Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Who in the EU has heard of GDPR and will it affect you


14steve14

Recommended Posts

3 minutes ago, Dan Cole said:

I'm no lawyer but I'm not sure this is true.   As I understand it, the EU or any country for that matter only has the ability to write laws governing their own people...they can't impose laws or rules on the citizens of other countries nor could they enforce them. 

Dan 

Yes they can and they already did. Take a look at the VAT Rules if you sell digital services or digital goods into EU. You would have to register with one EU Country for VAT Moss and report for every tax rate on every eu country how much vat you added while selling to a eu customer.

Sure, what the EU can do regarding non EU business not doing as regulated by EU is limited.

 

 

Link to comment
Share on other sites

  • Replies 279
  • Created
  • Last Reply
12 minutes ago, Dan Cole said:

I'm no lawyer but I'm not sure this is true.   As I understand it, the EU or any country for that matter only has the ability to write laws governing their own people...they can't impose laws or rules on the citizens of other countries nor could they enforce them. 

Dan 

It's true Dan.  

https://www.forbes.com/sites/forbestechcouncil/2017/12/04/yes-the-gdpr-will-affect-your-u-s-based-business/#607bdeae6ff2

The link also clearly states that my previous post is incorrect. 
f some random french guy buys from you while he is outside the EU, GDPR does not apply. 
I guess:  collect the IP address to prove it.

Quote

Accepting currency of that country and having a domain suffix -- say a U.S. website that can be reached with a .nl  from the Netherlands -- would certainly seal the case.

That is super interesting.  Do you accept Euro or GBP on your site(s) ?  Yikes.

Quote

This can get more complicated when a customer signs up for a service or buys something. The vendor will need to obtain explicit permission for each type of processing done on the personal data (i.e., email promotions or sharing with third-party affiliates will have separate checkboxes).

Sounds like a separate checkbox needed for all external stuff;

[ ] can we mailchimp you
[ ] can we use Paypal
[ ] can we Maxmind
[ ] can we blah blah

Link to comment
Share on other sites

9 minutes ago, MrPhil said:

Can you imagine if even a small percentage of people in the EU suddenly demand that all their forum/blog posts, reviews, endorsements, tweets, etc. be immediately deleted? It will be chaos, but the GDPR says they can. Can you imagine having to ask people for permission to pass their shipping address on to the Post Office or shipping company? The intent (to protect privacy) is noble, but the execution is seriously flawed. It's one thing to implement reasonable data protection and privacy rules, but the GDPR goes beyond the Pale.

maybe that is what we eu citizens should do. use the system and request data 24/7 until it becomes clear that it is stupid :)

 

 

Link to comment
Share on other sites

1 minute ago, Stephan Gebbers said:

maybe that is what we eu citizens should do. use the system and request data 24/7 until it becomes clear that it is stupid :)

I can tell you now, that I will be causing so much trouble to every site I ever signed up to...

Maybe we all should ?

Link to comment
Share on other sites

6 hours ago, burt said:

It would be really cool if you emailed these two companies, asking for their advice...
When/if you get a reply post it back to this thread...

I *guess* you will need to have extra tickboxes asking for customers permission to send some details to maxmind/fraudlabs.
What customer details are sent?  I have never used either of these, so I don't know...

i just contacted maxmind with a request how they are prepared for GDPR (DSGVO in Germany). They are on it and plan to be ready in Q1 they say. And if i have any specific questions i can send my questions to their support.

 

 

 

Link to comment
Share on other sites

12 minutes ago, burt said:

It's true Dan.  

I'm not convinced....I would love to see an article addressing the legal aspects of it, especially one written by an authority outside the EU.  Fortunately I don't sell of ship anything outside of Canada or the US so I don't have to worry about it.

Dan

Link to comment
Share on other sites

1 hour ago, burt said:

I can tell you now, that I will be causing so much trouble to every site I ever signed up to...

Maybe we all should ?

Gary. If you emailed every one of them and they all asked for proof of your identity before they will let you know you would regret contacting them all. It would also waste your time.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

I did a little more research and it looks like there is an agreement between the EU and US which might account for the EUs over reach on this.  I also noted that the US has complicated matters further but imposing obligations and sanctions for failing to preserve certain electronic data.  Looks like this is getting to be a fairly complicated issue and it'll be interesting to see how this all plays out.   

https://www.inta.org/Advocacy/Documents/2017/Article - Compliance with the EU_S General Data Protection Regulation and US Discovery Law.pdf

Dan

Link to comment
Share on other sites

From the webinar I took part in, it seems that you need to get explicit consent to store the data. When getting that consent you have to link to your privacy policy which should detail what you will do with that data once you have it, and how you will protect it. You don't need to ask for consent every time as they have already agreed to how you use it.

