Articles on: Integrations

Shopify Customer Privacy API

Shopify offers a feature to limit the data collection of European customers visiting your online store, as determined by their IP address. From inside your store, you can choose the level of restrictions for marketing and analytics data collection for customers from the EU, EEA, UK, and Switzerland.

Since our application has an integration with Shopify’s Customer Privacy API (which automatically blocks cookies and trackers installed either by Shopify directly or by any plugins that support it), first you have to enable the Collected after consent option inside your Online Store > Preferences.

Because Shopify has no control over whether a third-party app or script tracks customers, they provide a consent tracking API for integration. This permission-tracking API has been integrated into our Pandectes GDPR Compliance app. Once the page has loaded and Shopify has banned the cookies, each customer can choose to opt-in or opt-out of the various cookie groups. When Collected after consent option is turned off, all cookies, including the Facebook Pixel and Google Analytics, will be fired as usual. Also, the default cookies from Shopify are set as persistent cookies, not as session ones.

No pixel is fired when the Collected after consent option is activated. Shopify is also enforcing this restriction. The default cookies are set to session cookies, which are automatically destroyed when the customer leaves his browser.

Shopify Tracking settings have been designed to comply with the Court of Justice of the European Union’s decision on cookies, which prohibits cookies - or other tracking technologies - from storing information on a user’s device. Since session cookies are removed after a user’s visit, and cannot be used to track the user over time, this solution abides by the requirements of the decision while retaining most functionality of the website, which means these Shopify Analytics cookies are not a part of opt-outs.

The downgrade from a persistent cookie to a session cookie makes those cookies compliant with GDPR/CJEU. This is Shopify's internal solution to remain compliant (does not store any of the data) while still servicing the merchant's analytics and any additional measures would have to be discussed with a legal expert.

When the clients decline non-essential cookies, Shopify is still permitted to fire the downgraded versions of their analytics cookies. They are limited in use until consent is given, in which case they are properly activated.

The downgraded cookies Shopify utilizes are compliant with GPDR and can still be fired even after the user revokes consent for non-essential cookies. We handle the downgrades from our end after receiving their consent option.

Note that in order for our banner to work properly with the Collected after consent option, you will need to select a banner type that initially blocks all cookies except for the strictly required ones. In other words, you will need to select Accept only or Accept/Decline or Preferences (with strict policy).

Check out more about our integrations here.

Updated on: 27/04/2023

Was this article helpful?

Share your feedback


Thank you!