New 'Checkout Extensibility' failing to be GDPR compliant

New 'Checkout Extensibility' failing to be GDPR compliant

brianpurkiss
Shopify Partner
5 0 2

We're currently on Shopify Plus, using checkout.liquid to customize our checkout, but we're getting heavy pressure to upgrade to the new Checkout Extensibility. New Shopify features are being locked behind the new checkout and we'll be forced upgraded to the new checkout on August 13, 2024.

 

Honestly, the whole checkout has been frustrating. We're losing out on some of our customization capabilities and we're being given a bill through more apps for the "solution." I'm leading a team of developers working on an Enterprise website - I don't like losing out on development customization options. Not to mention we're having to take on a new project to keep things working as they currently are. But that's another topic.

 

The main issue is GDPR/CCPA/etc compliance.

 

Right now we have Osano loading a Javascript file at the very top of the page. It HAS to be the very first script on the page so it can block any tracking scripts if a customer has opted out. And it HAS to be on every single page of the site, including checkout. If we have the Javascript file on the page, but it loads after tracking scripts have fired - then we're in violation of GDPR.

 

From what I can tell, the new Checkout Extensibility keeps us from being able to load our own external Javascript file anywhere on the new checkout, let alone at the VERY top of the head.

 

This means sites are not properly blocking tracking scripts with the new checkout, which makes Shopify sites using the new Checkout Extensibility un-compliant with GDPR. GDPR fines are millions of dollars. Ignoring GDPR is simply not an option.

 

Someone please tell me I'm wrong and that I'm missing something.

 

I can't find any way to add my own external Javascript file on the new Checkout Extensibility.

Replies 3 (3)

brianpurkiss
Shopify Partner
5 0 2

I've been having conversation with some vendors about this trying to figure out a solution.

 

These are my assumptions:
1. These GDPR blocking services function by adding a Javascript file to the very top of the head.
2. These GDPR blocking services cannot function without that Javascript file at the very top of the head.
3. The new Shopify checkout does not let me add external Javascript files. (True as far as I can tell)

 

As far as I can figure out, there isn't a way to make Shopify's Checkout Extensibility GDPR compliant since Shopify won't let us add third party Javascript to the checkout.

 

There are some Shopify apps that are GDPR services. But I already have a GDPR service and I'd rather not migrate.

 

But even then, I can't find any specific info from these apps talking about how they put the script at the VERY top of the head. Because if the blocking script loads after other tracking scripts, then it won't do its job properly.

brianpurkiss
Shopify Partner
5 0 2

It would appear that for the time being, the new Shopify Checkout Extensibility has no way to be compliant with GDPR/CCPA/etc.

 

Shopify will have to add more capabilities to Checkout Extensibility so services can make a Checkout Extensibility widget to make their new checkout compatible.

 

Shopify blocking us from adding Javascript to the checkout is proving to be quite problematic.

robwatkins88
Shopify Partner
17 0 1

Hello,

 

I have come across this article on the web and understand the issues your facing, many customers of Shopify on plus will need to switch over by August. One suggestion from my side, have you looked at loading a script file through a third party vendor's interface onto the page? Some applications that are vetted and approved apps of Shopify have fields that allow their clients to add custom tracking scripts. I would expect to be able to load these files through this method, if however your quite certain it cannot be done, then that indeed would be a major issue.