Cookie banner ePrivacy and GDPR compliant

Hi,
I need to add a cookie banner on my website and it has to be ePrivacy (i.e. 2002/58/EC “Privacy and Electronic Communications Directive”) and GDPR (General Data Protection Regulation) compliant.

The ePrivacy Directive outlines the obligation to collect the consent of users before any operation consisting in reading or writing data from the terminal of the user can occur. Moreover, the entry into force of the GDPR on 25th of May 2018 reinforced the requirements for a consent to be valid.

Unfortunately, the WIX app Cookie notification pop-up is not ePrivacy nor GDPR compliant . It is a great shame that WIX services do not offer such functionality, when they are offered for use in the European Union !

As recommended by the French data protection authority (the CNIL) (see https://www.cnil.fr/en/cookies-and-other-tracking-devices-cnil-publishes-new-guidelines ) , I would like to install “tarteaucitron.js” (see https://opt-out.ferank.eu/en/install/).) on my website, to have the same cookie banner than the one on the CNIL website.

In this regard, how can I do to upload the .js file to root directory ?

Thank you,

Clara

2 Likes

The issue off non compliance has been raised with wix about a year ago. Their response was that users could request it as a potential future feature so as we may comply with the law

Thank you Mike for the info. Indeed, I had already seen some old posts about that… anyways I still would like to receive a clear answer from Wix on this matter : that they do not allow their customers to comply with the (European) law, despite the fact that Wix services are offered for use to European people for which they pay a price).

Since the ePrivacy Directive was adopted in July 2012, and the GDPR was adopted in April 2016 and entered into force in May 2018, and that we are now in August 2019, so @WIX : when can we expect a GDPR/ePrivacy compliant update of your app Cookie notification pop-up (or a feature that allow us to upload .js file to root directory to overcome this problem) ? Thanks !

PS : of course I had already voted for this feature request (“Allow visitors to your website to accept or decline cookies”)

I totally agree with the post.
We have problem right now, we will have to delete 3 sites on Wix only because of that stupid banner.

Wix - please find a way how to make compliant cookie alert for your customers or you will lose all sale in EU.

Hi there, here is my solution for a gdpr compliant cookie banner. I created a pdf tutorial (step-by-step) and implemented it in two Wix-Pages, it works.

@Daniel
From what I can see your cookie banner is tracking user consent with session data. If the user consents you then load code for 3rd party API. The 3rd party APIs then set their relevant marketing and tracking cookies as facebook and google love to do. There is the small issue of all the other 1st party WIX cookies that were placed on the users devices without their consent for example:

TS4bf5242e027 (not listed in wix cookie policy, unknown purpose)

bSession (not listed in wix cookie policy, unknown purpose)

ssr-caching (wix states essential, used to indicate system from which site was rendered, I do not see how it is essential that wix know the system as many other website platforms do not require this cookie data to operate.)

svSession (wix states essential, used in connection with user login. Note if you create a blank website without any login functionality Wix will still place this cookie on a users device without their consent. I fail to see how a site without login functionality has an essential requirement for this cookie data.

XSRF-TOKEN (wix states essential used for security, maybe so but difficult to tell considering the limited amount of info available about this cookie in wix cookie policy)

hs (wix states essential used for security, maybe so but difficult to tell considering the limited amount of info available about this cookie in wix cookie policy)

I would have to question as to whether some of these cookies adhere to the requirements of “strictly essential” as defined in GDPR. And even if some do meet the requirements they for sure do not comply with GDPR regarding explaining to the user what they do and why they are necessary not to a level where a user can make an informed assessment.