We are facing an issue about SuccessFactors Cookie Manager.
1. If you go to External Career Site, it will 1st land on something like : jobs.XXXX.com, the domain belongs to your company, and here you have SuccessFactors Cookie Manager (in CSB) setup, and the Cookie Banner will pop-up, ask candidate to make choice, which is fine.
2. Then choose any of the job, it will still land on jobs.XXXX.com, which is fine. Because candidate can accept/reject cookies on same domain.
3. Then click "Apply", as you can see, the page is changed to career#.successfactors.eu, which is a new domain, not belongs to your company. But on this page, there's no Cookie Banner pop-up automatically. The cookie should be working only for specific domain.
We have several meetings with SAP, the argument here is that, SAP is saying, on career#.successfactors.eu, there are only some Strictly Necessary Cookies which does not need candidate consent, that's why there's no cookie banner pop-up automatically.
But still, it is a new domain, has to be a cookie banner pop-up for candidate consent.
We kind of stuck here.
We would like to know how your company make the setup of cookie manager in order to be complaint.
We used to use 3rd party cookie banner (from CookieInformation), but end of last year, other company's cookie banner displayed on our Career Site, they are using CookieInformation as well, and they make career#.successfactors.eu as the root domain in CookieInformation setup, but then that impact us. And it could be happened to other company.
Please provide your inputs on how we can be compliant with EU legislation, and how we can correctly use Cookie Manager. Thanks.
Hi @Edwards ,
whilst it's not a "now" answer to your question, this should soon be a solved problem. As per https://groups.community.sap.com/t5/product-and-customer-updates/impact-of-third-party-cookies-depre... SAP is considering moving all of the SAP SuccessFactors solutions onto a single domain to solve for issues with third party cookies not being allowed. This will mean the redirection from RMK into RCM will not have a change of domains, so should be covered by the EPD. As the single prompt from RMK will be enough for the whole solution.
However, having read the EPD and summary from https://gdpr.eu/cookies/ it would seem that the official advice is in line with SAP's response, which is consent is not required if only essential cookies are stored:
"To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:
- Receive users’ consent before you use any cookies except strictly necessary cookies."
This said - I am not a lawyer! So I'd consult with your own internal legal team if waiting until SAP implement the one super domain solution and the interpretation that the RCM domain only has strictly necessary cookies is enough right now.
Hope that helps,