Consent requirements for various apps
Shopify recently notified us that all apps and themes that insert cookies into a merchant storefront will now be required to integrate with the Customer Privacy JS API starting February 6th, 2023. This ensures that buyer consent for a particular data processing purpose is respected before loading any non-essential cookies, in order to facilitate compliance with industry standards and applicable data privacy regulations. App and theme extensions must pass through consent signals using the Customer Privacy JS API.
As a direct result, if you've configured your store to collect preference, analytics, and marketing data after receiving consent in your store's settings (see screenshot below), there are a few Vitals apps that won't be able to function correctly until the visitors consent to data collection and cookies.
These apps include:
- Facebook Pixels - without proper consent, we are not allowed to initialize Facebook's script, as it would send data to Facebook;
- Facebook Messenger Chat - without proper consent, we are not allowed to initialize Facebook's script, as it would send data to Facebook;
- Visitor Replays - without proper consent, Vitals isn't allowed to capture and stream the visitors' mouse movements and clicks,
- Countdown Timer and Cart Reserved Timer - without proper consent, the expiration time would be the same every time the page is reloaded.
Some apps will behave differently until the proper consent is given:
- Pop-ups - typically, you can create a few pop-ups and customize how often different pop-ups should be shown. Without proper consent, Vitals would be unable to know how much time has passed since a banner was displayed, so we will default to only offering one pop-up per session, randomly chosen from your pop-ups, and once closed, no more pop-ups will show up again in that session. The same principles apply to the Spin the Wheel app as well;
- Recent Sales Notifications - typically, you can decide how many notifications will be shown during a session. However, without proper consent, we will display a set number of notifications on every pageview.
- Push Marketing - without consent, the Opt-in Prompt Timings based on the number of Page Views will not work. We are not allowed to place a cookie that helps us count the number of pages visited by the customer, so in the absence of the cookies' consent, the Push Opt-in Prompt will be displayed on each page, with a 5 seconds delay (until the cookie consent is provided or user chooses an option for the Push Marketing Opt-in).
By February 6th, according to Shopify's requirements, Vitals will fully respect the data collection setting you've made in your store's Shopify admin. However, given the complexities around jurisdictions, privacy laws/regulations, and how you and your team intend to use Shopify and Vitals, you should seek guidance from your legal counsel. Unfortunately, Vitals cannot assist with any questions that might have legal implications.
However, if you choose to only collect data after receiving consent, you will need to use a GDPR-compliant Cookie Banner to request (and receive) consent from your visitors. You're in luck, Vitals has your back! The Cookie Banner app in Vitals is now compliant as well with Shopify's approach to GDPR & ePrivacy, allowing you to collect consent from users and instruct Shopify and all the other apps whether a visitor consented to cookies and data collection. Just make sure you enable the Opt-In/Out Cookie Bar.