Cookies

The technology is complicated, the rules are contrived and options for implementing a solution are limited and cumbersome.

Plus, nobody likes those annoying and ominous sounding cookie warnings.

One of the benefits of using a "standardised" commerce platform like Pakk, is that since all our customers' sites are running on essentially the same framework which is configurable, not customisable, we can basically solve the cookie problem for you. Yes, you read that right, we've done the groundwork and implemented a "platform-level" solution for you.

So, here's an FAQ covering what you need to know about cookies, and how we approach the solution for all our customers. If you want to do some extended reading, here are some resources:

• Cookies, the GDPR, and the ePrivacy Directive - GDPR.eu

• The Cookie Law Explained

• What are cookies? | Cookiepedia

• Types of Cookies | Cookiepedia

What are cookies?

That's a simple one. They are a very specific (and old) technology that makes it possible for a website to store a simple piece of data in your browser that gets transmitted back to the website every time you visit.

Illustration please....

You visit my website. My website sends your browser a cookie that looks like this (simplified): user_id:1529fvmn48c. Every time you come back to my website your browser transmits this cookie so my website knows you are user "1529fvmn48c".

That doesn't sound so bad, why all the fuss?

Most cookies are not that bad, and they're generally necessary for the functioning of any interactive, modern website. The fuss is really all around "third-party, persistent cookies" or "marketing cookies". These are cookies that essentially have nothing to do with the website you are visiting, that belong to some other site or service, and are used by those third parties to track and monitor your behaviour all over the web, usually with the intention of showing you more targeted advertising.

Hold on, I've been operating a site for years and I've never allowed third-parties to place cookies via my website. Why would anyone do that?

The modern web is a big, complex dumping ground of Javascript and embedded code snippets. Open just about any site made with any of the typical site/store building platforms and observe how hundreds of requests are fired off by your browser. Do you think the site owner explicitly sanctioned, or even knows about, all of those. Of course not, they are the cruft of years and years of plugins, Facebook like buttons, Google Analytics code, Youtube embeds and suchlike. Those cookies are all aimed at tracking your behaviour around the web.

OK, that sounds sinister. What can I do about it?

On a personal level, you can empty your cookies regularly, use a browser that blocks cookies by default (and generally prioritises privacy) and even install cookie-blocking browser extensions. As a business owner, you can commit to not tracking your users around the web and only using "strictly necessary cookies" if possible.

Why would any cookie ever be "strictly necessary"?

Because the web operates on what's called a "stateless request cycle". That's a mouthful, but it just means that without cookies, every request you make to a website will be seen as a completely new session, coming from a completely different person. Obviously, that would make e-commerce (and most other modern web applications) totally impossible - you'd add something to your cart, navigate to another page, and your cart would be empty again. Kind of frustrating, although better for your bank balance!

Ah ok, so Pakk uses cookies to make the cart work?

Yes. Actually no. Cookies are an old technology and have a lot of security issues around them, so Pakk itself doesn't use cookies. However, we do use something a lot like cookies - a bit more modern, but very similar. We use something called "local storage" to store details about the customer's commerce session in their browser - details like the contents of their cart, their wishlist, whether they are logged on or not etc.

Great, so does that get me round the "Cookie Law"?

No. The so-called "Cookie Law" is only referred to as the "Cookie Law" colloquially because cookies are such a common technology. It actually covers the use of cookies and similar technologies. What Pakk uses is definitely "similar", so we're still covered.

OK, so what does the "Cookie Law" require?

It's complicated if you really dive in, but it can be simplified quite a lot. If you only use "strictly necessary" cookies (or similar technologies) then you don't have to obtain permission from customers, you just have to inform them that you are using them and tell them something about what you are doing and why. However, if you are using any other types of cookies, like "preference" or "statistics" cookies, and most definitely "marketing" cookies, then you actually have to obtain consent from customers and give them the option of using the site without these cookies. That last point is key: it's not enough to just warn them - you have to get explicit permission and even if they don't want to give permission, you have to find a way for them to use the site with those cookies turned off.

But since Pakk only uses "strictly necessary" cookie-like things, that's not a problem right?

I wish it was that simple. For the basic Pakk functionality, the cookie-like thingys we use could definitely be considered "strictly necessary" and so subject to only disclosure, rather than full on permission getting. However, we do need to rely on certain third-party services, like Google Analytics (if you have that set up on your account) and payment processors like Stripe and PayPal. Those third-party services might use their own cookies, some of which might be "strictly necessary", others perhaps not. So if those services are enabled and active on your account, your cookie warning and policy text will need to be more involved.

I'm short of breath and perspiring heavily, say something to make me feel better

Pakk is an intelligent system, not a website builder. You already know that because you don't have to write your "delivery page" from scratch right? Pakk does it for you based on how you have your shipping methods configured.

Pakk does that same thing for cookie warnings and policy. Since we (obviously) know what cookies Pakk uses and have done the legwork to understand what cookies our connected third-party services use, and which of those you actually have active on your account, we can generate all these things for you.

Furthermore, given that Pakk combines what would normally be 20 separate services into one platform, your cookie warning and text will be, well, short and simple, rather than an extended work of literature.

Great, so what do I need to do next?

Nothing.