Integrating OneTrust with Shopify
OneTrust provides a comprehensive way to manage users' cookie preferences, and ensure GDPR cookie compliance.
OneTrust's app relays these consent choices to Shopify, and Littledata then picks up the cosent choices to automatically update consent in common marketing data destinations.
Here's how to set up OneTrust with Shopify for cookie compliance.
1. Install the OneTrust Shopify app
OneTrust's Shopify app syncs the consent states with Shopify's customer privacy API.
You can change the mapping of OneTrust Category IDs to Shopify consent categories in their app.
We recommend this mapping:
| Shopify category | OneTrust Category ID |
|---|---|
| Analytics | C0002 |
| Marketing | C0004 |
| Sale of data | - |
| Preferences | C0003 |
2. Install Littledata's app
Install Littledata's Shopify to Google Analytics or Shopify to Segment connection.
If you previously had Littledata installed, ensure that Respect user tracking consent is enabled in the data pipeline settings.
3. Tracking respects OneTrust choices
For Google, the consent is used in Consent Mode v2.
For other marketing channels (e.g. Meta, TikTok) the event tracking is turned on if users are opted into Marketing coookies.
For Segment, we pass the full consent object in all events for use with Segment Consent Management and in downstream destinations.
How this looks
Here's an example of OneTrust setup with Age UK.
When the user clicks "Accept all Cookies", the tracking in Littledata starts and consent is updated in downstream destinations.
Then, if the user opts out of "Cookies for performance", the tracking stops.
How this works
When consent choices are updated in OneTrust, Littledata gets a callback from Shopify with the updated cookie consent preferences.
e.g. if the user has consented to 'Cookies for performance' (tracked as category C0002 in OneTrust's consent preferences), the userCanBeTracked() field is set to truein Shopify and Littledata's passes cookies to Google Analytics.
This will also work with any other cookie banner apps which integrate with Shopify's Customer Privacy API.
If the user later revokes consent to Cookies for performance, then userCanBeTracked() is set to false.