Littledata automatically integrates with many common cookie banners and cookie consent apps to respect customer privacy and comply with regulations such the ePrivacy Directive (GDPR).
Littledata uses Shopify's Customer Privacy API to control tracking based on customer consent. The required setup depends on which customer privacy solution your store is using:
Read our longer guide on cookies and attribution
Each time the Google Analytics script loads on your website, it adds a cookie (the
_ga cookie) with an identifier to track the user across multiple pages and sessions. Next, it sends that cookie identifier to Google’s servers with each page view and event.
This is a first-party cookie, but since GA is not 'strictly necessary' to your website functioning the user must be allowed to opt in to its usage.
To be compliant, you can’t allow Google Analytics to use that cookie before the user has opted in. The common mistake online stores make is that the cookie banners are showing, but Google Analytics still tracks users before they opt in.
The challenge is to ensure the landing page - campaign source (UTM tags) - is tracked as soon as the user consents, but not before.
If the user never consents and continues to checkout and purchase, Littledata’s server-side tracking will record the sale without any link to the marketing campaign which brought them. In Google Analytics, these non-consenting users will appear in the “Direct” marketing channel (although in a future feature we are planning to clarify that they Opted Out).
In reality, most users do consent for sites to track them, so this feature will limit but not remove all marketing attribution in Google Analytics or other tools.
Littledata offers an easy way to get GDPR cookie compliance right. First let's take a look at how cookie banners work in general.
Regulation in various US states also requires users to be able to opt out of tracking:
These all cover "information that is linked or reasonably linkable to an identified or identifiable individual". The rules apply to any company "conducting business" in the state with information on 100,000 or more consumers.
Businesses affected must give web users the right to opt out of processing their data. Littledata's tracking is also compliant with this obligation.
Some cookie consent apps allow customers to choose if their data is being collected for analytics or for marketing purposes.
Littledata respects this specific choice so:
The ePrivacy Directive requires that, in Europe, a website asks for the users' consent before storing cookies that are not strictly necessary for the basic functioning of the website in their browser.
To use the example given by Shopify’s own banner app, when a visitor first lands on Kay Nine Supply’s website they’re shown a banner, and any tracking or setting of cookies has to wait.
After the first page of the visit loads, the user has a choice: Ok or No thanks.
Users who click
Ok can be immediately tracked (even though the click happens after the page load), and users that click
No thanks must not be tracked.
Littledata automatically integrates with apps using Shopify's Customer Privacy API, which lets an app share whether and when the user consented to be tracked.
The following apps mention Customer Privacy API in their app store listing, but there may be others:
Shopify made 'Collect after consent' the default in November 2023
You may need to change your store settings so that, for European customers, Littledata waits for the user to grant consent before tracking. Here’s how to check that setting:
After this tracking limit is enabled, Littledata uses Shopify's Customer Privacy API to decide if the user can be tracked.
Our tracking script waits for the user to grant consent, then whenever that happens — on the first page or later — we send the tracking calls to your chosen data destinations.
The user will be tracked when:
If you are using Shopify with Segment the same principles apply.
Segment's AnalyticsJS library uses localstorage rather than cookies to track the user, but to be compliant with the ePrivacy Directive users still need to consent before events are sent to Segment.
analytics object is available when the page loads - so you can enqueue other tracking events to send as soon as the user consents - but no events or page views will be sent from the browser until the user has opted in.
If the user never consents and continues to checkout and purchase, the checkout and Order Purchased events will still track in Segment, but without being linked to a web session and without marketing attribution.
If you want to limit tracking for other apps but capture maximum data into Google Analytics you can turn off respectUserTrackingConsent in the data pipeline settings.
This setting was turned off for stores installing before 2021, to prevent disruption to the data collection.