Probably everyone who is on the Internet has heard something about so-called cookies. Cookies are text files that store information from a website in our browser. These cookies are used to make it easier for us to surf the Internet by storing data such as language settings, names or e-mail addresses.
In general, we can distinguish between session cookies and tracking cookies. Session cookies are technically necessary cookies that enable us to surf the Internet without errors. They ensure, for example, that login data is stored on password-protected websites and that we therefore do not have to log in again as long as we move around the website or log out. The main focus here is on security, as these cookies are automatically deleted after we leave the website or log out.
Tracking cookies, also called persistent cookies, on the other hand, are stored permanently. These cookies are used to create a kind of user profile and thus display targeted and user-based advertising. Thus, for example, on websites such as Amazon, we receive personalized advertising based on our search and purchase behavior.
The use of cookies and the associated data protection issues are the subject of extensive debate not only in Germany, but also within the European Union. The countries of the European Union have agreed on the following in the so-called "Cookie Directive":
"Member States shall ensure that the storage of information or access to information already stored in the terminal equipment of a subscriber or user is only allowed if the subscriber or user concerned has given his or her consent on the basis of clear and comprehensive information provided to him or her in accordance with Directive 95/46/EC, inter alia, on the purposes of the processing."
However, this EU directive is not the same as law within individual countries, but must be actively implemented. With the entry into force of the General Data Protection Regulation (GDPR), it was regulated that the legal basis for the use of cookies must be named in the privacy policy of the website. However, the DSGVO does not explicitly regulate the use of cookies. This is to be done by the so-called E-Privacy Regulation, which, however, has not yet entered into force (status 08/2020).
How do we now behave as website operators based on the current legal situation? Based on current case law, the clear recommendation is to implement an opt-in for website cookies. For this purpose, we use a cookie notice, also cookie banner or cookie pop-up, to inform the visitor of our website which cookies our website uses for which purpose. This notice also includes the option for our website visitor to accept or reject the individual cookies. This applies especially to the persistent cookies, whose consent by the website visitor must be informative, active and voluntary.
For our website in Odoo, there is a need for action in this case, because the Odoo standard does not include a cookie hint. For this, our development team has developed a simple and cost-effective solution, the Cookie Consent Manager Basic and its extension, the Cookie Consent Manager Live Chat.
With these tools, the cookie banner appears at the bottom right of the window when you visit our website. The cookie banner contains the general information that we use cookies on our website. The visitor to our website has the option of rejecting all cookies, accepting all cookies or accessing further information via "Settings".
Our Cookie Consent Manager Basic contains the session cookies, which are necessary for the smooth operation of our website. For this reason, the session cookies cannot and need not be deactivated. Furthermore, the Cookie Consent Manager Basic includes the cookies for Google Analytics, i.e. tracking cookies, which can also be deactivated.
As an extension of the Cookie Consent Manager Basic, we have developed the Cookie Consent Manager Live Chat. If we use the Live Chat function on our website, cookies are also used for this, which can also be deactivated with this tool.
Independently of these two modules and in accordance with the GDPR, the most important information about the use of cookies on our website can also be found in the privacy policy, which can also be found on our website. This includes both the information that we use cookies and the definition to distinguish between the session cookies and the persistent cookies.
The modules themselves include another useful functionality. If we have accepted or rejected the cookies of our website, we can call up and change these settings again within the privacy policy. To do this, we simply click on the "Open your settings" button. This will take us back to the advanced settings of the cookie banner and we can make the settings.
Our Cookie Consent Manager Basic and Live Chat is also compatible with Odoo's multi-website functionality. So if we manage multiple websites in Odoo, we define our cookie domain in the settings per website as well as the corresponding URL to the privacy policy.
Another advantage of our modules is that they can be extended at any time. So, if we use additional or new features of our Odoo website in the future that also set cookies, we can extend them in the modules or develop new modules for them.
In conclusion, we can state that with our cookie banner we are in any case on the safe side with regard to the current legal situation and case law and that there is no need for us to take any further action even if the e-privacy regulation comes into force.
Are you interested in our modules to comply with the current case law on the use of cookies on your Odoo website as well? Just take a look at our online shop or contact us now and we will be happy to advise you on these and other features!
Sources: www.odoo.com, www.chip.de, www.datenschutz.org, www.datenschutzexperte.de, www.e-recht24.de, www.t3n.de