Littledata automatically integrates with many common cookie consent apps to respect customer privacy and comply with data regulations such the ePrivacy Directive (which is often considered part of GDPR).
Littledata integrates with the top cookie banner apps, including apps using Shopify's Customer Privacy API. The required setup depends on which customer privacy solution your store is using:
Each time the Google Analytics script loads on your website, it adds a cookie (the
_ga cookie) with an identifier to track the user across multiple pages and sessions. Next, it sends that cookie identifier to Google’s servers, along with each page view and event.
This is a first-party cookie, but since GA is not 'strictly necessary' to your website functioning the user must be allowed to opt in to its usage.
To be compliant, you can’t allow Google Analytics to use that cookie before the user has opted in. The common mistake online stores make is that the cookie banners are showing, but Google Analytics still tracks users before they opt in.
The challenge is to ensure the landing page - campaign source (UTM tags) - is tracked as soon as the user consents, but not before.
If the user never consents and continues to checkout and purchase, Littledata’s server-side tracking will record the sale without any link to the marketing campaign which brought them. In Google Analytics, these non-consenting users will appear in the “Direct” marketing channel (although in a future feature we are planning to clarify that they Opted Out).
In reality, most users do consent for sites to track them, so this feature will limit but not remove all marketing attribution in Google Analytics or other tools.
Littledata offers an easy way to get GDPR cookie compliance right. First let's take a look at how cookie banners work in general.
The ePrivacy Directive requires that, in Europe, a website asks for the users' consent before storing cookies that are not strictly necessary for the basic functioning of the website in their browser.
To use the example given by Shopify’s own banner app, when a visitor first lands on Kay Nine Supply’s website they’re shown a banner, and any tracking or setting of cookies has to wait.
After the first page of the visit loads, the user has a choice: Ok or No thanks.
Users who click
Ok can be immediately tracked (even though the click happens after the page load), and users that click
No thanks must not be tracked.
Littledata automatically integrates with apps using Shopify's Customer Privacy API, which lets an app share whether and when the user consented to be tracked.
The following apps mention Customer Privacy API in their app store listing, but there may be others:
You must change your store settings so that, for European customers, Littledata waits for the user to grant consent before tracking. Here’s how to set that up:
Partial data collection before consent option will also cause Littledata to wait before tracking.
After this tracking limit is enabled, Littledata uses Shopify's Customer Privacy API to decide if the user can be tracked.
Our tracking script waits for the user to grant consent, then whenever that happens — on the first page or later — we send the tracking calls to your chosen data destinations.
The user will be tracked when:
If you are using Shopify with Segment the same principles apply.
Segment's AnalyticsJS library uses localstorage rather than cookies to track the user, but to be compliant with the ePrivacy Directive users still need to consent before events are sent to Segment.
analytics object is available when the page loads - so you can enqueue other tracking events to send as soon as the user consents - but no events or page views will be sent from the browser until the user has opted in.
If the user never consents and continues to checkout and purchase, the checkout and Order Purchased events will still track in Segment, but without being linked to a web session and without marketing attribution.
If you want to limit tracking for other apps but capture maximum data into Google Analytics you can turn off respectUserTrackingConsent in the data pipeline settings.
This setting was turned off for stores installing before 2021, to prevent disruption to the data collection.