Magento 2 US Privacy Laws Extension: Configure Cookie Rules

• Key Features Of Magento 2 Data Protection Laws In The US

• How To Configure The Data Privacy Extension For Magento US?

• 3 Best US Privacy Laws Extension For Magento 2

• FAQs

• Summary

Key Features Of Magento 2 Data Protection Laws In The US

1. Safeguard Your Business from Hefty Fines and Penalties

Avoid costly non-compliance for businesses with a large customer base. These fines can quickly snowball into the millions. The price of non-compliance is steep, with penalties ranging from $2,500 to $7,500 per violation. Keep pace with the ever-changing landscape of US data privacy laws. From the CPRA to the VCDPA, each state has its own set of rules.

2. Build Customer Trust and Loyalty with Transparent Data Practices

In the age of data breaches and privacy scandals, customers are more cautious than ever about sharing their personal information. Send a clear message to demonstrate your commitment to privacy. Make it easy for your customers to exercise your rights. Examples include accessing, correcting, or deleting your information. By putting power back in the hands of your customers, you foster a relationship built on respect and transparency.

3. Streamline Compliance with Powerful Admin Features

Data deletion requests can be time-consuming to process manually. Easily view and manage customer privacy settings from the Magento backend. Review, approve, or deny requests with just a few clicks. You can also set up automatic deletion for inactive customer accounts after a specified period. Log all data download requests in the Magento backend.

Comprehensive Coverage Of Key US Privacy Laws

1. California Consumer Privacy Act (CPRA)

As the pioneer of US privacy legislation, California sets a high bar with the CPRA. It ensures your store is full. This law gives consumers extensive rights over their personal information. It provides them with the right to know what data is collected to the right to opt-out of data sales.

2. Colorado Privacy Act (CPA)

CPA introduces new privacy policies for businesses that handle the personal data of Colorado residents. You can obtain consent for processing sensitive data to conducting data protection assessments.

3. Connecticut Data Privacy Act (CTDPA)

CTDPA Compliance Connecticut is the latest state to join the privacy law bandwagon with the CTDPA. This law shares many similarities with the Colorado and Virginia laws. It emphasizes consumer rights and controller obligations.

4. Utah Consumer Privacy Act (UCPA)

UCPA does not demand opt-in consent for sensitive data processing. However, it still demands robust privacy protections.

5. Virginia Consumer Data Protection Act (VCDPA)

VCDPA is one of the first comprehensive state privacy laws. It shares many common themes with the CPRA and CPA. Examples include the right to access, correct, and delete personal data.

How To Configure The Data Privacy Extension For Magento US?

1. General Settings

1. Download or purchase any extension from the Magento Marketplace.

2. Navigate to Stores > Configuration > US Privacy Laws.

3. Expand the General tab.

Check the example below for general configuration:

• Enable: Set to 'Yes' to activate the extension.

• Enable Privacy Settings Tab for Californians Only: If enabled, only customers registered in California will see the Privacy Settings tab with the 'Don't Sell or Share My Personal Information' option in their accounts. The customer’s billing address is used to detect their location.

• Log Auto-Cleaning: Set to' Yes' to allow the extension to delete log records after a specified period.

• Log Auto-Cleaning Period: Specify the number of days after which log records will be cleaned. The default is 180 days.

2. Customer's Account Privacy Settings

Check the settings below to configure settings related to the customer's account Privacy Settings block.

• Allow Downloading Personal Data: Set to 'Yes' to permit registered users to download their personal data in a portable format.

• Allow Opt-Out from Personal Information Selling or Sharing: Set to 'Yes' to display an opt-out checkbox in customers' accounts.

• Allow Deleting Account: Set to 'Yes' to enable users to request the deletion of their accounts.

Note: Enable or disable specific features to comply with legal requirements.

3. Personal Data Deletion

This tab features two dropdowns that allow you to precisely adjust automatic data deletion and restrict data removal for specific scenarios. This is useful if you need to retain certain data for a specified period for tax reporting or other legal obligations.

1. Automatic Personal Data Deletion

• Delete Personal Data of Abandoned Customers’ Accounts: Set to 'Yes' to automatically create deletion requests for customer accounts that have been inactive for a long time.

• Abandoned Customers’ Accounts Automatic Deletion Period (Days): Enter the number of days to define the period for inactive accounts. If a customer has been inactive for more than the specified number of days, a deletion request will be created.

