[GDPR] - Receiving a Customer Redaction Request

Ryan
Shopify Staff
Shopify Staff
497 42 117

Hey All, just wanted to share a quick update from the team.

 

In May, we shared communications regarding the European Union’s new General Data Protection Regulation (“GDPR”) and what it means for merchants and developers on our platform.

One key aspect of the GDPR is that individuals now have the right to request access to their personal data and/or have their personal data deleted. To execute these requests, all developers on our platform who handle personal information are required to subscribe to our mandatory webhooks.

 

How developers receive requests around personal data

When Shopify receives notice from a merchant that a customer would like their personal data deleted, Shopify will redact all the personal data it stores on that customer and push that redaction request to you to fulfill as well. Likewise, if a customer requests to view their personal data from a merchant, Shopify will also send the merchant the requested data and push the same request to you. In general, the GDPR requires that the personal data be redacted upon request, unless you have another legal reason not to do so.

 

Implementation and Timing

We will begin sending out payloads for Customer Redaction and View Data on August 25th, 2018.

These payloads are being delivered through three webhooks; the two we introduced in May (Customer Redaction and Shop Redaction), and a third (View Data) which will be available by August 25th.

With all of these webhooks, unless you are legally required to retain the data, requests should be addressed within 30 days of receipt.  For details, visit the GDPR Webhook Docs

 

Receiving a Customer Redaction Request

We’ve broken down the Customer Redaction process into a few steps:

  1. Customer contacts merchant to request erasure of their personal data.

  2. Merchant clicks “Remove personal data” of the customer in their admin.

  3. Shopify redacts the personal data it holds on the customer, and sends a payload on the customers/redact topic to installed apps with the resource IDs matching the customer that has requested redaction.

  4. Apps receive the redaction request and are required by GDPR to redact the personal data. However, there are some cases where you do not need to redact data if there is another legal reason for keeping it. Please see Processing GDPR data requests for more information.

  5. If you are redacting, you have 30 days to do so.

 

Receiving a Shop Redaction Request

Similar to the Customer Redaction request we talked about above, we’re also introducing a Shop Redaction webhook. This webhook is intended to erase personal data for an entire store. 48 hours after a shop uninstalls your app, we will attempt to send you a shop/redact webhook. This webhook will provide the shop_id and shop_domain so that you can erase their customers’ personal information from your database. Similar to the customer redaction request, you should do so within 30 days.

 

Receiving a View Data Request

Implementation details will be coming very shortly.

 

For a quick recap:

Who is affected by this change? For the sake of simplicity and fairness, Shopify is honoring GDPR requests from everyone, even though the GDPR technically only applies to individuals who reside in the European Economic Area (“EEA”). Any app that offers goods or services to residents of the EEA is subject to the law (almost everyone!).

What do I do? Implement the two mandatory webhooks.

Why? To ensure compliance with the new European General Data Protection Regulation.

When? Shopify will begin sending payloads on August 25th, 2018.

For more information, please see our blog ‘What App Developers Need to Know About GDPR’, our helpdocs on GDPR, and our docs on user privacy and apps.

 

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

Replies 44 (44)
Conner
Explorer
49 1 9

Hi Ryan,

Quick clarification question.

Does this only apply to Shopify app developers?

We haven't developed any Shopify apps, but we handle all API requests for our clients' stores. Does this apply to us?

Thanks

Ryan
Shopify Staff
Shopify Staff
497 42 117

This would apply to anyone who is receiving and storing customer data through the API.

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

menelaos_vergis
Shopify Partner
32 0 10

Are shop name and (xxx.myshopify.com) and email considered personal data?

 

Build Shopify Applications with the most simple UX possible
Marc_Syp
Shopify Partner
22 0 2

I have a private app that uses the Admin API to work with my Shopify Storefront and Printful Fulfillment service.  I do not request or store any customer data on my servers at this time.  However, Printful does have customer data that is clearly collected from Shopify.

I assume that Printful is complying with this requirement.  Am I also required to do anything?

Thanks.

Ryan
Shopify Staff
Shopify Staff
497 42 117

Are shop name and (xxx.myshopify.com) and email considered personal data?

No, this is customer data, not that of a Shopify Merchant.

I have a private app that uses the Admin API to work with my Shopify Storefront and Printful Fulfillment service. 

Yes Printful is required to comply, for private apps there is no action on these webhooks.  It's expected that if necessary merchants will relay the required info to be redacted to private app developers as private apps are considered an extension of the shop.

 

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

Conner
Explorer
49 1 9

Ryan,

I could use some more clarification based on your last response on the thread.

My company handles data feeds for our clients. We haven't developed any Shopify apps, public or private. We only make use of the Admin API.

