legislation requires websites to ask users for their 'informed consent', and will divide the type of consent into different categories.
A new code of conduct, introduced by the London office of the International Chamber of Commerce, aims to help businesses comply with the new EU legislation which has come into effect this weekend. Breaches of the code could cost companies £500,000.
The new law introduces four new categories for cookies, which the ICC suggests will be identified with four icons.
The Information Commissioner (ICO) had given British websites a year's grace period to comply with the new legislation, which expires this weekend.
The ICO has recently clarified that websites can rely on "implied consent" for some aspects, so long as sites are satisfied that users understand the overall terms to which they have agreed. The ICO's Dave Evans wrote in a blog post that sites "should not rely on the fact that users might have read a privacy policy that is perhaps hard to find or difficult to understand.In some circumstances, for example where you are collecting sensitive personal data such as health information, you might feel that explicit consent is more appropriate".
Related Articles
New cookie regulations could mean big changes 18 Apr 2012
Web surveillance and email monitoring: why should we care? 02 Apr 2012
Websites graded for privacy 15 Feb 2012
The regulations distinguish between cookies that are ‘Strictly necessary’ for a website to function; those necessary for a site to monitor its ‘performance’; cookies that add ‘functionality’ such as remembering a password; and ‘Targeting Cookies’, which collect several pieces of information about users’ browsing habits.
On the launch of the new guide at a Government event in Whitehall, Stephen Pattison, CEO of ICC UK, said: “Educating consumers about cookies and their uses has to be the first step in complying with the new EU rules”.
The new guide includes suggestions for how websites describe what they are asking for in the simple language the EU demands. It acknowledges, however, that some cookies will fall into multiple categories.
Mr Pattison said that the process may become simpler as consumers become more aware of how their information is being used.
The Information Commissioner’s office welcomed the launch of the guide. An ICC official said the aim of the new guide was to provide compliance with EU regulations without disrupting current practices. The ICO has already said that it will not be actively investigating sites unless complaints are made, in part because a number of sites, run by both business and government, are expected to miss the deadline.
Michael Bond, a policy advisor at the International Chamber of Commerce also commended the efforts of those working towards the EU's deadline, saying: "Industry has been working hard developing workable approaches to compliance over the last year, with good results. Progress has been bolstered by a ‘can do’ attitude. Business is getting there, which is very encouraging. Continued examples of good practice in the UK will help shape the debate internationally.”
Although major sites and ISPs support the measures Robert Bond, of law firm Speechly Bircham, said “Whilst the ICO has made it clear that he, Christopher Graham, is not going to have his team expending effort to investigate all websites, he will take interest in websites that are non-compliant particularly where on investigation the website owner has done nothing to get compliant with the law. The ICO is unlikely to impose the full monetary penalty of £500,000 for the most serious breaches, but there is no doubt that many websites, where user trust is essential, will need to take steps to engender that trust by being transparent about the use of cookies and also educating consumers to the fact that the majority of cookies are good and not anywhere near as bad as the law appears to make out."
  #3  
Old 04-10-2013, 12:09 PM
Lanna's Avatar
Lanna Lanna is offline
Ecwid Team
 
Join Date: Jan 2011
Posts: 2,678
Default

Quote:
Originally Posted by DeeJewels View Post
DO I NEED TO DO ANYTHING WITH THIS NEW LAW THIS IS MY SITE: www.deejewels.com
Hi,

The cookies law took effect in May 2012.
Examples of implementation of the cookies law requirements can be found for ex. here: http://econsultancy.com/ru/blog/1020...law-compliance
In regards to Ecwid, please refer to this post: http://www.ecwid.com/forums/showthre...1242#post51242

However, it has recently been reported that the cookie law is about to be eased or even eliminated. For ex., here're couple of articles about this:
http://www.netmagazine.com/news/cookie-law-dead-132540
http://blog.silktide.com/2013/01/the...-dead-at-last/
http://www.thedrum.com/opinion/2013/...-takes-biscuit

So according to the latest changes, it will be enough to put a page with a clear explanation on 'what are cookies and why used' on your website (e.g. in the footer), or even be able to provide this information post factum.
__________________
Lana W.
Ecwid Customer Care Team

More tips and hints on Ecwid use in our Help Center

⬇ Please click Thanks if my reply helped you.

Thank Ecwid team on Twitter
  #4  
Old 12-28-2015, 10:32 PM
Neeraj Bhardwaj's Avatar
Neeraj Bhardwaj Neeraj Bhardwaj is offline
Junior Member
 
Join Date: Dec 2015
Posts: 1
Default

Hi,

It seems after 3 years law is still there,is there any way I can put a script on you solution to get a popup ,i generally use script from cookie-script.com or any other option before I upgrade by subscription to paid one?

Regards,
neeraj
  #5  
Old 01-15-2016, 04:39 PM
river's Avatar
river river is offline
Ecwid Team
 
Join Date: Feb 2015
Posts: 452
Default

Quote:
Originally Posted by Neeraj Bhardwaj View Post
Hi,

It seems after 3 years law is still there,is there any way I can put a script on you solution to get a popup ,i generally use script from cookie-script.com or any other option before I upgrade by subscription to paid one?

Regards,
neeraj
Hello,

Ecwid Customer Care team here. Thanks for your post.

In a nutshell, Ecwid uses Local Storage instead of Cookies as a method of storing the data needed for the work of the system on the side of the client's browser. This method is required for the service to work properly and there's an exception for that matter in the law.

Please refer to this post for more details: https://www.ecwid.com/forums/showthr...1242#post51242

If you still wish to add the note, though, adding a script for it is definitely possible since Ecwid is designed as an integrated solution. This means that Ecwid itself can be installed to any website in web.

The general method of adding the scripts which will work with Ecwid is to write ones that call to Ecwid's Javascript API.

Thus it's possible to write a script (or just adjust some 3rd party script) for adding the pop-up at the moment the store is loading.

If you need any help or clarification on how the script should be written in order to call to Ecwid JS API, please ask. I'll be glad to assist.
__________________
Roman I.
Ecwid Customer Care Team

More tips and hints on Ecwid use in our Help Center

⬇ Please click Thanks if my reply helped you.

Last edited by river; 01-15-2016 at 04:42 PM.
Closed Thread
The information in this thread might be outdated
If the solution did not help, please, check our Help Portal or contact Ecwid Team.

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:16 PM.
Powered by vBulletin® Version 3.8.11. Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.