Customer Privacy API: Confused about "shouldShowGDPRBanner" handling

Solved
Andrew20
Shopify Partner
4 0 1

I have a question about the Customer Privacy API. I'm a bit confused about the expected behavior around the shouldShowGDPRBanner call: If this returns true, it's expected that we show a custom banner that we ship with our app (AFAIK). But 2 potential issues with that:

 

1) If the store has already installed a GDPR banner app (which most would I assume), our banner would pop up at the same time, which would be a horrible user experience
2) If our banner contains a link to a privacy policy, that would point to our app's site, not the merchant's. That would surely seem a bit strange to a user

 

Did I understand the expected behavior correctly? How are other people handling this?

 

For 1), should we just assume that merchant has installed a banner and instead of showing our own, just listen for "trackingConsentAccepted" event if shouldShowGDPRBanner returns true?

 

Background: This is for an app that just adds a Javascript file to a store (via a ScriptTag) in order to track referrals via a cookie

Accepted Solution (1)
ShopifyDevSup
Shopify Staff
Shopify Staff
1202 190 419

This is an accepted solution.

Hey @Andrew20 - you are correct here, based on my understanding of the Customer Privacy API. Your workaround is a great solution though, and is close to what we'd recommend. There's a bit more detail here in our docs, but like you mentioned, you'd want to track the trackingConsentAccepted value so that you could prevent the pop-up from appearing.


It's not the most ideal solution, but a recommendation I'd suggest is to have your app's onboarding process be embedded in the Shopify admin ( using App Bridge, if it isn't already). Then, I'd mention that your app may conflict with other banner apps from the get-go. It might create a more seamless experience and give a heads up to merchants about potential conflicts that might impact customer experience.


There are also for sure ways you could link to a merchant's privacy page within the banner. That said, it is dependent on how they've set that up and would likely be on a shop-by-shop basis. I am not a legal expert, but one way you could potentially make the experience more clear to a customer by changing the messaging on your app's privacy policy. This could reflect that the merchant has authorized your app to collect data on their behalf or something within similar lines. I've personally seen this on other terms of service/data collection policies, so it may be effective. When it comes to the actual content of the messaging though, you might want to reach out in our general Partner Discussion subforum here. I'd also be sure to check GDPR requirements to see if you are required to include certain messaging on privacy policies when it comes to data collection.


 

Hope this helps - let us know if we can clarify anything on our end.


 

Al | Shopify Developer Support

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

View solution in original post

Reply 1 (1)
ShopifyDevSup
Shopify Staff
Shopify Staff
1202 190 419

This is an accepted solution.

Hey @Andrew20 - you are correct here, based on my understanding of the Customer Privacy API. Your workaround is a great solution though, and is close to what we'd recommend. There's a bit more detail here in our docs, but like you mentioned, you'd want to track the trackingConsentAccepted value so that you could prevent the pop-up from appearing.


It's not the most ideal solution, but a recommendation I'd suggest is to have your app's onboarding process be embedded in the Shopify admin ( using App Bridge, if it isn't already). Then, I'd mention that your app may conflict with other banner apps from the get-go. It might create a more seamless experience and give a heads up to merchants about potential conflicts that might impact customer experience.


There are also for sure ways you could link to a merchant's privacy page within the banner. That said, it is dependent on how they've set that up and would likely be on a shop-by-shop basis. I am not a legal expert, but one way you could potentially make the experience more clear to a customer by changing the messaging on your app's privacy policy. This could reflect that the merchant has authorized your app to collect data on their behalf or something within similar lines. I've personally seen this on other terms of service/data collection policies, so it may be effective. When it comes to the actual content of the messaging though, you might want to reach out in our general Partner Discussion subforum here. I'd also be sure to check GDPR requirements to see if you are required to include certain messaging on privacy policies when it comes to data collection.


 

Hope this helps - let us know if we can clarify anything on our end.


 

Al | Shopify Developer Support

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit Shopify.dev or the Shopify Web Design and Development Blog