FROM CACHE - en_header

Why is cookie consent (per GDPR) not core Shopify functionality?

aj007
Excursionist
33 0 69
‎06-14-2019 06:12 AM

Shopify, this question is for you...

 

If we have a website with European users, 'unambiguous, affirmative consent' to cookies is not optional. It's the law as per EU GDPR, with huge fines for non-compliance (or at best lots of time-wasting admin work if challenged on it).

  

Just like we can't run an online store without payment processing functionality, we can't run an online store selling to Europeans without a GDPR-compliant cookie consent mechanism.

 

So why does Shopify fob-off GDPR-compliant cookie consent to 3rd party developers?? This is core, non-optional functionality.

 

I've spent a lot of time looking at the 3rd party 'cookie bar/banner' offerings on the Shopify App Store: 

  • Most just give a false sense of 'GDPR compliance' but don't log consent (the EU can ask to prove you got it), or block all cookies until consent is granted. The positive App reviews make it clear that many shop owners consider GDPR a box-ticking exercise, and think they're covered when really they've only added a useless decoration to their site.
  • Some 3rd party GDPR Shopify Apps seem to open new vectors for privacy breaches. Sure it would be great if Data Subject Access Requests, etc. were self-serve instead of a manual chore for the shop owner. But the current Apps don't seem to properly challenge that the requestor is indeed the person in question. Especially those that claim to be 'Compatible with both registered and guest accounts' - how do you even verify a 'guest' is the same person from the original transaction(s), as 'guests' are by nature rather anonymous? You're actually creating a privacy nightmare if you start making your customers' data and order history available to strangers (who may only need to know your customers' email addresses). 
  • I've asked the above App developers for their views on the above. I have a collection of auto-responses and Zen Desk tickets, but zero replies from real humans. Which suggests there's no proper support for these Apps either. 

 

Robust cookie consent should not be functionality that shop owners need to waste time searching Apps for. Or worse installing Apps that might be dangerously complacent, and indeed making their GDPR problems worse.

 

When is Shopify going to offer GDPR-compliant cookie consent as part of its core functionality?

13,134 Views
Report
Replies 36 (36)
King-Kang
Trailblazer
148 8 74
‎11-02-2021 02:17 PM

Hi everyone,

I've already tried inumerous apps, November 2, 2021, and no signal of a perfect solution.

Does anyone knows if this this code works for shopify?

It's not full compliant, but at least we can inform and have full control of the css, and we can also add "if" for languages.

Thank you

 

1,555 Views
0 Likes
Report
In response to King-Kang
thegospelorian
Tourist
7 0 6
‎11-02-2021 04:05 PM
I used one of the gdpr + ccpa (california) apps on the shopify app store
and it works fine. I asked a shopify customer service rep and he said it
looked fine.
1,497 Views
0 Likes
Report
Community Browser

Community Blog Articles

cropped-shutterstock_1498591895.webp
The 30-30-30 Rule: A Balanced Approach to Social Media for Startups

Explore the 30-30-30 rule, a dynamic social media strategy for new businesses. Learn how t...

By Trevor Sep 20, 2023
cropped-shutterstock_1913321758.webp
How To Gain Customer Trust With Your Store’s Footer

Discover how to leverage the often overlooked footer of your ecommerce site to gain custom...

By Skye Sep 15, 2023
shutterstock_2183225521_16x9.png
Who Are Shopify Partners?

In this blog, we’ll be shining a light on Shopify Partners, Experts, and Affiliates. Who a...

By Imogen Sep 13, 2023
Terms of Service Privacy Policy