Shopify offers a feature to limit the tracking of data called Limit tracking for customers. This feature limits Shopify’s tracking of online store customers and notifies any third-party apps that you have installed in your store to limit their tracking.

Since our application has an integration with Shopify’s Customer Privacy API (which automatically blocks cookies and trackers installed either by Shopify directly or by any plugins that support it), first you have to enable the Collected after consent option inside your Online Store > Preferences.

Because Shopify has no control over whether a third-party app or script tracks customers, they provide a consent tracking API for integration. This permission tracking API has been integrated into our GDPR Compliance Center app. Once the page has loaded and Shopify has banned the cookies, each customer can choose to opt in or out of the various cookie groups. When the Limit tracking for customers option is turned off, all cookies, including the Facebook Pixel and Google Analytics, will be fired as usual. Also, the default cookies from Shopify are set as persistent cookies, not as session ones.

No pixel is fired when the Limited tracking for customers in Europe option is activated. Shopify is also enforcing this restriction. The default cookies are set to session cookies, which are automatically destroyed when the customer leaves his browser.

Shopify Tracking settings have been designed to comply with the Court of Justice of the European Union’s decision on cookies, which prohibits cookies - or other tracking technologies - from storing information on a user’s device. Since session cookies are removed after a user’s visit, and cannot be used to track the user over time, this solution abides by the requirements of the decision while retaining most functionality of the website, which means these Shopify Analytics cookies are not a part of opt-outs.

The downgrade from a persistent cookie to a session cookie makes those cookies compliant with GDPR/CJEU. This is Shopify's internal solution to remain compliant (does not store any of the data) while still servicing the merchant's analytics and any additional measures would have to be discussed with a legal expert.

When the clients decline non-essential cookies, Shopify is still permitted to fire the downgraded versions of their analytics cookies. They are limited in use until consent is given, in which case they are properly activated.

The downgraded cookies Shopify utilizes are compliant with GPDR and can still be fired even after the user revokes consent for non-essential cookies. We handle the downgrades from our end after receiving their consent option.

Note that in order for our banner to work properly with the Limited tracking for customers in Europe, you will need to select a banner type that initially blocks all cookies except for the strictly required. In other words, you will need to select Accept only or Accept/Decline or Preferences (with strict policy).

Did this answer your question?