The Recital 30 of the GDPR states:
Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
The idea is relatively simple: cookies can be used to uniquely identify a person, therefore they should be treated as personal data. It will affect those identifiers used for analytics and advertising, but also those used for functional services like chats and surveys.
However, there is a difference between cookies. Cookies that are essential for normal website functioning cannot be disabled. The non-essential cookies should be disabled. The Plumrocket GDPR extension uses native Magento "Cookie Restriction Mode" functionality which, by default, allows only essential cookies to be created. The essential cookies are those necessary for providing the information requested by the user. All the other cookies are considered non-essential. Included here are identifiers used for analytics, cookies from advertisers or third parties, including affiliates and those that identify a user when he returns to the website. The GDPR is meant to target the non-essential category.
The essential Magento cookies are strictly necessary for the normal website functions. These cookies cannot be switched off because the Magento store wouldn’t work properly anymore. However, these identifiers do not store any personal data. Try disabling ALL cookies in Magento and your website will become unusable. Customers will not be able to add products to a cart, login, etc..
To summarize - the Plumrocket GDPR Extension will block all non-essential cookies until visitor consent is given. Only after the visitor consent is given (eg: "Allow Cookies" button is pressed), will the non-essential cookies will be created.
See other FAQ for Magento 2 GDPR Extension
- How GDPR Data Privacy Center Works
- How to Download and Remove Account Data via GDPR Data Privacy Center
- How to Update Given Privacy Consents via GDPR Data Privacy Center
- How to Set Up Magento 2 GDPR Extension for EU Visitors Only
- How do I know if General Data Protection Regulation (GDPR) is applicable to my business
- How to Make my Magento Store Fully GDPR Compliant