2. Prevent Data Deletion of Recent Orders

When a customer requests the deletion of their personal data and the request is approved, the extension deletes their account, subscriptions, and their data in orders, invoices, shipments, and credit memos. Deleting this data can pose issues for store owners who need to retain it for a certain period. Use this tab to configure deletion restrictions for specific cases.

• Don't Delete Personal Data in Recent Documents: Set to 'Yes' to retain data in recent documents.

• Prevent Data Deletion Period (Days): Enter the number of days. After a customer deletes their account, personal data in orders, invoices, shipments, and credit memos will remain untouched for the specified period. Once the period expires, the personal data will be automatically deleted.

• Don't Delete Personal Data for Orders in Specified Status(es): Set to 'Yes' to preserve data for specific order statuses.

• Order Statuses: Choose the order statuses for which personal data will be preserved for a set period.

4. Email Notifications

You can choose to notify both managers and customers upon approval or denial of a deletion request.

1. Manager Notifications

Your Magento store admin user will receive an email when a customer submits a new request to delete their account.

• Notify Manager on Deletion Request: Set to 'Yes' to enable automatic notifications for the admin user.

• Email Sender: Select the contact from which the email will be sent.

• Send Email To: Enter one or more email addresses. If adding multiple emails, list each one on a separate line.

• Email Template: Choose the email template to be used for automatic notifications.

2. Customer's Approval Notification

Handle email notifications for customers on their deletion requests.

• Email Sender: Select the contact that will send the email.

• Send Reply To: Enter the email address that will be used for replies.

• Email Template: Choose the email template for automatic notifications.

3. Customer Deny Notification

Handle email notifications for customers regarding the denial of their deletion requests. These settings are similar to those for the Customer's Approval Notification.

• Email Sender: Select the contact that will send the email.

• Send Reply To: Enter the email address to be used for replies.

• Email Template: Choose the email template for automatic notifications.

5. Privacy Policy Editor

1. Go to Configuration > Customers > US Privacy Laws > Privacy Policy.

2. Click on the 'Add New Policy' button.

You can create and manage multiple privacy policies from a single grid. You can also sort or delete them.

• Comment: Enter the working name of the policy that will be displayed on the grid. Use readable names for easy identification.

Note: Comments will not be shown to customers on the frontend.

• Version: Enter the policy version in your preferred format.

• Status: Set the status for the current policy. Choose from Enabled, Disabled, or Draft.

• Policy: Insert the text of your Privacy Policy. Consult a legal specialist to ensure compliance with local laws.

Note: Only one Privacy Policy version can be active at a time. When a new policy is enabled, the previous one will automatically switch to disabled. To edit a previous version, use the Clone button to create a new copy in Draft status for editing.

For Magento Community, use the WYSIWYG editor. For Magento Enterprise, manage the policy text using Page Builder.

Check the extension configuration page of the Page Builder User Guide for using its elements.

3. Press the 'Save' button.

Note: After this, the policy will then be accessible on the Privacy Policy grid.

6. Consent Checkboxes

1. Navigate to Configuration > Customers > US Privacy Laws > Consent Checkboxes to create custom checkboxes to request user consent.

2. Click on the 'New Checkbox' button to add a new checkbox.

Check the example below to view and manage all the checkboxes you have created.

• Checkbox Name: Enter the name that will be visible on the frontend.

• Checkbox Code: Enter a unique code name for the checkbox element, such as 'privacy_policy' or 'underage_18'.

• Enabled: Set to 'Yes' to enable the checkbox on the frontend.

• Confirmation Required: Set to 'Yes' if this checkbox should be mandatory and marked with an asterisk (*).

• Log the Consent: Set to 'Yes' to log the checkbox consent.

• Hide the Checkbox after User Gave the Consent: Set to 'Yes' to receive this consent only once.

Note: After the Privacy Policy updates, the checkbox will still be triggered to receive consent for the most recent version.

• Checkbox Position: Set the position of the checkbox where "0" is the highest.

• Checkbox Location: Choose where the checkbox will be displayed.

• Checkbox Text: Enter the text that will be displayed on the frontend for the user. You can also add links to Privacy Policy or CMS pages.

• Consent Link Type: If you have added a link in the Checkbox Text, specify its type for correct processing.

