Updated June 4, 2021

I consulted with Termly, a popular compliance solution for small businesses, to get expert advice while creating this tutorial for Shopify store owners.

Running an E-Commerce business gives you the opportunity to sell your products and services to customers all around the world 🌍

However, this also means that you need to comply with various data privacy regulations that can vary from country to country and even state to state.

Throughout this article, I’ll dive into more detail about privacy laws and regulations you’ll want to be aware of. I’ll also introduce a solution that’ll allow you to ensure your website is compliant with them.

📖 What’s In This Post

The Importance of Data Privacy Laws

As a Shopify store owner, you’re likely collecting some type of information about your customers. It could be their email address, phone number, cookies, or other trackers that are on your website.

A lot of this information is essential to a successful store because you need to ensure you’re targeting the correct customers and capitalizing on website visitors. However, customers and lawmakers are becoming more aware of the value of data, how it’s collected, what it’s being used for, and who has access to it.

79% of respondents said they are concerned about how companies are using the data they collect about them. Source: Data Privacy Manager

To help combat these issues, many countries around the world have put some kind of data privacy laws into place. They typically include:

  • how data and customer information is collected
  • how customers are informed about your website’s data collection practices
  • what control a customer has over their data once it’s collected

⚠️ Not following the proper state and country protocols can potentially lead to fines, lawsuits, and the possibility of your Shopify website getting banned in certain jurisdictions.

You’ll want to make sure you’re compliant with the laws and regulations applicable to you to avoid any legal trouble, but you’ll also build trust with your customers by being transparent about your data collection practices.

100+ countries have put legislation in place to secure the protection of data and privacy. Source: Data Privacy Manager

Here are a few recent examples of companies that failed to comply with data privacy laws:

  • Google – Fined $56.6 million
  • Marriott – Fined $23.8 million
  • Iliad Italia – Fined $976,000
Source: Tessian

Does This Apply To Me?

While the European Union has some of the most extensive data privacy laws (we’ll dive more into this later on), there are still a bunch of places around the world that have very similar laws and regulations.

If you have users in a country with data privacy laws, your Shopify store must comply with those policies. Here’s a list of some countries that already have data privacy laws as of June 2021:

  • United States
  • UK
  • Canada
  • Australia
  • New Zealand
  • Japan
  • South Korea
  • China
  • Thailand
  • India
  • Chile
  • Brazil
  • South Africa
  • Most European countries in and out of the EU
    •
Source: General Data Protection Regulation , Comforte, Data Protection Act 2018

US & International Laws

As previously mentioned, your customers are likely located all around the world. This means you need to ensure you’re following the correct data privacy laws for every country applicable to your Shopify store.

US Privacy Laws and Regulations

While the United States is a massive market, it doesn’t have a comprehensive data privacy law. Instead, the Federal Trade Commission (FTC) has broad jurisdiction over the enforcement of privacy laws. They mostly focus on websites and companies using deceptive and unethical trade practices.

Some examples of when the FTC might take action against a company could include:

  • Improper data security
  • Not having a privacy policy easily viewable by customers
  • Using misleading advertising practices
  • Making a deceptive statement in the privacy policy

Although the United States doesn’t have specific data privacy laws, there are more specific regulations in place at the State level. The largest and most comprehensive one is the California Consumer Privacy Act (CCPA) .

The CCPA went into effect on January 1, 2020. It includes informing customers and users when/how their data is collected and giving them control of it. This information should be included in your website’s privacy policy.

72% of Americans report feeling that most of what they do online is being tracked by advertisers, technology firms, or other companies. Source: Data Privacy Manager

International Laws and Regulations

One of the largest data privacy policies put in place is the General Data Protection Regulation (GDPR). Like the CCPA, it details how company’s use, transmit, and secure customer data. However, this regulation applies to 28 countries within the European Union. Fines for not following GDPR regulations can range up to 20 million Euros.

GDPR fines rose over 40% between January 2020 and January 2021 Source: Data Privacy Manager

What’s Needed To Comply With Data Privacy Laws

Even if you’re located in an area where data privacy laws aren’t applicable, you should understand that your customers are more than likely located in jurisdictions where some legislation is in place. So, what exactly is needed to make sure you’re complying with data privacy regulations?

