Skip to content

Latest commit

 

History

History
164 lines (105 loc) · 8.23 KB

cmp-integration.rst

File metadata and controls

164 lines (105 loc) · 8.23 KB
Raw

Integrating Consent Management Platforms

If required, implement a consent procedure, for example with Usercentrics.

Visitors to the store will then be shown a "Privacy settings" banner when they first visit the store, informing them that third-party website tracking technologies are used.

Using the Usercentrics Consent Management Platform (CMP) as an example, you can find more information in the documentation of our module OXID Cookie Management powered by usercentrics under Funktionsbeschreibung (in German).

Background

In the definition of consent management platforms, PayPal Checkout falls under the category "third-party services". This is because the function of PayPal Checkout requires resources (specifically: Javascript files) must be loaded from external servers (third-party providers).

Problem

Payment buttons, such as those used with PayPal Checkout, are elementary and functional components of a store because they enable fast and uncomplicated payment processes.

However, payment buttons may pose a data protection problem for particularly privacy-sensitive customers. Such customers may prefer other payment functions. This is because third-party providers are theoretically able to use third-party provider access logs to track the customer's visit to the store website.

As a store owner, you must therefore weigh up between

  • the functionality of your website

    and

  • the data protection of your customers

Solution

If data protection could be a problem for your customers, the solution is to use a consent procedure such as that offered by consent management platforms like Usercentrics.

Example: Integrating Usercentrics in PayPal Checkout

Use the following instructions for integrating Usercentrics in PayPal Checkout as a sample that you can also implement in a modified form with any other CMP in order to implement a consent procedure.

  • As a shop owner, you are registered a with Usercentrics and have booked a package suitable for your OXID eShop.

    For more information, see the documentation of our OXID Cookie Management powered by Usercentrics module under Usercentrics-Paket buchen (in German).

  • You have installed OXID Cookie Management powered by Usercentrics.

    For more information, see the documentation of our OXID Cookie Management powered by Usercentrics module under Installation (in German).

  1. Overwrite the PayPal Checkout module template.

    Background: The PayPal Checkout module is prepared in such a way that all templates can be overwritten by individual customizations. To do so, copy one or more files from the module into your theme template. Your OXID eShop first uses the module templates, but overwrites them with theme templates if it finds identically defined templates in the store theme.

    To do so, copy the /source/modules/osc/paypal/views/tpl/shared/layout/base_js.tpl file into the /source/Application/views/<Theme of the OXID eShop>/tpl/modules/osc/paypal/ directory.

    If the template directory /tpl/modules/osc/paypal/ does not yet exist, create it.

  2. Create a data processing service for PayPal Checkout.

    If you use Usercentrics, as in our example, do the following:

    1. Start the Usercentrics dashboard.
    2. Choose Service Settings --> Data Processing Services (oxdajv01, items 1, 2).

    3. To create a service for PayPal Checkout, choose Create Custom DPS (oxdajv01, item 3).

      Under Custom Data Processing Services (oxdajv01, item 4), the name of the data processing service is displayed (oxdajv01, item 5).

      Fig: Creating a data processing service in the Usercentrics dashbordFig: Creating a data processing service in the Usercentrics dashbord

  3. In the /source/Application/views/<OXID eShop theme>/tpl/modules/osc/paypal/base_js.tpl file, customize all PayPal Checkout scripts.

    Background: You want to ensure that all scripts are only executed after consent of your customer.

    Do the following:

    1. Add the type="text/plain" type to your scripts.

      Background: This ensures that the script is not automatically interpreted and executed by the browser when the page is called up.

      To do so, search for the <script expression and add <script type="text/plain" (see Example: Customizing the PayPal checkout scripts <customizing-scripts>).

    2. Assign a custom data attribute to the scripts of the data processing services you use.

      Background: The data attribute is used to connect to the CMP and to query the consents.

      The syntax of this data attribute is data-usercentrics="<name of the data processing service>".

      Here, <name of the data processing service> corresponds to the exact name of the data processing service that you created in step Creating a data processing service <creating-data-processing-service>.

      When copying the name, pay attention to upper and lower case and any spaces.

      In our example (oxdajv01, item 5), the data attribute is therefore data-usercentrics="PayPal Checkout" (see Example: Customizing the PayPal Checkout scripts <customizing-scripts>).

    Example: Customizing the PayPal Checkout-Scripts

    In our example, the original template /source/modules/osc/paypal/views/tpl/shared/layout/base_js.tpl looks like this:

    ...
<script src="[{$oViewConf->getPayPalJsSdkUrl()}]" data-partner-attribution-id="[{$oViewConf-
>getPayPalPartnerAttributionIdForBanner()}]"></script>
...
<script src="[{$oViewConf->getPayPalJsSdkUrlForACDC()}]" data-client-
token="[{$oViewConf→getDataClientToken()}]"></script>
...
<script src="[{$oViewConf->getPayPalJsSdkUrlForButtonPayments()}]" data-partner-attribution-
id="[{$oViewConf→getPayPalPartnerAttributionIdForBanner()}]}]"></script>
...
<script src="[{$oViewConf->getPayPalApiBannerUrl()}]" data-partner-attribution-
id="[{$oViewConf->getPayPalPartnerAttributionIdForBanner()}]"></script>
...

    After customizing the scripts, your template /source/Application/views/<Theme of the OXID eShop>/tpl/modules/osc/paypal/base_js.tpl looks like this:

    ...
<script type="text/plain" data-usercentrics="PayPal Checkout" src="[{$oViewConf-
>getPayPalJsSdkUrl()}]" data-partner-attribution-id="[{$oViewConf-
>getPayPalPartnerAttributionIdForBanner()}]"></script>
...
<script type="text/plain" data-usercentrics="PayPal Checkout" src="[{$oViewConf-
>getPayPalJsSdkUrlForACDC()}]" data-client-
token="[{$oViewConf→getDataClientToken()}]"></script>
...
<script type="text/plain" data-usercentrics="PayPal Checkout" src="[{$oViewConf-
>getPayPalJsSdkUrlForButtonPayments()}]" data-partner-attribution-
id="[{$oViewConf→getPayPalPartnerAttributionIdForBanner()}]}]"></script>
...
<script type="text/plain" data-usercentrics="PayPal Checkout" src="[{$oViewConf-
>getPayPalApiBannerUrl()}]" data-partner-attribution-id="[{$oViewConf-
>getPayPalPartnerAttributionIdForBanner()}]"></script>
...

When the page is loaded, the PayPal Checkout scripts are only executed if your customer has given PayPal Checkout their consent.