Issue with Shopify.customerPrivacy.thirdPartyMarketingAllowed() Returning True Without Consent

Issue with Shopify.customerPrivacy.thirdPartyMarketingAllowed() Returning True Without Consent

LennardW
Shopify Partner
6 0 1

Hello everyone,

I'm encountering an issue where `window.Shopify.customerPrivacy.thirdPartyMarketingAllowed()` is returning `true` before any consent has been given by the user, even though the default Shopify cookie banner is still displayed and not interacted with. This behavior occurs on both an empty development store and without any third-party app (tested it also with third-party apps, same behavior).

I've created a clean development store to demonstrate the issue: Demo Store (pw: demo). Additionally, I've recorded a video showing the reproduction steps: Video Link.

Based on GDPR regulations in Europe, this should ideally return false until consent is explicitly provided. However, it currently defaults to true, allowing third-party marketing, which, I believe, is not compliant with GDPR.

 

Has anyone else faced this issue, or is there any documentation I might have missed that explains this behavior? Any insights from the community or Shopify developers would be greatly appreciated.

 

Thanks in advance for your help!

Reply 1 (1)

Pandectes
Shopify Partner
78 1 23

Hi there, 👋

 

You're correct that ensuring compliance with GDPR regulations requires careful handling of consent signals. Regarding the behavior of window.Shopify.customerPrivacy.thirdPartyMarketingAllowed(), this method doesn’t only rely on the user's explicit interaction with the cookie banner—it also takes into account signals like the Global Privacy Control (GPC). If GPC is enabled in the user's browser, it may return true or false accordingly.

 

That said, this behavior can sometimes cause confusion, especially when it doesn’t align with the expected GDPR flow of requiring explicit consent.

To address such gaps and ensure comprehensive compliance, our app, Pandectes GDPR Compliance, provides advanced features, including seamless integration with Shopify's Customer Privacy API and detailed consent management. This includes handling GPC signals appropriately and ensuring that all marketing and tracking activities are compliant until explicit consent is received.

 

If you'd like to explore this integration and ensure your store is fully compliant, feel free to check out our app or reach out to our team—we’d be happy to help!

Please let me know if it works by giving it a like or marking it as a solution!
Pandectes GDPR Compliance - #1 GDPR app for Shopify merchants.
Pandectes - 100% Free Cookie Scanner.
Free plan available. Live Chat Support is available 24/7.