One idea that was agreed that could eliminate some confusion for customers is to have pop up boxes when a customers clicks on say the email box when creating an account with a short bit of text as to why you need to give that information.The box would then disappear when  they start typing assuming that they read it. What was stressed as being very important was storing the date that consent was given, which oscommerce could do as it records the date that the account was created. As long as there is a checkbox on that page then all should be fine.

There will be a lot more confusion to come yet. It will be good to see what some of the larger websites do.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

12 hours ago, 14steve14 said:

Gary. If you emailed every one of them and they all asked for proof of your identity before they will let you know you would regret contacting them all. It would also waste your time.

It was a bit tongue-in-cheek.  Although I do get a lot of spam mail from one particular place I signed up to, so hopefully I can stop that.

Link to comment
Share on other sites

7 hours ago, Moxamint said:

Hi,

Is using Google Analytics module in osC considered GDPR's definition of profiling using personal information ?

Thanks in advance for your input.

Eddy

I don't use GA so I dont know the answer...

But, what customer data is sent to the Google Servers?  If you can find that out, we can at least make an educated guess.

Link to comment
Share on other sites

If ... you are a store owner, anywhere in the world, and are running the community version of osC (Gold or Edge) ...

I strongly urge you to sign up for the 28-days code bundle that @burt has here:

The GDPR modules alone (days 16, 18, and 24) are worth the price of admission!

(plus, you'd be helping with the development of the software that you are using to run your businesses)

Malcolm

 

Link to comment
Share on other sites

*** update ***

@burt has added two additional bonus GDPR modules to his 28-days bundle (as well as some other additional bonuses), making this bundle even more valuable! It's not too late to: 1) get these GDPR modules for your store, and 2) help support and move osCommerce to the next level!

Malcolm

Link to comment
Share on other sites

GDPR modules

Thinking about GDPR some more and looking at some of the modules Gary has created, I was thinking about the contact us form. Should there be a box warning or consent check box on that page as the name, email and possibly phone number could be kept for future contact. The same sort of thing with the product notification page.

Not too sure both pages have been set up to allow modules to be added to them, but should something be done just to cover business owners.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

On 3/9/2018 at 9:37 AM, 14steve14 said:

GDPR modules

Thinking about GDPR some more and looking at some of the modules Gary has created, I was thinking about the contact us form. Should there be a box warning or consent check box on that page as the name, email and possibly phone number could be kept for future contact. The same sort of thing with the product notification page.

Not too sure both pages have been set up to allow modules to be added to them, but should something be done just to cover business owners.

Hoping that [sooner rather than later], these sorts of ideas will come up for discussion and then whatever is decided needs doing...can be coded up in time for the GDPR start date.  

Link to comment
Share on other sites

No, it doesn't give ip info, but you can track order id numbers.  it does have session tracking where you can see people over multiple sessions and their paths and actions.  Also shows search terms they choose.  All anonymous data though.  

I'm not really a dog.

Link to comment
Share on other sites

Hi all,

we definetly need anonimity process in admin backup download process and in account delete requests. I think that the best would be a database field selector where we could select the relevant fields to clear. There would be an admin setup page and this rules table could be used in account anonimity or special database export process.

As developer I dont want to be in personal data incident when I use client's database on my development enviroment. So I start to develop an admin security module for v2.3.4 core.

Why admin setup page?

because there are different database installation everywhere so we dont have general rules to do it safety.

First list of sensitive fields

{"action_recorder":["user_name","identifier"],"address_book":["entry_firstname","entry_lastname","entry_street_address"],"customers":["customers_firstname","customers_lastname","customers_email_address"],"orders":["customers_name","customers_street_address","customers_email_address","delivery_name","delivery_street_address","billing_name","billing_street_address"],"orders_status_history":["comments"],"reviews":["customers_name"]}

 

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

Datatable field selector page is ready. Now I am working on field rule selectors and research. I will push it on github later.

Required anonimity rules of sensitive fields

rename,  delete,  change

Names - anonim name rule
Don Joe -> anonim
Street address -> anonim

Email - anonim provider rule
[email protected] -> [email protected] (we can touch the email provider for stats later)

Birthday - anonim date rule
1992-02-18 -> reset to year first day value (1992-01-01)

IP address - anonim regio rule
192.168.1.1 -> 192.0.0.0 (keep the main interval for stats)

what else?
Please if you have any idea post here

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

GDPR modules, setup and backup functionality are ready so there is an easy way to develop customer GDPR compatible anonimity account module

 

GDPR_setup.PNG

gdpr_modules.PNG

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...