-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EU GDPR compliance #205
Comments
Interesting. Is it just a question of disclosing what of your information you offer for sale to 3rd party marketeers? Or will store owners be potentially liable if hackers break into their site and dump a list of their customers on the web? I'm not in the EU, and haven't paid any attention to it, honestly. My quick glance around seems like it's more targeted towards advertisers, analytics companies, etc, ISPs and hosting companies, rather than individual store operators, though. Interested in what Einars comes back with, if he or she is still researching |
Any information on GDPR part? Basically from code part there should be:
|
I'm not a lawyer, and I'm not in europe, but i'll comment: I would think that once you become a customer, you can't have a right to be forgotten. The store needs to maintain that information for tax and auditing purposes, otherwise the EU would become a haven for moneylaudering through e-commerce. Beyond that, the OC system doesnt' seem to be collecting much in the line of information, and does delete things rather than soft deleting. The wishlist, for instance, you can add and delete from, and when deleted its gone. But that can be overridden by themes not allowing access to those routes. Some things are stored by necessity (customer_ip - to help minimize fraud). One glaring thing is customer search history. It might seem cool: "hey, we can show users the items they searched for later on!", but i think that's the sort of PII that the EU really would frown upon. I understand its very useful to store, but depersonalize it (don't store the customer_id). And a while ago (year or two) we squabbled about HTTP/HTTPS modes. And again, I'll advocate that there should be no setting of methods in the code. This needs to be implemented at the server/account level, not as a setting for users to enable/disable. Last word: 3rd party hosted libraries. Good job on locally hosting nearly all the components! But in the default theme, you're pulling in a font from Google. Let's not do that. Those fonts are free, it's easy enough to include with the default theme and not let Google view that data. |
Well non of my clients store client tax/invoice info for archyve in opencart, every country has it's own tax laws and opencart invoice is not valid for instance in my country, so right to be forgotten from store database is not a big deal if you do your taxes right.
Well, if you lived in EU, you would know, if person will need to by extension for basic GDPR, he will skip e-commerce solution and look for other. P.S. http://build.prestashop.com/news/prestashop-and-gdpr/ PrestaShop is on it already. |
This part is most interesting from Prestashop guys:
|
Logical, for archive and taxes.
Leaving anonymous account for statistics. They working on this for long time, so I thing the steps they make should be like guide to copona (in live release I mean). |
And again - regulation from EU parliament coming into action next year.
https://www.eugdpr.org/
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Einars will review the requirements and plan changes.
The text was updated successfully, but these errors were encountered: