Hi @thomasdec please check now: https://pandectes.myshopify.com/
You will see these cookies:
We also have enabled the newest customer privacy option from Shopify that handles what you say.
In general, GDPR is a bit complex process and it needs some sort of configuration in order to make it work properly because the same services (ex. Google Analytics) can be installed in multiple ways on a store. We do our best to support our clients with chat/email to make their store work properly.
Again thank you for your comments because they help us become even better.
Hello.
Shopify now offers a native integration of GA4 though the Google Channel App.
We just need to link to the GA4 profile and that´s it
Is there any tool that can block this specific GA4 integration though the Google Channel App (based on the consent from the user) ?
Thanks
Hello @Amaury2 , on our Pandectes GDPR Compliance app, we offer an auto-blocking service that can do what you describe. You can read more about that here.
hello @Pandectes Thanks for the quick answer.
I do not see that you mention GA4 integration through Google Channel. Are you really sure this would block GA4 for this kind of integration ? (I did not add any tags or triggers, just cliked on connect to GA4) . Thanks for confirming
Adding GA4 to a Shopify store can be done in multiple ways:
-
from the Google Channel App
-
from GTM
-
directly on the theme.liquid (GA4 snippet)
-
through another app from the app store (like our app)
If you add the GA4 with the Google channel app, then this app is integrated with Shopify’s Customer Privacy API. This means that if you select from Store > Preferences > Customer privacy, the 3rd option Collected after consent, then the GA4 is blocked by Shopify until consent is given.
In order to get consent, you will need a GDPR app that is integrated as well with the Shopify’s Customer Privacy API.
Our application is integrated with Shopify’s Customer Privacy API and also integrated with Google Consent Mode, which allows you to run GA4 even before consent is given but with limited functionality. This alternative way of Google Consent Mode gives you more data in comparison to the Google Channel App solution but requires you to implement the conversion tracking on your own, as the Google Channel App offers this by default.
2 Likes
Hi ! Thank you for your information.
Do you know maybe Shopify has done some changes into the purchase tracking algorithms because of GDPR?
We are encountering too much stores for the last 2 months where the difference between revenue in Shopify admin and GA4 is quite big - 20 - 30 %. We are implementing purchase tracking with own script and GTM.
Some stores where we implemented via Google channel app have even 50 %.
Can it be connected with GDPR? Some stores does not have cookie policy banner but this difference exists on them. I am thinking of GDPR regulation because purchase has order number in parameters and this is personal data according to GDPR.
here’s the topic - https://community.shopify.com/c/shopify-apps/ga4-not-counting-every-purchase/m-p/2115746#M64728
Hello, Shopify provides a closed journey for the checkout, and the analytics they generate are not 100% open to us, so we cannot provide any feedback there.
From the feedback we have from our clients lately, we can verify that they have issues between Shopify and the GA4 analytics in terms of data alignment.
If we get more feedback from them or from Shopify, we will let you know.
Hello,
when you decline after you have accepted we notify Shopify and we block the other services as well. Some of them may leave their cookies on your browser but on the next page load, these cookies can no longer be used by these services as these services are blocked. Cookies will be removed automatically from the browser in most cases in two days. This is the optimal way because removing cookies that have already been created and are not used anymore doesn’t make any sense as this behavior is something that browsers are handling now.
Hello @Alexey1 the solution is only one way and is called Google Consent Mode. Google has already announced the deadline for that here. So before March 2024 all need to be integrated with GCM. This means that you need to load GA on your own either directly on your theme or through GTM or an app like Pandectes GDPR Compliance.
It’s now August 2025 and Shopify still appears to not be able to achieve GDPR compliance out of the box.
There is a built in Shopify consent banner, which takes care of most issues with cookies. Even with this turned on, though, if you load your site in a private browsing tab, do not interact with the consent bar at all and check loaded cookies, the following cookies are set, and they are clearly not ‘necessary’ cookies:
-
the _fbp cookie (Facebook marketing tracker) is set by the official Facebook and Instagram app, and it does not respect that I have not given consent yet. That’s a GDPR infraction, and leaves me open to a fine from the Information Commissioner’s Office.
-
cart_currency is set, that is clearly a ‘preference’ cookie and I have not given
consent yet. That’s a GDPR infraction, and leaves me open to a fine from the Information Commissioner’s Office.
-
localization is set, that is clearly a ‘preference’ cookie and I have not given
consent yet. That’s a GDPR infraction, and leaves me open to a fine from the Information Commissioner’s Office.
You could argue the toss with the second two, there, and maybe - maybe - the ICO would accept they are necessary for a site to function, but Facebook? No chance.
We also have the Customer Privacy API, which we can use to block scripts in liquid code, at least in javascript. (Customer Privacy API)
…but that only lets me control javascript execution in my theme code, it can’t block that Facebook cookie, which is a huge red flag for the authorities. You couldn’t pick a better example of what GDPR is designed to give people the right to block than Facebook.
I’m a dev, I’m aware of these things and can take action. Normal traders just using Shopify with the built-in tools and official apps don’t know how much trouble they might be in.
Out of the box, if a Shopify user turns on the built-in, official Shopify consent solution, they ARE NOT COMPLIANT - and they should be.
This needs addressing by Shopify ASAP.
PS - you can delete that _fbp cookie on document load by leveraging the Customer Privacy API. Load it up at the top of your page as per the dox, then down the bottom of your page make a snippet that checks window.Shopify.customerPrivacy.marketingAllowed() and delete the _fbp cookie if that doesn’t return true. Closest you’ll get to an actual solution for that.
