I have a number of questions I was hoping to have answered in relation to cookies.
1. Can some one tell me anything about this cookie, car_ver? I have not been able to find anything about it and what it is used for?
2. Is it possible to edit the lifespan for a cookie. 20 years for secure_customer_sig seems a little extreme to me,
3. Is there an update on when the Shopify checkout core code will be compliant with the upcoming EU ePrivacy Regulation with regard to cookie consent? Will you have a cookie consent feature that will allow merchants allow their customers give or refuse consent prior to cookies being used (or at least more clarity on strictly necessary cookies versus performance, targeting, etc.) ?
Some great questions there. Currently your best bet is this app which is "made in Germany".
Marco Pusceddu is the app dev and can chat with you about that. Germans and the German Law (DSGVO) are the most strict about these issues as you can Imagine...
Even more severe it the fact, that the top-rated app still is a cookie banner with the old "Got it" scheme - which is NOT compliant any more. So Shopify shop owners who are not aware of this problem might think that this is enough. But installing these "Got It"-apps are only drawing attention to lawyers because it is even easier to identify Shops that are not compliant. Shopify does not give any warnings that this is 99% NOT a valid method any longer. This cannot be the policy Shopify officially follows, but it unfortunately is. So there is only two options for us:
1. Shopify enables a solution within their default settings for all shop owners WITHOUT the need of installing a third-party app no one knows what exactly it provides.
2. Getting rid of Shopify rather sooner than later because it is impossible to run a serious business in the EU and especially in Germany - which is no small market you can ignore, but the market of the fourth highest ranking country in the world in nominal GDP.
Seriously, Shopify, that is one year without any reasonable solution. That is what I call a deal breaker.
Totally get what you're saying and I have relayed that on to our product and legal teams. We are currently working hard on a solution.
Most of the existing apps are not able to stop shopify cookies from been deployed. Even if you install a complete and costly software solution like cookiebot it won´t be able to stop shopify own cookies from charging prior user consent. Meanwhile ,shopify has release its own cookie banner, which doesn´t seens to offer some of the functionalities required by law (granular consent, cookie list, option to revoke the consent at any time etc...)
This is a serious issue and creates a liability for all EU shop owners.
Have you tested the Beeclever GDPR App? Many German merchants are reporting that it seems to do the job quite well. Marco Pusceddu has been working hard with Shopify Partners (@Michael_Singer and @ICHMIRMICH might comment on this) to make his app as compliant as possible. The Shopify cookie solution currently downgrades persistent non-essentials to session cookies which they claim is compliant according to consultations with GDPR experts. But we are working together with our legal teams and product teams to make the app more granular.
Thank you very much for the answer. I haven´t tried the Beeclever. Does it prevents shopify own cookies from been deployed? Meanwhile, the support of widespread solutions like cookiebot keeps referring that shopify users should appeal to shopify so you can contact then to find a solution.
Shopify is an amazing platform. However, for EU users its really very hard to be compliant with GDPR. I´m seriously considering trying alternative solution if this problem isn´t fixed soon.
It is very difficult to align to the European GDPR with the current Shopify philosophy and settings, that is correct. However, this plugin comes as close as possible to allowing a correct set-up. The support is also very helpful and can advise you on that further.