Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie notice > GDPR compliance #696

Closed
gregory-moka opened this issue Feb 13, 2020 · 10 comments
Closed

Cookie notice > GDPR compliance #696

gregory-moka opened this issue Feb 13, 2020 · 10 comments
Labels
enhancement help wanted question stale PR/Issue without recent activity, it'll be soon closed automatically.

Comments

@gregory-moka
Copy link

Not a real issue here, but a question about GDPR compliance of the Cookie Notice app.
To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive we must:

  1. Receive users’ consent before you use any cookies except strictly necessary cookies.
  2. Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
  3. Document and store consent received from users.
  4. Allow users to access your service even if they refuse to allow the use of certain cookies
  5. Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

(Source : gdpr.eu)

With this cookie disclamer we only respect zero of the five criterias :
image

  1. User can visit website without giving his consent (or it's not clearly expressed in the descipription)
  2. User has to go to the privacy policy page to discover which data will be collected
  3. Not able to see where the consents are saved in backend
  4. We allow user to access service, but user has not accepted cookies
  5. Configure brother is not easy for every user

Line of thought :
Here is a cookie disclamer generator :
https://www.termsfeed.com/cookie-consent/
@fcvalgar
Copy link

It is true that the odoo cookie popup does not collect consent correctly.

There is a CMS similar to the one to indicate called cookiebot on which the implementation with odoo V13 is being worked on.

https://www.cookiebot.com

#724

@theoo
Copy link

theoo commented Aug 4, 2020

I noticed that there is already few modules addressing this topic:

but I cannot figure out how to bundle them together so points mentioned by @gregory-moka can be covered.

@fcvalgar
Copy link

fcvalgar commented Aug 4, 2020

I noticed that there is already few modules addressing this topic:

but I cannot figure out how to bundle them together so points mentioned by @gregory-moka can be covered.

website_cookie_notice not implement the functionalities necessary for compliance for cookie consent.
data-proteccion not cover cookie consent

If the functionality is outsourced with a consent management CMS as @gregory-moka says, the legislative changes will always be considered and the maintenance will be less.

@fcvalgar
Copy link

fcvalgar commented Aug 4, 2020

I noticed that there is already few modules addressing this topic:

but I cannot figure out how to bundle them together so points mentioned by @gregory-moka can be covered.

At the moment there are no core or OCA modules that solve this need, although I have seen a payment module but I have not used it.

@rafaelbn
Copy link
Member

Dear @gregory-moka @theoo ,

odoo/odoo#61946

Thanks

@ivantodorovich ivantodorovich mentioned this issue Dec 28, 2020
Closed
@github-actions
Copy link

There hasn't been any activity on this issue in the past 6 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days.
If you want this issue to never become stale, please ask a PSC member to apply the "no stale" label.

@github-actions github-actions bot added the stale PR/Issue without recent activity, it'll be soon closed automatically. label Sep 25, 2022
@KaiBoos
Copy link

KaiBoos commented Apr 25, 2023

This is still relevant!
A lot of companies f.e. in Germany, are billing a non-compliance with around 300€.
Without the correct GDPR compliance, we cannot use the website as we would like to.

@gregory-moka
Copy link
Author

This is still relevant! A lot of companies f.e. in Germany, are billing a non-compliance with around 300€. Without the correct GDPR compliance, we cannot use the website as we would like to.

Sure, I implemeted premium services like CookieFirst or CookieBot.
As the law evolved and the scripts are always different from 1 site to another, I prefered rely on a company who knows how to handle those services.
My customers are happy with this approach.

Regards

@NICO-SOLUTIONS
Copy link
Member

Cookiebot and cookiefirst are available in oca website repo (depending on Odoo version).
Proper setup in the external portals is mandatory.

I like the klaro! Consent tool, which can be embedded directly in Odoo, without external scanners (like cookiebot and cookiefirst, the scanner is actually a great feature to speed up cookie definition, but the external scanner is gdpr relevant of course. That's why I still have klaro! In mind.
Up to now there is no module available for using klaro! So maybe this would be a topic to attack? Considering that klaro! is open source.

If you are looking for a solution for Germany... maybe have a look to ccm19 too.

@fcvalgar
Copy link

Cookiebot and cookiefirst are available in oca website repo (depending on Odoo version). Proper setup in the external portals is mandatory.

I like the klaro! Consent tool, which can be embedded directly in Odoo, without external scanners (like cookiebot and cookiefirst, the scanner is actually a great feature to speed up cookie definition, but the external scanner is gdpr relevant of course. That's why I still have klaro! In mind. Up to now there is no module available for using klaro! So maybe this would be a topic to attack? Considering that klaro! is open source.

If you are looking for a solution for Germany... maybe have a look to ccm19 too.

Thank you very much for introducing me to Klaro. They use Plausible.io. It makes me think that they are very respectful of third parties privacy.

I have found that on some occasions cookiebot interferes with visual elements (menus) in some versions of Odoo up to the banner acceptance.

At this time external services are the best option.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted question stale PR/Issue without recent activity, it'll be soon closed automatically.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@theoo @rafaelbn @fcvalgar @gregory-moka @KaiBoos @NICO-SOLUTIONS