X-Cart:EU Cookie Law
Important: On 14 April 2016, the EU Parliament approved the General Data Protection Regulation (GDPR) 2016/679 - a piece of legislation concerning the protection of personal data and privacy for all individuals within the European Union and the export of personal data outside the EU. The GDPR replaces the 1995 Data Protection Directive.
On 25 May 2018, after a two-year transition period, the GDPR becomes enforceable.
The new EU regulation will impact business not only in the EU but those outside as well - if they process the personal data of EU residents (for example, collect email addresses, monitor the behavior of site visitors by IP, etc). Organizations in non-compliance may face heavy fines.
To help X-Cart 4 Classic stores comply with the requirements of the new regulation easier, we’ve created a new module - GDPR-friendly. The new GDPR-friendly module is aimed to replace the EU cookie law module which used to be available as part of the core functionality. The GDPR-friendly module includes all the features of the EU cookie law module and provides more GDPR-specific features on top of that.
More information on GDPR is available in our blog article GDPR Is Almost Here, Impacting Online Stores in EU and Outside. X-Cart Is Ready.
EU Cookie Law module
X-Cart's EU Cookie Law module is a solution for X-Cart shop owners in the European Union looking to comply with the law requiring user consent when using cookies.
EU Cookie Law is available as a built-in module in all X-Cart editions starting with version 4.5.1. Implementation of the EU Cookie Law module functionality in earlier X-Cart versions is possible upon request.
By May 25, 2011, the Directive was to be transposed into the national laws of the EU's 27 member states. Although this deadline was missed by many states, the majority managed to comply with the EU cookie law by June 2012.
Controversial as it may be, the EU cookie law is here to stay, so we came up with a solution that can help you to comply with its requirements.
EU Cookie Law module overview
Here is an overview of the EU Cookie Law module features.
The panel provides a clear indication that the visitors can choose either to consent to the use of all available cookies or to change the existing cookie settings to refuse some of the cookies.
The visitors can indicate their acceptance of all cookies by continuing to use the store website without changing the cookie settings. The cookie information panel will be hidden automatically in 60 seconds (60 seconds is the default value; if necessary, the store administrator can readjust the cookie information panel display time). There is also the Close button which the visitors can click to get the panel out of the way before its display time period expires.
For users' convenience, all the cookies have been divided into three types: strictly necessary, functional and other. "Strictly necessary" are cookies without which the store website will not be able to function properly; according to the EU cookie law, such cookies can be used without the need for the visitors' consent. As you can see from the screenshot above, the 'disable' option for this type of cookies is not provided. Unlike "strictly necessary" cookies, "functional" and "other" cookies can be freely enabled/disabled by users according to their preferences, with the reservation that disabling these cookies will result in certain features of the website becoming unavailable. To find out what cookies in X-Cart belong to which type, see the section X-Cart cookies below.
Note that after the cookies information panel has been closed, the visitors will still be able to access the 'Change cookie settings' panel at any time via the Change cookie settings link in the 'Special' section:
After a store visitor defines his or her cookie preferences using the 'Change cookie settings' panel, the preferences are saved to his or her user profile, provided that the visitor has one and is logged in, or - if the visitor is not a registered user or is not logged in - are placed on the visitor's computer in the form of a cookie. Thus, on their subsequent visits to the store, the users will not have to readjust their cookie preferences for the store website again.
Note that the 'Change cookie settings' panel allows users not only to define how they wish to treat future cookies, but also to control the cookies that might have already been set onto their computer as a result of using the store website: if, by the time a user decides to refuse certain type(s) of cookies, the said cookies are already stored on his or her computer, they will be removed as soon as the user clicks the Save and close button on the panel to save the respective 'disable' prefereces.
To find out whether a specific cookie used by your store is "strictly necessarry", "functional" or "other", you can refer to the EU Cookie Law module configuration file <xcart_dir>/modules/EU_Cookie_Law/config.php. This file defines your store's "strictly necessary" and "functional" cookies. The "strictly necessary" cookies are listed in the $config['EU_Cookie_Law']['strictly_necessary_cookies'] variable, whereas the list of "functional" cookies can be seen in the $config['EU_Cookie_Law']['functional_cookies'] variable. Typically, the said lists will include the following cookies:
Strictly necessary cookies $XCART_SESSION_NAME Remembers the user's shopping cart contents Remembers the user's personal account information (name, address, orders history, etc) eucl_cookie_access EU Cookie Law module cookie; stores the user's cookie preferences Functional cookies $XCART_SESSION_NAME . 'C_remember'
$XCART_SESSION_NAME . 'B_remember'
$XCART_SESSION_NAME . 'A_remember'
$XCART_SESSION_NAME . 'P_remember'
Allow to restore the user's context (store codes that allow X-Cart to know where to redirerect the user after log-in, store some parameters for wishlist and special offers bonuses pages) adv_campaignid
Remember the user's membership in an affiliate program (if any) mailchimp_campaignid
Stores MailChimp campaign ID and landing site GreetingCookie Remembers the user's name for the greeting message partner_clickid
Allow collection of statistics on the user's purchases RefererCookie Stores the URL of the site from which the user came to the store store_country Remembers the user's country preferences (MultiCurrency module) store_currency Remembers the user's currency preferences (MultiCurrency module) store_language Remembers the user's language preferences
Note that both the lists are not something permanent: if you install any modules at your store, the cookies used by these modules can be added to the lists.
"Other" cookies are all the cookies that are not listed in the $config['EU_Cookie_Law']['functional_cookies'] and $config['EU_Cookie_Law']['strictly_necessary_cookies'] variables. For example, __utma, __utmb, __utmc (Google Analytics).
Enabling the EU Cookie Law module
The EU Cookie Law module is disabled in X-Cart by default. To be able to use this module in your store, you need to enable it.
To enable the module:
- In Admin area, go to the Modules section (Settings menu->Modules).
- Choose the 'EU Cookie Law' item by selecting the respective check box on the left.
- Click the Apply changes button. This activates the module.
The module does not require any additional configuration and will work out of the box.
The time for which the cookie information panel is displayed during a user's first visit to the store website is defined by the value of the countdown_sec variable in the file <xcart_dir>/skin/common_files/modules/EU_Cookie_Law/func.js. By default, this value is set to 60 seconds. If you wish to change the cookie information panel display time, edit the file <xcart_dir>/skin/common_files/modules/EU_Cookie_Law/func.js in a plain text editor replacing the "60" in the following line:
var countdown_sec = 60;
with the desired value in seconds.