FROM CACHE - en_header
Promotion image
Solved

In the end, which CCPA and GDPR app should I be using?

CluelessA
Excursionist
22 0 5
‎08-31-2021 02:51 AM

I received an email from Shopify saying that I should install the new app "Customer Privacy" to comply with the CCPA.


I saw someone complain the reviews that the app doesn't give an option to "opt out" which to my understanding is part of the new regulation, it seems no apps include this unless we pay. I really don't want to pay a monthly fee for this, it's simply not a service that requires maintenance, is just a banner, I'd be more open to pay a reasonable one time fee. I'd even try to do the code myself if I can find the resources (haven't done a deep search of how to just yet).


I downloaded one called Kooke that at least looks ok and doesn't disappear until the person clicks the agree button. But on my Preferences --> Customer Privacy it still shows that "my current CCPA" is expiring. Screenshot.

So I don't know what to do, I'm trying to solve both the CCPA and the GDPR at the same time, another thing I don't understand is if these apps have any actual effect on the information that is collected on my site, or only the Customer Privacy section is the one who governs that.

Does anyone have any insight or suggestions? Should I install the Shopify one while keeping Kooke? or erase it?

Please help

2,645 Views
0 Likes
Report
Accepted Solutions (2)

Andrew
Shopify Staff (Retired)
1746 173 318
‎09-01-2021 10:14 AM

This is an accepted solution.

Hi,

Hyde here from Shopify. Fantastic question!

While I can provide you with general information about the California Consumer Privacy Act (CCPA), it is no substitute for legal advice.

First of all: if your website is available to California residents or you are involved in the sale of California residents’ personal information, then this law likely applies to you. What you need to consider is whether you sell personal information and need to offer your customers opt-out of sale, and any apps that we contact you about are merely suggestions to help you fulfil your responsibilities. 

Your duties are to:

  • Be transparent about your data collection practices

Here is some useful information on how you can be transparent about your data processing. Shopify has a privacy policy generator that will generate a template privacy policy for you. You can access it from your Shopify admin by going to Settings > Legal > Privacy policy > Create from template. This is free and means you, therefore, do not need an app.

  • Allow consumers to opt-out of sale (if you sell data)

In order to allow consumers to opt out, you should have a link on every page of your online storefront labeled Do not sell my personal information. This link can lead to a page you create that describes the rights of California residents and how to contact you to request the opt-out. Again, it's free and does not require the use of an app!

  • Delete or provide access to consumer information upon request

Here is how you can process CCPA requests. It details how you can use Shopify’s platform to address data requests, and what you may need to do independently from Shopify if you receive a data request.

In short: Shopify believes strongly in protecting personal information and understands that doing so is critical to help you preserve the trust and confidence of your customers. Shopify has designed its platform to allow merchants to operate anywhere in the world. CCPA-compliant features are built into Shopify's platform, including features to enable you to offer your customers transparency into and control over their personal information.

Shopify believes in making it easy for you to use our platform in a manner that complies with privacy and data protection laws like the CCPA. For more information, please see our CCPA help docs and whitepaper.

I hope this helps! All the best, Hyde.

 

To learn more visit the Shopify Help Center or the Community Blog.

View solution in original post

2,598 Views
0 Likes
Report
In response to CluelessA

Andrew
Shopify Staff (Retired)
1746 173 318
‎09-03-2021 03:36 AM

This is an accepted solution.

@CluelessA I just wanted to get back to you on this point to clarify that when using our free Customer Privacy app you can now:

  • Generate a “Do Not Sell My Information” link to add to your storefront.
  • Generate a beautiful buyer-friendly page on your storefront that allows visitors from California to opt of the sale of their data.
  • Comply with California regulations.

So using this app, you can create an opt-out sale banner with ease. I'd ignore what the reviews have to say and try it out for yourself! As to whether or not you need an opt-out button or not for certain, that is definitely something I recommend that you double-check with a relevant authority on the matter. As far as I understand it however if you are based outside of California you do not need to adopt CCPA compliance. If you are based in California, and there's even the slightest possibility that you are selling personal data (through the use of third-party apps, etc) then you do. 

Given the legality of the issue, you will absolutely need to talk to an expert on the subject. -Hyde

To learn more visit the Shopify Help Center or the Community Blog.

View solution in original post

2,533 Views
1 Like
Report
Replies 8 (8)

Andrew
Shopify Staff (Retired)
1746 173 318
‎09-01-2021 10:14 AM

This is an accepted solution.

