Is the Simplero Cookie banner Leagal?
planned
Siif Floor
I was asked in the Facebookgroup to ass this as a feature request, so the Simplero team could take a look at it.
Here is a duplicate of the post:
****
I am wondering if the Cookie banner that Simplero is offering is legal?
Maybe someone here can help me take a look at it?
---
In the Danish quick guide to cookie banners they say:
"When you provide information about cookies, you must generally provide information about categories of purpose (e.g. use of functions, statistics and marketing as independent categories), to which cookies are added. Consent must be obtained for each category of purpose separately – e.g. with separate check mark."
That is not possible with the Simplero Cookie Banner
---
"As part of your responsibility, you must be able to document the consent.."
Are we able to see who has given consent to cookies in Simplero?
---
Here is a link to the guide:
(Sorry I have only found it in Danish)
---
As far as I understand the guide we are able to add the rest of the information to cookie declaration page that we link to in the cookie banner - am I correct or am I missing something? :)
Thank you very much
Siif
****
Original facebookpost is here:
Log In
Angel Orozco
planned
I'm sorry for the late late reply!
Happy to announce that we're planing on upgrading our cookies soon! We'll keep you posted.
Siif Floor
Calvin Correli Angel Orozco
Any Updates or progress on this?
Lis Alvarez
Hi Siif Floor!
I did some research on Privacy policies and Cookies within the EU and could not find any specific requirements on how the cookie banner should present cookies information.
In summary, you must request consent for cookies that are used for tracking only.
Currently Simplero's cookie banner has this option built-in.
If you would like to provide further details on any tracking you might be doing through your site and cookies, you can provide the details in your Privacy Policy page that's linked in the Cookie banner.
Let me know if there are any other specific requirements within the EU that we are not aware of.
Siif Floor
Lis Alvarez
Lis Alvarez
Thank you for looking into this.
- Did you read the link/pdf that I posted in my original post?
I hope you are able to translate it into English :)
- It might be due to a language barrier, but I do not quite understand 🙈 You wrote "Currently Simplero's cookie banner has this option built-in" can you explain 'what option'?
- We use tracking on our pages in Simplero - I assume that most of the bigger Simplero accounts use tracking. In the simplero cookie banner you must be able to choose if you want to accept those cookies or only the essential ones. The site you linked to say this: "Your users should be allowed to give their specific consent depending on the purpose of the different types of cookies they are accepting, e.g. they should be able to give separate consent for tracking cookies."
- We need to always be able to show an updated list of the cookies they accept. It would be so much better if this was part of the Cookie-tool that Simplero provides instead of us having to manually have to update a page with information about theese cookies. It is not sustainable that we manually have to check if you have updated the information about cookies and then manually have to copy and paste that info into our own page. Do I need to make that a feature request by itself?
- We need to be able to document the cookie consents. So we need to be able to access a log of that. I am really not that strong in legal stuff. So I asked ChatGPT. You can see a link to the chat here.
And here are links to the regulations that are referred to in the chat:
Lis Alvarez
Hi Siif Floor! I've been working with Victor on the document you shared yes :)
Funny enough, when you visit the eur-lex.europa.eu links you get the same cookie banner format that we use in Simplero.
If you use tracking, you can set it up so that Simplero doesn't run the tracking if the user hasn't accepted cookies.
More info on this guide: https://help.simplero.com/courses/1837-how-to-guides/lessons/489542-cookie-consent-banner
Siif Floor
Lis Alvarez
Thank you 🙂
-----
"Funny enough, when you visit the eur-lex.europa.eu links you get the same cookie banner format that we use in Simplero. "
That is for sure interesting. I assume that you have concluded that this covers the part "that users should be allowed to give their specific consent depending on the purpose of the different types of cookies they are accepting, e.g. they should be able to give separate consent for tracking cookies."
I guess that we will have to look into if the Danish rules are similar to the EU rules or if Denmark has made its own more strict rules 🙈
I'll pass it on to the legal workers in the organization 'Dansk Erhverv' there must be someone there that can help us clarify this.
----
Hoping you will get back to me on these two as well:
- We need to always be able to show an updated list of the cookies they accept. It would be so much better if this was part of the Cookie-tool that Simplero provides instead of us having to manually have to update a page with information about theese cookies. It is not sustainable that we manually have to check if you have updated the information about cookies and then manually have to copy and paste that info into our own page. Do I need to make that a feature request by itself?
