In European countries, after the GDPR(General Data Protection Regulation) introduction, it has become important to correctly apply the basic principle of user consent to the existing and new websites. In simple words, an e-commerce site that is also selling products in European countries must have a cookie policy that is fully compliant with the latest European rules. In this article, we will know how you can set up a cookie policy and cookie banner for your Magento store in accordance with the latest GDPR rules.
What are Cookies?
Cookies are text files with small fragments of data such as username, password, etc. which can identify the computer, tablet, mobile, etc. as you use an internet connection. When you visit a website, you perform a session whose information gets stored in these cookies. Thus you don’t have to log in every time on refreshing the page. Many e-commerce sites use cookies for tracking user behaviour and click, for analysis and marketing purposes. There are different types of cookies. Let’s know about each one of them.
Functional Cookies:
The functional cookies are required to guarantee an enjoyable experience in your e-commerce store. These cookies ensure the proper working of a website and don’t require the user’s permission for installation. Some of the common examples of functional cookies are cookies for login or registration, language preferences, etc.
Analytical Cookies:
As an e-commerce store owner, you must want to know how users are interacting with your website. Various analytical tools such as Google Analytics or Hotjar give this ability. These analytical tools place cookies to track the send and retrieve the user behavior data correctly. However, users don’t need to worry as they can’t record passwords, credit card information, etc.
Marketing Cookies:
Have you ever noticed that if you browse a product on an e-commerce site that says Amazon, then the same product advertisements will be displayed on your social media platforms like Facebook, Youtube, Instagram, etc? Marketing cookies are responsible for this. They keep track of the user journey and share this data with marketing tools like Google Ads. Using this data they try to advertise those products personally. This way you see a T-shirt ad everywhere after visiting a clothing e-commerce store.
Note: Not all cookies every the same purpose. After the introduction of GDPR and stricter privacy rules, it is important to break them down and ask permission from the user – you – whether a cookie can be placed or not.
For which cookies you require user consent?
The non-functional cookies which include marketing and analytical cookies are not mandatory for the proper functioning of your website. In this way, they are unavoidable and are used for collecting user’s data to serve them in a better way. Thus, the admin of the website must seek permission from the users to place them. The purpose of this is that the users must be aware of the information which is collected from them.
The admin needs to ask permission only once unless you delete the functional cookies that store the permission. This cookie also has an extended lifetime which is also divulged in the cookie policy. Just like the functional cookie permission, the e-commerce store admin must indicate what will be the usage of that data. The rules are strict; the user must be informed of the consequences of accepting the cookies.
Cookies and Magento: How to set up and optimize?
We are amongst the top Magento development companies in India and we have completely understood how Magento deals with cookies and complies with the GDPR(General Data Protection Regulation) requirements. As per the European GDPR law, the website owners need to take permission from the users regarding the cookies and even allow them to deny usage if they wish. At Ceymox Technologies, we will display a clean and simple cookie notification bar in the store frontend either developing custom or using an extension.
To keep pace with legislation regarding cookie usage, Magento offers online retailers a choice of methods to obtain customer permission. There are two methods: Implied Consent and Expressed Consent.
Implied Consent:
Implied consent implies that the users visiting your site are having a complete understanding that cookies are a necessary part of operations, and by using your site, they have indirectly granted permissions to use those cookies. Here you must provide enough information to the users so that they can make an informed decision. Many e-commerce retailers display a message at the top of all standard pages giving a brief of how cookies are being used along with the redirection link to the store’s privacy policy. In the privacy policy, you must mention what information is being collected through cookies and how it will be used. However, Implied Consent is not allowed. And don’t do this either. With one exception: if you only place functional cookies.
Expressed Consent:
If you are using cookie restriction mode in your Magento store then you require visitors to express their consent before cookies can be saved in their systems. Unless consent is given, many store features will be unavailable. For e.g., if you have installed Google Analytics in your e-commerce store, then for invoking it you will require user permissions.
How to request permissions from users?
There are many different ways to ask for cookies permissions from users. It is up to you which one you choose. Here are a few examples that you can consider:
Cookie Wall:
This is an overlay that will be immediately visible as soon as the user will load the website and then the user has to make a choice around the cookie before continuing the website browsing. Although it ostensibly seems an “invasive” way to obtain the necessary permissions, it is not a bad technique. It makes sure that the users immediately know that you are asking for cookies and it immediately navigate them in the right direction for more information.
But on the other side, it is less user-friendly as the users get frustrated by seeing an obstacle between them and the website content. It is mostly used when a website depends on advertising revenue and proper permissions are required. Some websites even prevent the use of the website if you use only functional cookies.
Cookie Bar with clear CTA:
A cookie banner or a bar is a better way to request user permissions cookies. You may found it at the bottom or the top of the page, with a visible size, but it certainly doesn’t interrupt the user experience unlike the case of cookie wall. The text and buttons should be clear and unambiguous. You have to offer buttons: one to accept and the other to reject or set preferences.
In this method, there can be scenarios when the user will not make any choice at all, so you can place only functional cookies. As a result, you may lose your analytical and marketing data but it will not impact the user experience on your site.
Pop-ups and Small Windows:
This is an alternative to the traditional cookie bar. Suppose, both cookie bar or cookie banner are not fitting in your design, then you can choose a pop-up or any small window in a corner of the screen. Just like the cookie bar, it is not disturbing, but it will be clearly visible next to or over the content part.
What to do for other countries?
If you are selling your products to a global audience then the cookies disclaimer will be irrelevant for the users outside of Europe. Cookies notification is definitely annoying and does not need to be shown to people from outside the EU. In short, you may want it to be restricted depending on the country of the user. For this purpose, you can use any 3rd party extension by which you can configure the Cookie consent.
Wrapping Up:
Since the adoption of GDPR, cookies, and privacy have become an important considerations for our clients. We, Ceymox always advise our clients to follow all legalities and we help them to develop a highly user interactive website with attractive UI and considering all legalities. Let us know your requirements.
About Author
