Why you need to care about cookies consent under the GDPR on your Shopify store

What is GDPR in more detail?

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. General Data Protection Regulation or else GDPR is a European regulation to strengthen and unify the data protection of EU citizens. You can find from information here: https://www.eugdpr.org/

How the GDPR affects Cookie Policy

Cookies are mentioned only once in the EU General Data Protection Regulation (GDPR), but the repercussions are significant for any organisation that uses them to track users’ browsing activity.

Recital 30 of the GDPR states:

Natural persons may be associated with online identifiers […] such as internet protocol addresses, cookie identifiers or other identifiers […]. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

In short: when cookies can identify an individual via their device, it is considered personal data.

This supports Recital 26, which states that any data that can be used to identify an individual either directly or indirectly (whether on its own or in conjunction with other information) is personal data.

Not all cookies are used in a way that could identify users, but the majority are and will be subject to the GDPR. This includes cookies for analytics, advertising and functional services, such as survey and chat tools.

So briefly:

  1. GDPR states that as a website owner, you cannot assume a user has opted into the cookies being used on your website — the user must give a positive opt in or “affirmative action” to signal their consent to the use of cookies and you also cannot force users to opt into the use of cookies.
  2. Users who do not give consent should have the same experience of your website as those who give consent, which means you have to provide the same level of service and experience to those who do not accept the cookies.
  3. Consent will need to be specific to the different cookie purposes with the ability to enable and disable cookies at a granular level for each cookie.
  4. It also means that you should not be tracking users on your website with tools such as Google Analytics until they give you a specific permission to do so.

Achieving compliance

Soft opt-in consent is probably the best consent model, according to Cookie Law: “This means giving an opportunity to act before cookies are set on a first visit to a site. If there is then a fair notice, continuing to browse can in most circumstances be valid consent via affirmative action.”

Checkout our FREE Shopify App that helps you prepare your store for the GDPR regulations related to cookies with the ready to use Cookie Consent Banner.