3 minutes read

Why you need to care about cookies consent under the GDPR on your Shopify store

Cover - Pandectes - 
Why you need to care about cookies consent under the GDPR on your Shopify store

Table of Contents

What is GDPR in more detail?

The EU General Data Protection Regulation (GDPR) replaced the Data Protection Directive 95/46/EC. It was designed to harmonize data privacy laws across Europe, protect and empower all EU citizens’ data privacy, and reshape the way organizations across the region approach data privacy. General Data Protection Regulation, or else GDPR, is a European regulation to strengthen and unify the data protection of EU citizens. You can find the information here:Β https://www.gdpreu.org/

How the GDPR affects Cookie Policy

Cookies are mentioned only once in the EU General Data Protection Regulation (GDPR), but the repercussions are significant for any organization that uses them to track user’s browsing activity.

Recital 30Β of the GDPR states:

Natural persons may be associated with online identifiers […] such as internet protocol addresses, cookie identifiers, or other identifiers […]. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

In short: when cookies can identify an individual via their device, it is considered personal data.

This supports Recital 26, which states that any data that can be used to identify an individual either directly or indirectly (whether on its own or in conjunction with other information) is personal data.

Not all cookies are used in a way that could identify users, but the majority are and will be subject to the GDPR. This includes cookies for analytics, advertising, and functional services, such as survey and chat tools.

So briefly:

  1. GDPR states that as a website owner, you cannot assume a user has opted into the cookies being used on your website β€” the user must give a positive opt-in or β€œaffirmative action” to signal their consent to the use of cookies. You also cannot force users to opt into the use of cookies.
  2. Users who do not give consent should have the same experience of your website as those who give consent, which means you have to provide the same level of service and experience to those who do not accept the cookies.
  3. Consent will need to be specific to the different cookie purposes, with the ability to enable and disable cookies at a granular level for each cookie.
  4. It also means that you should not be tracking users on your website with tools such as Google Analytics until they give you specific permission to do so.

Achieving compliance

Soft opt-in consent is probably the best consent model, according to Cookie Law: β€œThis means giving an opportunity to act before cookies are set on the first visit to a site. If there is then a fair notice, continuing to browse can in most circumstances be valid consent via affirmative action.”

Take care of your customer’s privacy

Pandectes GDPR ComplianceΒ is the most popularΒ GDPRΒ application in the store. Shopify is proposing it as the #1Β GDPR alternativeΒ for the removed apps they had. It provides an EU GDPR/CCPA/LGPD banner, including preferences popup and cookie compliance, and works as a complete CMP. Based on a flexible settings panel, you are able to make it feet on your needs and brand.

Among its features is the compatibility withΒ Shopify’s Consent Tracking API, the integration withΒ Google Consent Mode,Β and the FacebookΒ Data Processing OptionsΒ for California (CCPA).

Pandectes GDPR Compliance app for Shopify - App Store
Pandectes GDPR Compliance – The #1 GDPR app for Shopify

In the case of GDPR, merchants need to select one of the strict mode banners where all non-strictly required cookies/scripts are blocked until the user gives his consent. They also need to enable the options for limiting tracking for visitors from Europe through their store preferences menu option. More information isΒ hereby Shopify.

Finally, they will need to create a Data Subject Requests page in order to provide an area to get them from their customers and visitors.

Make your Shopify Store GDPR/CCPA compliant today
Pandectes GDPR Compliance App for Shopify
Share
Subscribe to learn more
pandectes

Keep reading

Scroll to Top