- We need to be able to document the cookie consents. So we need to be able to access a log of that. I am really not that strong in legal stuff. So I asked ChatGPT.
You can see a link to the chat here.
And here are links to the regulations that are referred to in the chat:
Thank you very much 🙂
Lis Alvarez
Siif Floor, the list of cookies they accept are based on whatever tracking code you add to your Simplero account/sites/landing pages... We are not planning on generating automatically a list of the tracking code you add to your Simplero account. Mostly cause you could put pretty much anything in there.
I understand by the regulations above that admins should list whatever tracking cookies they are using to their privacy policy page :)
Siif Floor
Lis Alvarez
Thank you for your response.
I will get back to it when we have time to dig into to the danish rules.
--
Will you reply to this as well: :)
- We need to be able to document the cookie consents. So we need to be able to access a log of that. I am really not that strong in legal stuff. So I asked ChatGPT.
You can see a link to the chat here (scroll to the buttom of the chat)
And here are links to the regulations that are referred to in the chat:
Lis Alvarez
Hi Siif Floor,
We keep logs of who's accepted GDPR for processing someone's personal data. I'm sure you know how to find those in the Contacts page :)
As far as I understand tracking cookies, you are not recording personal data when tracking through GA, FB pixel, so you don't need to keep record of their cookie consent for that purpose.
Siif Floor
Lis Alvarez
Thanks a lot 🙌
I think I have all the info I need now to check up on it with 'Dansk erhverv's legal team' - if not, I'll get back to you 🙂
Jette Würtz
Lis Alvarez Hi Lis, On behalf of Siif I have consulted a lawyer at the Danish Chamber of Commerce regarding the question about cookie banner format. The lawyer is specialized in Danish business and commerce legislation.
The lawyer told that EU countries have the same GDPR regulation, but the various EU countries enforce the rules differently and Denmark has a more restrictive legislation than most of the other EU countries except Sweden. Because of that, we can't use the same cookie banner as eur-lex.europa.eu.
In Denmark, a cookie banner format MUST include the following options: allow all cookies, allow selected cookies, reject all cookies. Under the "allow selected" button, the user should be able to choose between necessary, statistics, functional, and marketing cookies with seperate checkmarks.
Furthermore the cookie MUST contain an generated automatically updated list of all the cookies the site collects with the following information:
1. Cookie name
2. Provider
3. Purpose of the cookie
4. Type of cookie (e.g., necessary, statistics, functional, marketing)
5. Duration of the cookie (e.g., session cookie, persistent cookie)
6. Description of cookies (HTTP or HTML)
The list can be hided under a "show more" button.
I have enclosed a exampel of a legal danish cookie banner format.
It is very important for us that you update the cookie tool so we can comply with Danish legislation regarding cookie banner format. We are looking forward to hear from you soon.
Lis Alvarez
Thanks Jette Würtz, I've shared the details you've provided with the team.
Jette Würtz
Lis Alvarez Hi Liz, it is very important for us to get the legal cookiebuttom asap. Please respond🙏
Kind regard Jette
Lis Alvarez
Hi Jette Würtz, this task is planned and on our roadmap. I can't confirm an implementation date yet, unfortunately.
Jette Würtz
Lis Alvarez Hi Liz, We really want the new cookiebuttom implemented soon 🤞🙏 Do you have the date for the implementation now? We will appriciate if you can speed up the process because we are affraid to drive traffic to the site, when the cookiebuttom is illegal. I look forward to hear from you🙏
Lis Alvarez
Jette Würtz this project is currently paused meaning we don't have an implementation date assigned to it as of today.
I'll bring up your request interanlly too.
Jette Würtz
Lis Alvarez Hi Liz, do you have any news regarding the implementation date? It is long time for us to wait at a legal cookie buttom! I hope you soon have some good news for us🙏
Lis Alvarez
Hi Jette Würtz, it's planned for Q3 at the moment. We can't commit to a specific date yet but it's been added to the roadmap.
Angel Orozco
under review
Siif Floor
Angel Orozco
I noticed that you commented on a few other feature requests that you are going through the requests right now... Please take a look at this one :)
Angel Orozco
Siif Floor: Hi!
Of course. This is under my radar and I will discuss it with the team. I hope to bring some updates soon.