Will actions on these webhooks be required from us? Or, is this the Store's responsbility to handle and then relay those requests to us?

Let me know if I can clarify anything.

Thanks

Ryan
Shopify Staff
Shopify Staff
497 42 117

Only public apps will have the ability to register for mandatory redact webhooks.  Any other usage of the data including private apps and integrations (which is sounds like you are) is the responsibility of merchant.

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

Conner
Explorer
49 1 9

Thanks, Ryan!

ClementG
Shopify Partner
660 0 140

Hi Ryan,

I have summarized a few questions below:

1) What will happen if we try to load an order for which the customer requested deletion.
Will order.customer be null? Or will it be non null with a customer id and all other personal fields null?

2) What is the purpose of the 48 hours delay?
 
3) When the customer order information is redacted, will the order/update webhook be triggered with missing customer details (e.g., a null customer_id, no billing/shipping address, email, or phone)?

This would be ideal because it would avoid every app implementing their own data cleaning methods and simply rely on Shopify to remove all personal details

ClementG
Shopify Partner
660 0 140

4) Is it possible for a store to request a shop/redact request even through they have not uninstalled the app? That could lead to pretty weird scenarios where the app cannot function.

I do wonder why shop/uninstall is not enough and why we need another webhook like shop/redact...

It might have been easier to add a checkbox when the store uninstalls, which asks whether all data should be redacted. But maybe there is a good reason I don't know about? 

Tony_Gilyana
Shopify Partner
6 0 0

Hi Ryan,

Hope you're doing well! Any update on the implementation details about the "View Data" request? We are pretty close to the release date on August 25th and we need this information as soon as possible.

Thanks, Tony

Ryan
Shopify Staff
Shopify Staff
497 42 117

1) What will happen if we try to load an order for which the customer requested deletion.
Will order.customer be null? Or will it be non null with a customer id and all other personal fields null?

Non-null with PII redacted.

2) What is the purpose of the 48 hours delay?

We have seen that if people uninstall an app by accident, or if they change their mind, they typically reinstall within 24h, so 48 is us taking into account some buffer time.
 

3) When the customer order information is redacted, will the order/update webhook be triggered with missing customer details (e.g., a null customer_id, no billing/shipping address, email, or phone)?

Yes,  webhooks are fired. The data isn't nulled out, it's redacted, anonymized

4) Is it possible for a store to request a shop/redact request even through they have not uninstalled the app? That could lead to pretty weird scenarios where the app cannot function.

There are multiple checks against this, so no, there would not be a redact if the app is not uninstalled.

 

I do wonder why shop/uninstall is not enough and why we need another webhook like shop/redact...

We couldn't add a 48 hour delay on the uninstall webhook.  And fundamentally they are different things, and apps will respond differently.

Any update on the implementation details about the "View Data" request?

I don't have any details on this there will be more shared when we have it.

 

 

Cheers,

Ryan

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

Tony_Gilyana
Shopify Partner
6 0 0

Hi Ryan,

 

Any update on the implementation details about the "View Data" request?

I don't have any details on this there will be more shared when we have it.

 

Can you please confirm whether this is actually expected to be implemented by August 25th then?  Something doesn't sound right if Shopify doesn't even have the specs worked out for starters.  Or am I misunderstanding when this is due? 

ClementG
Shopify Partner
660 0 140

Thank Ryan, that's pretty much the answers I was hoping for.

We will commence testing shortly.

ClementG
Shopify Partner
660 0 140

Actually, there is no way to test at this point right? Payloads are not sending yet...

Ryan
Shopify Staff
Shopify Staff
497 42 117

Actually, there is no way to test at this point right?

I believe only shop/redact is sending at the moment.

 

 

Ryan | Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

sanazt
Tourist
3 0 2

I cannot find relevant webhook topic under https://mytestshop.myshopify.com/admin/settings/notifications > Webhooks... what topic should I chose to trigger sample webhooks?

Thanks.

menelaos_vergis
Shopify Partner
32 0 10

I have implemented the webhooks and i have two questions:

  1. There are 3 webhooks but at the App Setup page there are only two fields ( Customer data erasure endpoint  and Shop data erasure endpoint )
  2. Why I get `Mandatory WebHook URL is invalid` on every save? It's a valid url and it's working (test it with PostMan)
Build Shopify Applications with the most simple UX possible
Matias_Fernande
Tourist
6 0 8

I have these same exact questions.

I'm also recieving the "Mandatory WebHook URL is invalid" today. I'm not entirely sure why it's happening since the error doesn't say much. I don't think I changed anything in my app since last time it worked, so there's a chance it's on Shopify's end.

I don't have the third webhook because I assumed it got triggered by some scope or the "Read all orders" request. Maybe that's what's causing my failure? Idk but if someone figures it out, please share.