Here are a few things you’ll want to make sure you have available on your Shopify website:

  • Cookie Consent
  • Privacy Policy
  • “Do Not Sell” Link
  • Data Subject Access Request Form

Also, not directly related to Data Privacy but still good to have:

  • Terms and Conditions
  • Disclaimer (if applicable to your store)

Cookies

Cookies allow websites to keep track of their visitors and their activity.

If you want to comply with regulations like the GDPR and CCPA, you need to be aware of the cookies your Shopify website is using and specify how you use them. You also need to obtain a customer’s consent regarding cookie tracking and allow them to set their preferences. This also means you need to give your customers the option to block cookies if they do not consent.

Privacy Policies

If your Shopify store collects any kind of personal information about your customers, you need a privacy policy. Some personal data could include: emails, phone numbers, and credit card details. Just about every Shopify website collects personal data about their visitors, so a privacy policy is essential if you want to stay within GDPR & CCPA guidelines.

“Do Not Sell” Link

In order to adhere to CCPA guidelines, your Shopify site needs to include a Do Not Sell My Personal Information link somewhere on your homepage (usually located in the footer section). This allows users to act on their CCPA privacy rights.

Terms and Conditions

Your Terms and Conditions establishes what your company expects from users, and what your users can expect from your company.

Shopify allows you to generate a Terms and Conditions page from a template. Just keep in mind that you’ll want to tailor it to fit your business so that you limit any legal issues that may arise.

Disclaimers

You’ll want to protect your company and website from any legal liabilities by having a comprehensive disclaimer. Some topics you’ll want to include a disclaimer for are (this is not a comprehensive list):

  • Legal advice
  • Affiliate programs
  • Medical and Health advice
  • External links

Ensure Your Shopify Website Is Compliant

I know that seems like a lot of legal items you need to check off to make sure you’re following Data Privacy laws, but they shouldn’t be overlooked.

You could have an attorney draft up these documents for you, but that could get pretty expensive. You could also try and create these items yourself, but as a busy Shopify business owner your time might be better spent doing other tasks.

We recommend Termly for creating your policies and staying compliant with up-to-date privacy laws. After researching various solutions, we determined Termly to be the best solution for compliance – we use it on our site too.

Here are a few reasons why we enjoy using Termly’s service:

  • Simple to use
  • Easy to integrate with your Shopify websites
  • Compliant with US and EU laws
  • Constantly updated to reflect changes in global privacy laws

In the next few sections I’ll walk you through how to use Termly.

Generate a Cookie Policy and Consent Banner With Termly with your Shopify store.

1. Sign up for an account at Termly.io

2. After you log in for the first time, you’ll see a screen that will ask you to add your website. Simply fill out the form.

3. You’ll then be prompted to scan your website so Termly can generate your custom cookie policy and consent banner.

4. Once your scan is done, you’ll be given a report that details all the cookies on your site. I suggest you take some time to go through them.

📌 You’ll want to make sure the cookies being used on your Shopify website are classified correctly. Also, make sure they have links to the 3rd party site so users can read their policy if needed.

If there are scripts essential to the function of your website, make sure you categorize those cookies in the Essentials tab in the Scan Report section of Termly, this allows those scripts to run if the user does not accept all cookies.

When you’re ready, click the Generate Cookie Policy button

5. On the next page you’ll see your generated Cookie Policy.

Click the Add To Website button to see your options for adding the policy to your Shopify website.

Copy the code block that’s given to you

For embedding policies like this, I recommend the Code Snippet option and embedding the code into a Shopify page you created. This ensures your policy stays up to date with privacy laws + your settings in the app.

Head over to your Shopify Admin and create a new page.

Click on the highlighted button below. This allows you to insert HTML code into the page

After pasting the code, save the page.

Now you can add this page to your Main Menu, Footer Menu, or anywhere you’d like.

If needed, here’s a Shopify resource that shows you how to add new pages to your menus.

6. Next, you’ll want to create your Cookie Consent banner.

Navigate to Banner Settings in Termly and configure it to your liking.

To stay compliant, it’s necessary to block scripts that embed cookies. Termly’s Auto Blocker feature helps you with this:

Once you’ve customized your banner, you’ll be given another code snippet to insert into your theme.

📌 I recommend duplicating your live theme first, then embedding the consent banner on the backup theme and previewing it to make sure everything functions normally before you make it live.

