-
Notifications
You must be signed in to change notification settings - Fork 615
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
STRF-4612 only show cookie privacy notice for EU IP addresses #1381
Conversation
Autotagging @bigcommerce/storefront-team @davidchin |
@carsonreinke did you have feedback on this change? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a changelog before we merge this PR.
@bookernath Can't you be a someone from the EU and not be in the EU? I feel like it is less confusing, either you work with the a country requiring this or you don't. If you do want to add this, maybe make it a bit more flexible for other filtering in the future asking for consent. |
@carsonreinke thanks for your feedback. The EU cookie law (to the best of my understanding) primarily applies to 1. EU-owned websites and 2. websites targeted at EU citizens. So when we think of the best default behavior of our platform (of which Cornerstone is a representation) it makes sense to only bug shoppers when absolutely necessary - when they are browsing from the EU. An EU-owned or EU-targeted business would be best advised to modify this behavior to target a broader range of shoppers, to your point. I had considered a future enhancement in which this would be a toggle-able setting in theme editor - what do you think about that? |
@bookernath Just because you are a citizen, does not mean you are in the physical location. A EU targeted website should not try and figure who is a citizen or not, it just needs to be on. I could not find anything on people actually doing this. |
The law doesn't target EU citizens in non EU countries. Local law applies in that case. It's correct to target EU located IP addresses. |
@xenph You might be right. I guess if there some precedence for this somewhere, please send that over. It just sounds like the wrong path. |
Hi, I'm Christopher Beckett, BigCommerce's Data Privacy Leader 😄 If you want a further view of EDPB's recent guidance regarding the territorial scope of the GDPR, please read this: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_3_2018_territorial_scope_en.pdf. However, typically I read these so you don't have to 😄 |
Thanks @xenph, appreciate the feedback and sorry for the noise. |
@bookernath As you're already doing a GeoIP lookup to generate Could then do something like 🤔 Just an idea 🙄 |
@flair-duncan I think that's a great idea; due to some stuff happening on the backend it would be a little bit more of a project than this change (we have an existing method to calculate "is in the EU"), but I'm willing to consider it for the future. We're kicking it around internally now. |
@bookernath are we waiting on anything to get this merged ? Also the PR will need a rebase. |
@junedkazi we're waiting for https://github.com/bigcommerce/bigcommerce/pull/27154 to hit production. |
I think it is fine to merge it bcoz we don't plan on releasing cornerstone until we have all the backend changes rolled out completely. |
Sure, let's do it! |
FYI @flair-duncan we're rolling out a new |
What?
Depends on https://github.com/bigcommerce/bigcommerce/pull/27154 in which we surface a new key in the context indicating if the shopper has an EU IP address.
This will only show the cookie notification for those shoppers, so that you don't bug shoppers when you aren't legally required to.
Leaving this in the theme code allows the behavior to be further customized by a theme developer if desired.