New Shopify-API for GDPR compliance

Finn Carstensen

• October 14, 2020 12:01
• Edited

Shopify recently published a new way of limiting tracking for european users. It was a big problem that there was no way to do this before for certain shopify cookies.

Here you can see the article of the new feature https://help.shopify.com/en/manual/your-account/privacy/cookies#tracking-european-customers-and-gdpr-compliance .

Since external scripts have to use the new API to get and set the consent status, is or will cookiebot be supporting this new feature?

2

• 

  FC

  • November 03, 2020 11:10

  Hello Finn,

   

  That is very relevant question. Have you had any answer regarding this?

   

  Regards,

  
  FC

  0
• 

  Spas – vConnect – Community Supporter

  • November 04, 2020 08:32

  Hi,

  This new feature does not seem very useful, it seems to be a tool for scripts that set tracking and you need to ask Shopify whether or not they are allowed to.
  However, there is a method that lets you set consent to tracking to either true or false, but I don't think that influences what cookies Shopify sets, nor is it granular. Meaning either you accept tracking or you don't.You could add a little script, but I'm doubtful this solves the issue that Cookiebot generally have with Shopify:

  <script>
  window.addEventListener("CookiebotOnConsentReady", function() {
    var c = Cookiebot.consent,
        p = c.preferences,
        s = c.statistics,
        m = c.marketing,
        tracking = p && s && m ? true : false;
    window.Shopify.customerPrivacy.setTrackingConsent(tracking, function() {
      console.log("Tracking " + (tracking ? "en" : "dis") + "abled");
    });
  });
  </script>

  The issue is caused because website builders (like Wix, Shopify, etc) add their own native scripts to the page before any of your own content is added, including third party scripts like Cookiebot. This means that by the time the Cookiebot script loads, cookies or similar trackers will potentially already have been set.
  To avoid tracking by the Website Builder's native scripts prior consent, you would have to mark them up. Unfortunately these scripts aren't accessible to you, making this impossible.
  
  This makes achieving full GDPR compliance impossible for Website Builder users. That is why Cookiebot encourage users to contact the companies behind their Website Builders and ask them to reach out to Cookiebot, so they can work together on finding a solution that allows the blocking of tracking from native scripts prior consent.

  Regards,
  Spas

  0
• 

  Roger Herbert

  • December 29, 2020 13:16
  • Edited

  Hi Spas,

  Just to add: as part of the change Shopify also added the ability (in online store > preferences) to limit native tracking by default, preventing such scripts from loading until an app like Cookiebot provides consent via the new API mentioned earlier.

  

  0

Please sign in to leave a comment.