Shopify, this question is for you...
If we have a website with European users, 'unambiguous, affirmative consent' to cookies is not optional. It's the law as per EU GDPR, with huge fines for non-compliance (or at best lots of time-wasting admin work if challenged on it).
Just like we can't run an online store without payment processing functionality, we can't run an online store selling to Europeans without a GDPR-compliant cookie consent mechanism.
So why does Shopify fob-off GDPR-compliant cookie consent to 3rd party developers?? This is core, non-optional functionality.
I've spent a lot of time looking at the 3rd party 'cookie bar/banner' offerings on the Shopify App Store:
Robust cookie consent should not be functionality that shop owners need to waste time searching Apps for. Or worse installing Apps that might be dangerously complacent, and indeed making their GDPR problems worse.
When is Shopify going to offer GDPR-compliant cookie consent as part of its core functionality?
I emailed this topic to Shopify's Privacy team on June 20th (ticket number 13317172), and also asked a Shopify Help rep to escalate it...
2+ weeks later and zero reply from anybody at Shopify... pretty pathetic for something that is critical and not optional for all your merchants selling to hundreds of millions of EU citizens.
An epic fail for you, Shopify.
Hi - I asked their Privacy Team to reply as well, which they finally did more than 3 months later with the following:
Our team is aware of the issue and we are working on a technical fix!
What that means, and when we might expect a proper, robust, Shopify-supplied solution is anybody's guess.
I'm currently paying for one of the cookie banner Apps on the Shopify store, but only as a "best of the worst" solution. I've also noticed using Google PageSpeed and other test tools that App slows down my site (as you'd expect, making more 3rd-party calls) which is bad.
I emailed Shopify's privacy team about issues with Shopify consent options in relation to ICO guidance and the recent German court ruling.
I received this reply on the 3rd of October 2019, which you may find encouraging:
We understand the importance of this ruling and the impact it has on our merchants. This work is a top priority and we are currently working hard on a solution.
In the near future we will show how cookie banners can be implemented so that merchants may tie placing cookies with user consent. Also, feel free to check out cookie banner options in the Shopify App Store or contact a Shopify Expert to customize one for your needs.
I assume by "the recent German court ruling" you mean this:
"...So, to sum up, pre-checked consent boxes (or cookie banners that tell you a cookie has already been dropped and pointlessly invite you to click ‘ok’) aren’t valid under EU law."
(warning: TechCrunch and all other Verizon/Oath/Yahoo sites have a most offensive labyrinth of privacy settings, likely designed to make you give up and just offer them your soul)
As I note in my original post above, Shopify's suggestion to "check out cookie banner options in the Shopify App Store" is more harm than good, as you'll mostly find said "cookie banners that tell you a cookie has already been dropped and pointlessly invite you to click ‘ok’)".
Let's see if Shopify comes up with anything useful and compliant...
I currently use https://apps.shopify.com/smart-eu-cookie-banner, which costs $3.00 USD / month and claims to do the following to respect European GDPR...
|an hour ago|
|2 hours ago|
|2 hours ago|
|5 hours ago|