EU cookie directive: up to €450.000 fine

Starting this month the European watchdogs will be checking websites to see if they comply with the EU cookie directives.

Websites must:[list=1]

[]ask permissions from users to place cookies on their computers. This can be done with a popup.

]fully inform users what exact cookies are placed on their computers and what each cookie is for. A privacy information page is needed.


I have read responses from CS-Cart staff that CS-Cart does not place any identifying information in cookies and therefore there are no issues with the cookie law. This is entirely incorrect because the EU cookie directive is not a law itself. The directive has caused EU countries to create relevant laws, which in many cases do not make much distinction in identifying information. Laws differ from country to country. The Netherlands has the most strict laws.

Many countries demand that users must agree to the placing of any cookie except cookies that are necessary for the functioning of the website. (login cookie, shopping cart content, etc). With necessary they mean necessary for the user. Which is different than necessary for the website.

Even if all cookies would be necessary for the functioning of the website, then its still mandatory to inform the website users about all cookies and privacy.

The EU watchdogs have created scripts that automatically check many websites a day for compliance. Websites that do not comply with cookie laws can be fined up to €450.000

For this reason it is important to define:[list=1]

[]Which cookies does CS-Cart make use of?

]What is the function of each cookie?


Has anyone written a standard text about CS cart cookies? CS-Cart should add such text to the information pages by default.

For those of us that make use of social bookmarking like addthis, sharethis, facebook like, G+, pinterest, etc, this is especially important because the tracking cookie issues of these services is what the law is mainly pertaining to.

For those of us that make use of Google Analytics: currently it is needed to ask permission from your users before a GA cookie can be placed on your users computer. There are law changes underway in this respect though, which will make it possible to use GA if you change your settings to not share your analytics data with Google.

cs-cart uses a cookie to hold the session_id and in some cases the language/currency of the user. Other than that, it's pretty clean. The majority of information about a customer is in the site's database and the SERVER session (not accessible to the browser).

HOWEVER - I think you'll find that the majority of Merchants just blindly add javascript code from a variety of sources that may or may not use cookies for their operations. This has NOTHING to do with cs-cart and everything to do with the ability of the merchant to work within the technologies of their business.

Note also that if the business does not reside in an EU country then the directive is effectively meaningless.

I would think cs-cart marketing department would be happy to provide a “cookie statement” to be used by any merchant who chooses to do so. BUT this will NOT necessarily reflect the cookie usage of the site, only the cs-cart shopping cart software as distributed (un-modified) by cs-cart.

[quote name='tbirnseth' timestamp='1357339471' post='152194'] BUT this will NOT necessarily reflect the cookie usage of the site, only the cs-cart shopping cart software as distributed (un-modified) by cs-cart.


for instance, lots of us are using the google analytics which also uses cookies


This also differs per country. I haven't seen a single German site with a cookie warning. The Netherlands seem to be leading the paranoia club, the UK is now also accepting a link to cookie info on he homepage, and France sites is allowing analyst cookings.

All-in-all it's terribly confusing.