Mandatory GDPR webhooks for all apps

Tourist
34 0 2

Hey Ryan,


Thanks for the response. Got an issue.. I am testing those options under the Customer details now and I have my hooks setup. I have requested a copy of my data as well as erasure.. and I don't see the hook firing and I have yet to receive an email with my data. I've tried with two customers, once yesterday and once today. In either case.. nothing. 

Reward yourself and your Customers.
0 Likes
New Member
2 0 0

Hi Ryan,

I have three questions.

1. Currently customer login to Shopify via email/password. If a store request to erase personal data of customer A, can A still login to same account 7 days later? Or will Shopify create a new customer account?

2. Is there any plan for Shopify to add test utilty, e.g. a easy way sending fake redactions.

3. Is there any systematical way to speed up the process so that we can test the behavior of the webhook without waiting for a few days?

Thanks for your help!

Regards,

John

0 Likes
Shopify Partner
2 0 1

Hi Ryan,

Any update on when we can create webhooks for these topics? Also, am I right to assume that we need to subscribe to these webhooks the same way we subscribe to others (e.g. orders/update, customer/create, etc.)?

 

Thanks,

Prateek

0 Likes
New Member
6 0 0

Hi Ryan,

How would I go about verifying these requests came from the right source? Seeing as they are very destructive in nature I want to make sure that these indeed are coming from Shopify and not someone else imitating the calls.

 

Thanks,

Tim

 

 

0 Likes
Shopify Staff
Shopify Staff
469 36 92

Preface; I am definitely not a lawyer, if you are concerned about the legality of data with GDPR you should definitely talk to one.  These are the best answers I currently have from the apps team. 

I wonder if we need to sign a Data Processing Agreement between Shopify and us (an app provider). 

Nope, if you want the longer explanation feel free to reach out to me on the Partner's Slack.

More of a theorycrafting question: Will the customers/redact be mandatory if the app does not have customers_read or orders_read scope?

Yes it is still mandatory.  Most basic reasoning for this is that apps can update their scopes, and may have access to customer's data in the future.  If you don't actually have any data, you don't have to take action upon receipt of a customer_redact request.

We definitely need a date at which apps that do not register to those hooks stop working!

We will not shutoff apps that do not update these fields without warning.  Getting it done sooner rather than later is the best scenario so no action needs to be taken on our end.  The first milestone will be denying new app creation that does not contain a callback url in these fields.

In customers/redact webhook, there are customer and orders_to_redact fields. Do we need to remove just the customer data specified in the customer field from the orders specified in the orders_to_redact field from our storage OR do we have to remove both the customer and orders from our storage?

 

Does Shopify require us to only remove data related to orders? Or any data related to the customer (e.g. product reviews written by the customer)

You should remove all personally identifiable information (PII) from those orders upon receipt of the webhook containing orders_to_redact.  And you should remove all PII from the shop upon reception of a customer redact request if your app added it to the shop (review for example).

I am testing those options under the Customer details now and I have my hooks setup. I have requested a copy of my data as well as erasure.. and I don't see the hook firing and I have yet to receive an email with my data. I've tried with two customers, once yesterday and once today. In either case.. nothing. 

Did they ever arrive? There is a 48 hour delay on the webhooks after request. Reach out to me on the partner slack if you want to troubleshoot further.

1. Currently customer login to Shopify via email/password. If a store request to erase personal data of customer A, can A still login to same account 7 days later? Or will Shopify create a new customer account?

2. Is there any plan for Shopify to add test utilty, e.g. a easy way sending fake redactions.

3. Is there any systematical way to speed up the process so that we can test the behavior of the webhook without waiting for a few days?

1. If the store owner complies with the request and deletes the data, then no they will not be able to login to the same account later as that would be part of the deletion.

2 & 3. Not at this time

 

Any update on when we can create webhooks for these topics? Also, am I right to assume that we need to subscribe to these webhooks the same way we subscribe to others (e.g. orders/update, customer/create, etc.)?

These are available now, and these webhook subscriptions will be manageable from your partner dashboard, in the App Info tab of your app settings.

 

How would I go about verifying these requests came from the right source? Seeing as they are very destructive in nature I want to make sure that these indeed are coming from Shopify and not someone else imitating the calls.

The same method you validate webhooks from Shopify that you register with your app is valid for these GDPR webhooks: https://help.shopify.com/api/getting-started/webhooks#verify-webhook.

 

Happy Developing.

Developer Experience @ Shopify
0 Likes
New Member
2 0 0

Hi Ryan,

Thanks to your reply. I want to ask a few more questions. If a merchant only ask Shopify to remove a customer's personal data via admin page (the image), and does not delete the customer account. Can the customer login to same account 7 days later? Or do Shopify delete those account 7 days later?

And in this page, https://help.shopify.com/manual/your-account/GDPR/processing-gdpr-data-requests#process-erasure-requ...

It menstions that

After you request an erasure through your admin, Shopify will transmit your erasure request to all apps you have installed at the time you make the request that might have access to that customer’s data.

So is  the customers/redact webhook fire immediately when the merchant request 'remove personal data' from Shopify admin page?

Thanks,

John

 

0 Likes
Shopify Partner
48 0 10

Hi Ryan,

A few important questions still left open:

1. Retargeting and GDPR - Will Shopify collect explicit consent from EU visitors to the app store?

2. Will a shop/redact webhook get sent for Paused / Closed stores?

3. When do webhooks get sent to apps, if merchants have a 7 day buffer period to cancel the deletion request?

Thanks!

Yoni

0 Likes
Shopify Expert
36 0 3

Maybe something to consider, not all apps need the personal information of the merchants customers.

Right now I strip the personal information from the data sent to my webhooks before processing/storing data, but it would be even better if there was a setting "don't include personal data" for the API so that apps don't receive the data at all and so that merchants can see that the apps who have that setting enabled do not have access to the personal information of their customers. :)

Thanks!

Harold

0 Likes
Shopify Partner
20 0 6

Hi Ryan (or any others who have seen a customer redact request come in),

When the customer order information is redacted, will the order/update webhook be triggered with missing customer details (e.g., a null customer_id, no billing/shipping address, email, or phone)? If so, that may provide some automatic redaction for some apps, so long as their applications are able to handle those pieces of data being missing.

Thanks!

Marc

0 Likes
New Member
1 0 0

Hi Ryan,

I am writing you from AWeber Communications. We are an integration partner and have a few questions about the changes for GDPR.

  • The new webhooks are stated to be mandatory. For planning purposes, when will these be enforced?
  • If the new webhooks are not implemented by the enforcement date, what will happen to our integration?
  • If we are not storing personal information about a customer, are we required to implement these webhooks?
  • The webhooks do not appear to provide any context on the purpose for the redaction. When a customer completes an order with Shopfiy they are given the option to “Keep me up to date on news and exclusive offers”. Customers provide separate consent from the order; therefore, we need this differentiated in the redaction. We need to know if the redaction is related to orders or email marketing. This is important to maintain our position as a data processor and not a controller. When a customer is requesting erasure, are they presented with both options?

Thank you for your time and consideration of these questions.

Zac Gery
Integrations Product Manager

0 Likes