Cookie Policy + Compliance in Configured Commerce
As privacy policy standards continue to evolve and become increasingly complex in different countries, such as the General Data Protection Regulation (GDPR for EU countries, as well as various state-specific regulations within the United States (e.g., California Consumer Privacy Act [CCPA] and Virginia Consumer Data Protection Act [CDPA], it is essential to address these requirements within the platform.
To ensure compliance and meet the expectations of users, it is vital that the Configured Commerce product incorporates mechanisms to handle these complex privacy policy standards seamlessly. This would include the ability to:
Clearly present and explain all base cookies utilized by the system, along with any associated analytics and tracking features.
Provide an option for users to opt out of any optional analytics or tracking features included as part of the base platform.
Offer extensibility for third-party integrations added by partners or clients during custom implementation efforts, allowing the inclusion of relevant information.
I believe these enhancements will significantly improve the user experience, demonstrate a commitment to privacy compliance, and align Optimizely's Configured Commerce product with current industry standards.
Thomas Ritsert
shared this idea
Currently we provide space via a pinned banner to allow customers to link to their appropriate privacy policy for additional details. This is for 'acceptance' only in that all cookies leveraged out of the box are considered first party functional cookies (https://support.optimizely.com/hc/en-us/articles/4413199721229-Cookies-in-Spire-CMS) for the website
- The Accept button allows the pinned banner to disappear in acceptance of the policy
- The other option is to 'close' the window, which is why it still displays if not 'accepted' on future pages/navigation of the user. This is not a 'reject' button out of the box today.
Rejection of cookies or enhanced cookie management requires use of third party consent management system and is encouraged especially if additional cookies are leveraged or if changes are made to existing flows altering the functional first party cookie status of existing out of the box cookies.
While looking into making existing cookies more configurable we found we do have customers who leverage consent management systems successfully. Often times these third-party integrations can be applied via the out of the box widget(s), and these integrations should be able to be applied via customization with implementation partners. If there are things blocking you from implementing consent management systems please let us know.
We are open to continuing to hear feedback from customers and partners as to if there are specific things that we can offer from base that would help make these third party consent management integrations easier.
