Shopify, this question is for you...
If we have a website with European users, 'unambiguous, affirmative consent' to cookies is not optional. It's the law as per EU GDPR, with huge fines for non-compliance (or at best lots of time-wasting admin work if challenged on it).
Just like we can't run an online store without payment processing functionality, we can't run an online store selling to Europeans without a GDPR-compliant cookie consent mechanism.
So why does Shopify fob-off GDPR-compliant cookie consent to 3rd party developers?? This is core, non-optional functionality.
I've spent a lot of time looking at the 3rd party 'cookie bar/banner' offerings on the Shopify App Store:
Robust cookie consent should not be functionality that shop owners need to waste time searching Apps for. Or worse installing Apps that might be dangerously complacent, and indeed making their GDPR problems worse.
When is Shopify going to offer GDPR-compliant cookie consent as part of its core functionality?
I had to laugh so hard as i read "users will feel that they are respected"
Wow. Just wow. There are laws, and App-Developers talk about that at leas someone "feels respected"
When the court asks us if we set those cookies, I will say "Yes, but we told them so they felt resprected"
Made my day!
It can only be solved by shopify and is indeed a core functionality, which has to be there for EU-Users (even for US Stores!)
Unfortunately there is not a simple answer for you.
You can check on Shopify's white paper here: https://help.shopify.com/pdf/gdpr-whitepaper.pdf
Who tracks data:
Google Analytics (if installed)
Others (facebook pixel, ...etc)
In technical terms.
All apps load asynchronously or after the shop has loaded. So you cannot stop Shopify from tracking your information with an app alone. And that includes your google analytics tag that you've attached.
That also presents a separate issue with tracking on the checkout pages as those pages do not allow you run apps. If you can't run apps, there is no way to stop the tracking codes from firing on those pages.
On Shopify plus I believe you can create a custom checkout page, where you can then ask for consent for the tracking code.
A possible solution would be to modify your theme and custom checkout page (on Shopify plus) to verify if user has consented to your data collection.
Whether anyone has actually done that yet. I'm guessing probably not on a large scale.
Let me know if I can help in any other way.
How do people in Europe handle cookies? Are they all set to necessary?
RE: "How do people in Europe handle cookies? Are they all set to necessary?"
Not sure I've seen any Shopify cookie consent Apps that offer 'levels' or 'categories' of tracking - e.g. like OneTrust/etc. offer 'Necessary, Functional, Marketing, Social Media, etc.' There may well be some such Apps, and if they're honest then they'd have a rather broad 'Necessary' category, that actually translates into 'Unavoidable because only Shopify has the power to not fire these tracking codes.'
I fear most Shopify merchants 'handle cookies' by installing Apps that claim to be GDPR compliant, and even get good reviews... but actually are just useless decorations offering a false sense of security.
Yes I understand.
But professional firms that are working with Softwares for dropping cookies in every possible website claim that you can at last set prior to consent 3rd party scripts like Google analytics and Facebook pixel that you manually insert.
You basically need to edit a code in Shopify "edit code" section.
Any information about that?
If you want to to determine if app built by one of these app developers is actually GDPR compliant, you will A. have to believe them, or B. do some investigative digging on a technical level to see which one actually does everything that is compliant with GDPR. You will probably need some sort of web developer to dig into the small details of the app to see if it actually does what it is advertising.
Technical digging will probably involve: installing the app(s, until you find one that does as advertised).
Check that it:
Thank you for posting the link to the app you are using. I hope Shopify will have a solution. it must be part of the out of the box store setup. i wish you much success with your Store.
I'm chiming in here to keep the attention of the Shopify staff on this point. It definitely needs to be a core feature!
Has anyone found an app that truly integrates with the Shopify Consent Tracking API? (https://shopify.dev/docs/themes/consent-tracking-api)
I’ve not been able to find any.
EDIT: Shopify seems to have their own app https://apps.shopify.com/customer-privacy-banner and from the description it seems they do integrate with the Consent Tracking API. Gonna give this a try
The Customer Privacy Banner works with Shopify’s Customer Privacy settings, allowing you to prevent customer tracking if a customer in the EU does not agree to it.
I took the time to compare several third-party apps. I only found one that tracks consent and offers the ability to disable scripts. They claim to be Customer Privacy API compliant.
But according to Cookiebot, we are still not compliant.
What I can gather from Shopify's own app, based on the reviews, is that it still has some issues to work out. But I am very glad they are working on a native solution.
I also just discovered the Customer Privacy options under Online Store > Preferences.