• Countries Restrictment: Choose which regions' visitors will see the checkbox. For example, you can display a specific checkbox only to residents of certain countries.

3. Press the 'Save' button.

7. Consent Log

The module enables you to track all customer privacy-related actions. Examples include giving consent via checkboxes and accepting the Privacy Policy.

Go to Configuration > Customers > US Privacy Laws > Consent Log to access the Consent Log.

8. Customers Grid

Store admins can view and filter customers by their consent regarding the selling of personal information.

1. Go to the Customers grid.

2. Add the 'Don't Sell or Share My Personal Information' column.

Note: This process allows you to monitor whose information you may process. You can change consents directly from the grid using the inline editor.

9. Delete Requests

Go to Configuration > Customers > US Privacy Laws > Delete Requests.

Note: In compliance with the latest US Privacy Laws, every individual has the right to delete their personal data. When a customer submits a deletion request through their account's Privacy Settings block, it appears in the Delete Requests grid. Here, the manager can review and either approve or deny the requests in bulk.

10. Action Log

To access this grid, go to Configuration > Customers > US Privacy Laws > Action Log.

Note: When a user performs an action in their account, it automatically records it in the Actions Log grid. Examples include submitting an account deletion request or changing privacy settings.

11. Frontend Configuration

After installing the module, this is how the customer's account US Privacy Settings block will appear:

• Download Personal Data: Customers can download their personal data in a portable format. After confirming their identity, the data will be packaged in a file and downloaded.

• Don't Sell or Share My Personal Information: Customers can opt out of having their personal information sold or shared with third parties.

• Delete My Account: Customers can request to delete their account. They need to check the checkbox. Also, they need to confirm their identity by entering their account password. A deletion request will then be created in the Delete Requests grid in the Admin's backend.

3 Best US Privacy Laws Extension For Magento 2

1. CCPA Extension for Magento 2 by Plumrocket

Magento 2 CCPA Extension is fully compliant with the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA). It safeguards the rights of both merchants (data controllers) and visitors to your Magento site.

Features

• Adheres to all CCPA & CPRA rights, including opt-out/in, access, correction, deletion of personal data, and knowledge of collected information.

• Allows both customers and guest visitors to submit "Do Not Sell or Share My Personal Information" requests.

• Enables cookie consent notices and sets up notifications.

• Views download and account erasure requests.

• Manages customer consents.

Pricing

$199.00

2. CCPA Magento 2 Extension by Amasty

Amasty Magento 2 Cookie Consent Extension allows you to prepare your store to meet essential US privacy law requirements with a single solution. Amasty extensions support various US privacy regulations in the US.

Features

• Allow users to opt out of personal data sales or sharing.

• Enable buyers to download their personal data securely.

• Create and manage multiple versions of the Privacy Policy.

• Collect various consents with custom checkboxes.

Pricing

• Community Edition- $149.00

• Enterprise Edition- $449.00

• Magento Cloud Edition- $749.00

3. US Privacy Laws Magento Extension by Plumrocket

Plumrocket Magento 2 CCPA Module helps protect your business from non-compliance penalties. It provides all the necessary features to meet legal requirements.

Features

• Complies with CCPA (California), CPA (Colorado), CTDPA (Connecticut), VCDPA (Virginia), and UCPA (Utah).

• Allows consumers to exercise all their privacy rights in one place.

• Manages customer requests from convenient backend grids.

Pricing

$199.00

FAQs

1. What features does the privacy center dashboard offer?

The privacy center dashboard allows customers to view their privacy policy, download their account data, and submit removal requests. It adds a new section in the Magento customer account for easy access.

2. How do the latest versions of Magento extensions provide a user-friendly experience?

For local data privacy compliance, you can add privacy controls to the Magento order history. This includes consent management and data access requests.

3. What happens to the stores compliant with the California Consumer Privacy Act?

View the privacy policy as the Magento Open Source extension will delete all personal data and anonymize Magento orders. Configure major data privacy laws for removal requests and data download requests.

Summary

Magento US Privacy Laws Extension ensures your store remains compliant with the latest privacy laws. It helps store managers to:

• Manage privacy policies and handle customer data requests.

• Enhance their store’s privacy management.

• Protect personal data and maintain customer trust.

Consider Magento hosting plans to secure your privacy center page with US State data privacy solutions for Magento 2.