Hi,

Hyde here from Shopify. Fantastic question!

While I can provide you with general information about the California Consumer Privacy Act (CCPA), it is no substitute for legal advice.

First of all: if your website is available to California residents or you are involved in the sale of California residents’ personal information, then this law likely applies to you. What you need to consider is whether you sell personal information and need to offer your customers opt-out of sale, and any apps that we contact you about are merely suggestions to help you fulfil your responsibilities. 

Your duties are to:

  • Be transparent about your data collection practices

Here is some useful information on how you can be transparent about your data processing. Shopify has a privacy policy generator that will generate a template privacy policy for you. You can access it from your Shopify admin by going to Settings > Legal > Privacy policy > Create from template. This is free and means you, therefore, do not need an app.

  • Allow consumers to opt-out of sale (if you sell data)

In order to allow consumers to opt out, you should have a link on every page of your online storefront labeled Do not sell my personal information. This link can lead to a page you create that describes the rights of California residents and how to contact you to request the opt-out. Again, it's free and does not require the use of an app!

  • Delete or provide access to consumer information upon request

Here is how you can process CCPA requests. It details how you can use Shopify’s platform to address data requests, and what you may need to do independently from Shopify if you receive a data request.

In short: Shopify believes strongly in protecting personal information and understands that doing so is critical to help you preserve the trust and confidence of your customers. Shopify has designed its platform to allow merchants to operate anywhere in the world. CCPA-compliant features are built into Shopify's platform, including features to enable you to offer your customers transparency into and control over their personal information.

Shopify believes in making it easy for you to use our platform in a manner that complies with privacy and data protection laws like the CCPA. For more information, please see our CCPA help docs and whitepaper.

I hope this helps! All the best, Hyde.

 

To learn more visit the Shopify Help Center or the Community Blog.

2,599 Views
0 Likes
Report
In response to Andrew

CluelessA
Excursionist
22 0 5
‎09-02-2021 04:26 AM

Hi Hyde,

Thank you for your response, I already have my policies in place. If I understand you correctly, I only need to have an "Opt Out" button/option if I sell personal information, which I'm not interested in doing. Thank you for clarifying that.

As for the question regarding the apps, and what it looks like its expiring although I have that other app installed, I guess I better contact customer service directly with those questions. Thank you

 

2,572 Views
0 Likes
Report
In response to CluelessA

Andrew
Shopify Staff (Retired)
1746 173 318
‎09-03-2021 03:36 AM

This is an accepted solution.

@CluelessA I just wanted to get back to you on this point to clarify that when using our free Customer Privacy app you can now:

  • Generate a “Do Not Sell My Information” link to add to your storefront.
  • Generate a beautiful buyer-friendly page on your storefront that allows visitors from California to opt of the sale of their data.
  • Comply with California regulations.

So using this app, you can create an opt-out sale banner with ease. I'd ignore what the reviews have to say and try it out for yourself! As to whether or not you need an opt-out button or not for certain, that is definitely something I recommend that you double-check with a relevant authority on the matter. As far as I understand it however if you are based outside of California you do not need to adopt CCPA compliance. If you are based in California, and there's even the slightest possibility that you are selling personal data (through the use of third-party apps, etc) then you do. 

Given the legality of the issue, you will absolutely need to talk to an expert on the subject. -Hyde

To learn more visit the Shopify Help Center or the Community Blog.

2,534 Views
1 Like
Report
In response to Andrew

CluelessA
Excursionist
22 0 5
‎09-06-2021 03:36 AM

Wow, you are right.

Those reviews are very misleading!!!!! I'll make a review too to try to remedy it.

I just wish I could customize the colors and fonts to fit my page, but the Dark theme can do the job in the meantime.

Thank you!

2,499 Views
1 Like
Report
In response to Andrew

AlphaBen
Visitor
2 1 0
‎09-09-2021 05:43 PM

@Andrew I'm also not a lawyer, but I have consulted with a legal team to get some clarification on these points.

I just want to clarify a couple points here and refer anyone who comes across this thread to Shopify's clarification of CCPA for Shopify customers.  The most important counterpoint here is that you do not need to be a California company in order to comply with CCPA.  The requirements of the California law are very specific and Shopify has done a fine job clarifying their stance (i.e. among others if you have at least 50,000 website visitors from California regardless of where your business is located then CCPA applies to you).  In theory you're only required to show the Do Not Sell links/pages to CA visitors, but the language around how that determination is made is somewhat subjective.

