GDPR compliance and cookies

Please refer to this https://stripe.com/us/privacy

Thank you. I have seen that page. It is a US privacy page for stripe for US consumers. I am talking about GDPR compliance for EU merchants. None of the cookies I listed are mentioned there. As an EU merchant, I should know all the cookies that are issued from my site and be able to describe their functions.

As I understand it, four weeks’ time, the GDPR will require prior consent for non-essential cookies to be installed from my site onto a user’s computer.

I use Angeleye’s Paypal plugin. Paypal’s cookies are only issued by Paypal (not my site) only when the user presses the paypal button. Not my legal problem. Moveover, no Paypal cookies are served to a user who just browses the site. GDPR compliant.

It is different with the Stripe plugin. Stripe cookies are served from my site to the user’s computer whenever the user lands on an individual product page. My individual product pages also cause (third-party) cookies to served to the user’s computer – whether or not they intend to buy (or whether or not they intend to use a Stripe payment gateway).

continued…

In four weeks’ time this scenario will be illegal for EU merchants. Explicit prior consent for an EU site to install cookies will be required. The type of cookies will need to be explained. The option of NOT having third-party cookies installed on a user’s computer will have to be available.

If a user lands on one of my individual product pages via a google search then my site will cause Stripe cookies to be served on a user’s computer before a cookie notice and consent can be given. This, I understand, will now not be acceptable or legal.

Two ways to resolve this as far as I can see: redirect all individual product pages to home page to obtain cookie consent (and link to a description of cookies) or prevent plugin issuing any cookies until the user decides to make a payment (as with Paypal button I described).

We’re in discussion internally about GDPR as we speak however this is not just at this Stripe plugins level but it goes much broader than that. WP stores cookies, WC stores cookies and not to mention some of the plugins you use along side also probably stores cookies.

So the way I see it is you would probably need to create a opt-in somewhere at your homepage or any landing page where users tend to come in from. If they don’t opt-in you would have to discourage the use of your site. Nonetheless our plugin will eventually disclose all privacy data that is stored and also will allow erasure of data if user so chooses. We will definitely comply to those items within the GDPR policy.

But again, we’re all in discussion about this not just with this plugin but the overall implementation across WC related items. So things may change.

In case others read this, I have had promising results from the “EU Cookie Law” plugin.

I don’t know how typical I am but it could be useful to consider the user’s viewpoints. I have third-party cookies turned off on all browsers. If a page requires third party cookies then I abandon it rather than turn on. I also clear my cookie cache on exit.I also have a script-blocker to disable current cookie warnings on frequently visited sites…

I think discussion is more than a purely technical shift. Perhaps a cultural shift, which is less easily resolved. It is, perhaps, not just a question of technical, legal compliance but also questioning what benefit to the user (not supplier) for information collected.

A small example of this cultural shift. In the UK, many of the larger corporations websites became GDPR compliant sometime ago. WordPress and Woo – US concerns – are still discussing with three weeks ago. And a whole continent is affected!

Am sure things will change soon.

Hi @gingeralfie

I’m going to mark this as resolved as there are a lot of discussions on the development side which are related to GDPR and Roy has answered your initial question.

WordPress 4.9.6 has just been released for testing which will carry a lot of updates around this, and WooCommerce 3.4 relies on some of those so we will release that shortly after.

Thanks,