Siif Floor
Angel Orozco Thank you very much 😊
Siif Floor
Angel Orozco An update on this please 🙏
Angel Orozco
Siif Floor: Hi. I'm really sorry, we've been reviewing other requests and haven't reached this one yet. I expect this week or the next one we'll have a decision and I'll let you know.
Siif Floor
Angel Orozco
In my honest opinion, this should automatically be on top of your list as soon as a thing like this is brought to your attention.
I know that GDPR sucks (I agree) - but it is a legal matter that affects all of your european accounts and could lead to significant fines for all of those businesses.
Please prioritize this even though this is not the request with the most votes.
Angel Orozco
Siif Floor: Thank you for your opinion. I agree, and I will try to discuss this with the team as soon as possible.
Siff Møller Gammelhøj
Angel Orozco any update yet?
Kristina Smith
I believe in the UK we must allow people to choose which cookies they wish to accept/reject (most websites I visit from the UK also have an 'accept all' or 'reject all' option, with the information displayed on what each cookie is). We do need this depth and flexibility on our Simplero websites too to remain compliant.
Merete Stenner
Yes I do believe we need to be able to let visitors to our pages choose what kind of cookies to accept, and then we have to define what categories which cookies belong to (there should definitely be some sort of default guide for most used, and cookies managed through integrations should be defined correctly without the user having to do anything.
Regarding documentation of consent, I would believe it is enough, that the registration of the click shows in the clients browserhistory. I'm not even sure it's legal to store random visitors IP adresses for this purpose if it is even possible.
And yes it is our own responsibility to add the relevant information about cookies used to our privacy policy page and link to that in the cookies settings.
Siif Floor
Merete Stenner
Regarding to this: "And yes it is our own responsibility to add the relevant information about cookies used to our privacy policy page and link to that in the cookies settings."
Then it would be preferred if Simplero can deliver an updated page we can link to with the cookies they use.. Or if there is an other way we can keep track of what cookies they use, then a guide that tells us how to do so.
Siif Floor
Merete Stenner
Regarding to this:
"Regarding documentation of consent, I would believe it is enough, that the registration of the click shows in the clients browserhistory. I'm not even sure it's legal to store random visitors IP adresses for this purpose if it is even possible."
If the client has accepted cookies it does not seem to be enough that the client has the data in his/hers browser history.
The Danish guidelines says "As part of your responsibility, you must be able to document the consent." (translated from Danish. Original Danish text: "Man skal som led i sin ansvarlighed kunne dokumentere samtykket.")
So we have to have access to a log of their cookie consent.
Merete Stenner
Siif Floor In regard to list of cookies in privacy policy: Do we need more than what is stated here https://simplero.com/privacy-policy under Use of cookies? I think pasting that section into our own cookie section in our privacy policy should be enough?
Merete Stenner
Siif Floor In regard to documentation of consent: Have you examples of how other services stores this info? I can only see that it would mean storing IP and consent history since for most visitors that accept cookies we don't know who they are at the point of consent. And for how long should we store this? I see a potentially GDPR violation coming out of this.
Siif Floor
Merete Stenner
Regarding documentation:
We use cookiebot for our wordpress site and they have a log that we can dowload in excel format with a lot of information about when they gave consent, what browser they used, a consent ID and much more. I guess they give consent for that as well when whey give the consent to the cookies.
I believe that "Digitaliseringstyrelsen" in Denmarks use Cookiebot as well. https://digst.dk/
Siif Floor
Merete Stenner wrote "In regard to list of cookies in privacy policy: Do we need more than what is stated here https://simplero.com/privacy-policy under Use of cookies? I think pasting that section into our own cookie section in our privacy policy should be enough?"
I believe that is enough yes, but it would be more helpful to have something where we do not have to manually keep an eye out for updates... If we just copy/paste the text ,manually then we have to check all the time if there has been any changes. So i would prefer somewhing that are able to automatically show all the cookies that simplero set and that we have added our self via the tracking codes on our products, lists, account etc. Maybe something we can embed into our privacy policy or some kind of a GDPR-cookie-section for landingpages so we can build our Privacy policy on a page in simplero.
The best solution in my opinion would be if there is a button/link on the cookiebanner that pulls up a list of the cookies that are used in our simplero page/account like the one on
or