Skip to main content

Integrating OneTrust with Shopify

OneTrust provides a comprehensive way to manage users' cookie preferences, and ensure GDPR cookie compliance.

OneTrust's app relays these consent choices to Shopify, and Littledata then picks up the cosent choices to automatically update consent in common marketing data destinations.

Here's how to set up OneTrust with Shopify for cookie compliance.

1. Install the OneTrust Shopify app

OneTrust's Shopify app syncs the consent states with Shopify's customer privacy API.

You can change the mapping of OneTrust Category IDs to Shopify consent categories in their app.

OneTrust Shopify mapping

We recommend this mapping:

Shopify categoryOneTrust Category ID
AnalyticsC0002
MarketingC0004
Sale of data-
PreferencesC0003

2. Install Littledata's app

Install Littledata's Shopify to Google Analytics or Shopify to Segment connection.

If you previously had Littledata installed, ensure that Respect user tracking consent is enabled in the data pipeline settings.

3. Tracking respects OneTrust choices

For Google, the consent is used in Consent Mode v2.

For other marketing channels (e.g. Meta, TikTok) the event tracking is turned on if users are opted into Marketing coookies.

For Segment, we pass the full consent object in all events for use with Segment Consent Management and in downstream destinations.

How this looks

Here's an example of OneTrust setup with Age UK.

Age UK cookie popup

When the user clicks "Accept all Cookies", the tracking in Littledata starts and consent is updated in downstream destinations.

Age UK cookie settings

Then, if the user opts out of "Cookies for performance", the tracking stops.

How this works

When consent choices are updated in OneTrust, Littledata gets a callback from Shopify with the updated cookie consent preferences.

e.g. if the user has consented to 'Cookies for performance' (tracked as category C0002 in OneTrust's consent preferences), the userCanBeTracked() field is set to truein Shopify and Littledata's passes cookies to Google Analytics.

This will also work with any other cookie banner apps which integrate with Shopify's Customer Privacy API.

If the user later revokes consent to Cookies for performance, then userCanBeTracked() is set to false.