I believe the Shopify Customer Privacy app gets such low reviews specifically because while it provides a way to "opt out" via the new Customer Privacy API it's lacking a way (a form, perhaps) to simultaneously link the request to an identifiable person such that the request can be handled by the Shopify merchant.  In other words the page generated by the app nicely includes some Javascript to update these privacy preferences via the Privacy API (window.Shopify), but as far as I can tell these settings/preferences aren't cached/queued anywhere (either in the app or associated with the visitor in some other way) that we - as merchants - can act on to ensure that we process the Do Not Sell requests for that visitor. 

Consequently there's no way for us - as merchants - to act on the requests that a visitor may have taken on the Do Not Sell page created from the Shopify Customer Privacy app.  It may the case that these settings are preserved and honored by Shopify in some way/shape/form behind the scenes, but Shopify has clearly stated that they don't consider a merchant using their platform to constitute a ... of information, which means that it's up to the merchant to self assess on whether or not they're selling that customer information in some other way (via some other vendor, for example) and to act accordingly on requests to Do Not Sell.  Therefore it seems to me that the app is....incomplete in that sense.

Also note that "sell" in the context of "Do Not Sell" for CCPA doesn't mean that you need to sell customer data for money for this to apply; it could simply mean that you exchange customer data for services, which is a pretty broad definition best left to the lawyers to help define.

On a related note there are some decent cookie consent and CCPA data management apps in the app store, but I haven't found a good one yet specifically for handling the Do Not Sell opt out for CCPA.

Curious to hear if anyone out there has yet linked up the preferences set by the Shopify Customer Privacy app (via the Shopify Customer Privacy API)  to some system for ensuring that they can handle the request properly for that user to ensure that they're not actually selling that user's information to a 3rd party (independent of how we're defining "sell").

Hope that helps!

Ben

2,430 Views
0 Likes
Report
In response to AlphaBen

CluelessA
Excursionist
22 0 5
‎09-10-2021 12:41 AM

Thank you @AlphaBen , I wish I could take away that thing that says "Accepted Solution", when I installed the app, I was overwhelmed and just saw the text of the page, there is a part that says something like "to opt out follow this link", because I was in a hurry with other million things, I assumed there was a link on that text, just yesterday I saw the page again (this time from the website) and realized there was no link...

Because I have no clue what else to do I changed that part to "contact me" instead, all this is so very strange... this app is like a cardboard storefront decoration in a theme park, but there is just a brick-wall at the other side of the door, the whole thing is just for show. Actually putting that on the review.

2,415 Views
0 Likes
Report
In response to CluelessA

goldenlines
Tourist
3 0 1
‎10-29-2021 09:53 PM

Hi. I realized there is no opt out link too. So what is the solution. This is so confusing!

2,105 Views
0 Likes
Report
In response to goldenlines

Pandectes
Shopify Partner
54 1 15
‎01-13-2022 02:24 PM

Feel free to try our app GDPR Compliance Center which applies to CCPA as well. From our experience with more than 22.000 merchants such an app needs to provide more options to them and not just a banner. Stores are using many third party apps/scripts and the control of them is not an easy task. Also managing DSR (data subject requests) is not fully automated from Shopify and there are tools like our app that can help you do the job easier.

Please let me know if it works by giving it a like or marking it as a solution!
Pandectes GDPR Compliance - #1 GDPR app for Shopify merchants.
Pandectes - 100% Free Cookie Scanner.
Free plan available. Live Chat Support is available 24/7.
1,872 Views
0 Likes
Report

Community Blog Articles

Image 3 - Header image 16_9 V1@2x.png
A guide to Shopify POS Launch and Operations success

Are you ready to take your business to the next level? Look no further than the latest ...

By SarahF_Shopify Apr 15, 2024
JasonH_0-1712162359820.png
Community Connect: Recap March 24’

We’re keeping the ball rolling to make sure you’re always ahead of the game. So buckle ...

By JasonH Apr 8, 2024
Portrait of Stephen positioned next to an image of planet Earth, with the Stephen's World logo displayed above.
Shopify Store Design: Expert Advice from Stephen’s World

Portrait of Stephen positioned next to an image of planet Earth, with the Stephen's World ...

By JasonH Mar 18, 2024
Terms of Service Privacy Policy