Liquid, JavaScript, Themes
Hello,
My data protection officer informed me that Google Maps cannot be fired on the website without user's prior active consent for Google Maps. Checkout page has a Google Maps module popping up after an order has been placed. Safest for me is to disable it.
So far, I've tried the following code injections to the Additional scripts in the Checkout settings from the suggestions found on the web:
<script type="text/javascript">
window.onload = function() {
document.getElementsByClassName('map')[0].style.display = 'none';
};
</script>
<script>
if(Checkout && Checkout.$ && Checkout.$.fn){ Checkout.$('.map[data-mapbox]').parent().remove(); }
</script>
<script>
document.getElementsByClassName('map')[0].parentNode.remove()
</script>
<script>
Checkout.$(document).ready(function () {
// Hide the map on the order status page.
Checkout.$(".map").parent(".content-box__row").css("display", "none");
// Remove the "order updates" box.
document.querySelector('.content-box[data-order-updates="true"]').remove();
});
</script>
None of the work for my store (Dawn 14.0.0).
Any suggestions?
Hey @rutman
You have reached the German community here but we can chat in English too, that's no problem!
We have looked into that and the statement of your DPO is not quite accurate. The reason is that, it's important to know that there are a lot of false information online about things like "Is my Shopify store GDPR compliant?" and the GDPR compliance of certain Shopify features, like using Google Fonts, Google Maps, or Google reCaptcha.
Recently, the IT-Recht-Kanzlei addressed this topic regarding the use of primary PII (not secondary PII). They point out that the IP transfer by necessary web services like Google Maps aren't necessarily a privacy issue. When you use such services, the IP address can be collected and sent to other servers, mostly through a script. Collecting and transferring the IP address helps verify where the request is coming from and automatically decides if more verification is needed, like protecting against automated page requests and DDoS (Distributed Denial of Service) attacks. So, the IP address transfer is generally justified by the so-called "legitimate interests" in the website's functionality and abuse prevention, according to Article 6(1)(f) of the GDPR.
Quote:
Für Google Maps, sofern darüber keine Cookies gesetzt werden, ergibt sich die Rechtfertigung aus dem berechtigten Interesse an der bedarfsgerechten Ausgestaltung der Website und der graphischen Veranschaulichung von Service-Standorten aus Art. 6 Abs. 1 lit. f DSGVO.
Basically, this means that using services like Google Maps isn't necessarily a problem if it serves a legitimate interest and doesn't share secondary personal information (like username, address, email, etc.), but only ensures the proper functioning of an online shop and/or its security against fraud or malicious actors. Here an example of a text you could add to your cookie consent banner for the use of Google Maps:
Diese Website verwendet Google Maps, um Ihnen interaktive Karten bereitzustellen. Google Maps kann personenbezogene Daten wie Ihre IP-Adresse erfassen. Bitte stimmen Sie der Nutzung von Google Maps hier im Cookie Banner zu, indem Sie auf "Zustimmen" klicken. Weitere Informationen finden Sie in unserer Datenschutzerklärung.
[Zustimmen] [Ablehnen]
If you do want to remove the Map then we have a thread that can help you achieve that.
Hope that helps!
Gabe | Social Care @ Shopify
- War meine Antwort hilfreich? Klicke Like um es mich wissen zu lassen!
- Wurde deine Frage beantwortet? Markiere es als Akzeptierte Lösung
- Um mehr zu erfahren, besuche das Shopify Help Center oder den Shopify Blog
Teil 2 - Wie die Prinzipien des UX-Designs dir dabei helfen können einen großartigen Shop ...
By Kai Sep 16, 2024Teil 1 - Wie die Prinzipien des UX-Designs dir dabei helfen können einen großartigen Shop ...
By Kai Sep 9, 2024Anpassungen des benutzerdefinierten Codes an Shopify-Themes (CSS) leicht gemachtIn diesem...
By Gabe Aug 28, 2024