As we worked on updating our consent management logic to align with Shopify’s recent checkout extensibility release for one of our main client (read our previous article on the topic if you are not familiar with it and want to understand this article!) we found out that :
- Customer events (App and Pixels) are fired even when Customer Privacy is not set and even if permission are required. Not cool!
- You can prevent this from happening with an “hidden” setting in Shopify Settings. Even less cooler!
Before getting into the nitty-gritty details allow me a small digression. As a kid, Cheat codes in video games always puzzled me. Why include something that players could never discover on their own? Back then, the only way to find Cheat codes was through some magazine. Difficult to find and expensive! I know now that cheat codes were originally created by game developers to simplify their play-testing sessions. They weren’t meant to make it into the final production, but some accidentally slipped through and became legendary like the Konami code.
In The Design of Everyday Things, Donald A. Norman highlights that “two of the most important characteristics of good design are discoverability and understanding.” By that definition, cheat codes were poorly designed—but they weren’t intended to be used by players in the first place. When accessing interfaces from tools like Google Analytics or Shopify I expect settings to be discoverable and understandable, if not immediately, then at least with minimal effort. For more complex tasks, proper documentation is crucial and also expected. Design is becoming increasingly important when addressing topic like consent management and privacy settings. They need to be understood and explainable beyond technical circles.
The setting we found in Shopify is, IMO, very important and needed but poorly designed, difficult to find and as far as I know not documented.
The challenge
As I said, recently at Analytics Ninja, we’ve been tasked to configure a “privacy-friendly” implementation for European market with opt-in logic on Shopify websites with Checkout Extensibility. Main legal requirement was clear: data collection could only occur with explicit user consent. For this implementation to succeed it need to meet two fundamental principles:
- Setting default consent state before any marketing-analytics pixels can be triggered.
- Nothing should fire if consent state is not set (ie. empty consent string doesn’t mean “granted”!)
Before starting to work on this project we already had some experiences with Shopify Extensibility and few assumptions:
- Customer Privacy is the preferred way to manage consent for Customer Events.
- Chicken-and-Egg problem with Custom Privacy/Consent Mode and custom pixels on checkout pages.
- The firing mechanism for Custom and App pixels is not transparent—we don’t know exactly when or how they are triggered.
- App and custom pixels are triggered when Custom Privacy is not set or set too late, even when permissions are required!
How do we work around this? What is the cheat code? Let’s find out…
Experimental protocol
I’m working with a staging website. I’m going to create a simple custom Pixel with required Permission for Marketing and Analytics:
Cookie banner is deactivated (i.e “Not visible in any region”):
When loading the website the Custom Pixel is firing:
Customer Privacy is not set:
Observations:
- Marketing and Analytics are required, they are not provided, the Custom pixel fire. I wouldn’t expect the Custom pixel to fire if permission are not set when they are actually required!
- Looking at the Cookie Banner section I’m not seeing anything that would help me to prevent the Custom pixel from firing if the Customer Privacy is not set or any way to set default values.
- We don’t have any guarantee that Customer events will wait for Customer Privacy to be set before firing.
Up, Up, Down, Down, Left, Right, Left, Right, B, A…
What’s coming next is, in my opinion, a real Konami code.
I’m not interested in Shopify Cookie banner at all but I’m going to activate it. Go to “More Actions” then “Set custom banner regions”.
I’m selecting all regions for the shake of this experiment:
Saving, coming back to the main menu. Now if you click the “More Actions” button again you have a different menu appearing (a secret menu if you will) where you can deactivate the banner by clicking “Remove Cookie Banner”:
and now that the banner has been deactivated you have yet another secret section where we can read something intriguing and interesting for us:
Your store can only collect customer data after consent in selected regions
Now if I’m going to back my website I can see that the Custom pixels is indeed not available anymore:
Customer Privacy settings are still empty but at least the Custom pixel doesn’t fire without consent.
I have also tested this for App pixels and can confirm that they behave the same way.
Conclusion
By configuring a consent banner (that we don’t need/want) and removing it after accessing a “secret” menu you can prevent App and Custom pixels from firing when Customer Privacy consent is empty. In other words, by applying a specific set of settings in the Customer privacy section you are modifying the way Customer Events required consent is behaving! Obviously you need to set the Customer Privacy state properly otherwise your Custom pixel won’t ever fire. Now you can make sure that they will never fire if consent has not been given.
Shopify Customer Events Permission and Privacy Settings Score:
discoverability: 0/10
understandability: 0/10
I think Shopify should separate the configuration of the banner and the configuration of Customer Privacy. The Customer privacy permission section in Customer events should be rework for more clarity. Ultimately all these “secrets” menus should be redesigned or at least supported with proper documentation.
Thanks to Artem to help me keep my sanity and sharing his own vision of Customer privacy is this blog post. Also Thanks to Timur for always taking the time to explore these crazy setups.
Leave a Reply