You can create one for free using google optimize.
Topic summary
Main issue: EU GDPR requires explicit, prior consent for non‑essential cookies, but Shopify lacks a robust, built‑in consent mechanism; many third‑party “cookie banner” apps provide a false sense of compliance.
Key developments:
- 2019: Shopify’s privacy team said a fix was a top priority after the CJEU ruling (Planet49) clarified active consent is required (no pre‑checked boxes or implied consent).
- Technical constraints: Apps load after the storefront, making it hard to prevent Shopify/GA/FB tracking before consent; checkout pages don’t allow apps, so tracking there can’t be blocked unless on Shopify Plus with custom checkout.
- Tried solutions: Smart EU Cookie Banner ($3/mo) noted for performance hit; GDPR/CCPA + Cookie Management logs consent and disables scripts but reportedly still lets GA/FB download before consent; Cookiebot flagged non‑compliance in some setups; privacy policy alone is insufficient for GDPR.
- Shopify introduced Customer Privacy API and a native Customer Privacy Banner app; mixed feedback and minor UI limitations; Customer Privacy settings found under Online Store > Preferences.
- Newer app: Pandectes GDPR Compliance claims full compliance via Shopify’s API (blocking services pre‑consent, consent logs), clarifies performance practices; later adopted by a participant with positive feedback.
Status: Ongoing. No definitive, universal native solution; merchants test API‑integrated apps, verify true prior‑to‑consent blocking (including checkout), and maintain consent logs. Unresolved: comprehensive blocking on checkout and assurance of full compliance across all trackers.