Copy the code snippet > Navigate to Shopify Admin > Themes > Actions (on theme you want to edit) > Edit Code

In your theme.liquid file, paste the copied code right under the head tag and save

Now your Shopify website will show visitors a Cookie Consent banner

Create a Privacy Policy for your Shopify Website

Benefits of using Termly’s Privacy and Cookie Policy generators

  • The policy is custom generated based on your business using a question and answer format
  • The policy stays up to date to abide by privacy laws for GDPR, CCPA, etc., for example updated language to distinguish between EU and UK customers following Brexit
  • Helps ensure you’re including the necessary information based on the services you use on your website

📌 We went through Termly’s privacy policy generator for Speed Boostr and found it’s more robust than the Shopify template generator because it creates a tailored policy based on questions / answers you enter regarding your business.

If your privacy policy is up to date with modern laws or if you don’t want to create a new privacy policy then you can skip this section but you’ll still need to perform Step 1 “Click the new privacy policy button” to unlock the CCPA link for the DSAR form.

1. In Termly, under Policies, select Privacy Policy

Just like before, you’ll want to create a new policy by clicking the New Privacy Policy button.

2. You’ll be presented with a form. Simply fill it out with all of your Shopify store’s details.

3. After you’re done, you’ll see your new Privacy Policy. We’re going to follow the same steps as we did for adding a Cookie Policy page.

Click the Add To Website button and copy the HTML code.

Head over to your Shopify Admin, create a new page, and click on the highlighted button below. This allows you to insert HTML code into the page

Paste the copied code in.

Now you can add this page to your Footer menu.

There are 5 policy generators, including a Terms and Conditions generator, and like the Privacy Policy generator Termly has a powerful step by step tool to create the policy custom to your business.

Termly policy generators:

Advanced terms and conditions generator for Shopify

Include a “Do Not Sell” Link In Your Shopify Website’s Footer

1. In Termly, under Consent Management > DSAR Manager you’ll find the CCPA “Do Not Sell” Link section.

📌 If this section is unavailable, you’ll first need to generate a Privacy Policy with Termly. If you already have an existing Privacy Policy and didn’t generate it with Termly then simply navigate to Policies > Privacy Policy and click on the single button to generate a blank policy. This will unlock access to your “Do Not Sell” Link code snippet.

2. Copy the code snippet provided to you.

3. Head over to Shopify, open your code editor, and navigate to your footer section file.

4. Paste the copied code where you’d like it to appear in your Shopify website’s footer and click save.

Add a Data Subject Access Request form to your Shopify Website

A Data Subject Access Request (DSAR) form is required by GDPR, CCPA, and other international regulations. It allows visitors to contact you regarding the handling of their personal information.

If you don’t want to embed the DSAR form as a page directly on your site, you can just copy the link provided to you under DSAR Manager > CCPA “Do Not Sell” Link and paste it into your existing Privacy Policy.

1. In Termly, under Consent Management, click on DSAR Form.

2. Click the Add To Website button

3. Copy the line of code given to you with the HTML option to embed in a page, or the url option if you just want to link to a form hosted on Termly’s site server

4. Head over to your Shopify Admin, create a new page, and paste the copied code in (or if using a url, put the url link in your privacy policy or where you want to link to the form).

Now, you can add this as a menu item in your footer.

Reasons To Upgrade To A Pro Plan

Termly’s free plan is great for getting started but it caps out at 100 unique visitors per month, so for active businesses doing volume the Pro plan will be necessary.

Here are a few reasons why you might want to consider upgrading from a free plan:

  • Be fully compliant if you have more than 100 unique visitors per month
  • Enable regional consent rules depending on the user’s location
  • Remove the Termly logo and customize the policy style to match your branding
  • Enable multiple languages
  • Automatically scan your website for cookies more frequently, to ensure compliance
  • If you’re operating a business, protect your asset by ensuring you’re compliant

🏁 That’s It!

Termly has a lot more info you can check out if you’re interested. They make the process very easy to ensure that your Shopify site is complying with GDPR, CCPA, and other international regulations.

FAQ

Do all websites need a privacy policy?

No, only websites that collect personally identifiable information need to have a privacy policy.

If your site uses cookies and has users in a country with a policy that requires it (CCPA, GDPR, etc), then yes you need a cookie policy. For example, you have to comply with the CCPA or GDPR if you have users in California or most of Europe.

Yes, U.S. websites need to comply with the GDPR if they collect personal data from European Economic Area residents.

Final Thoughts

Throughout this article we’ve gone into detail about some common data privacy laws you should be aware of like the GDPR and CCPA. We’ve also talked about how important it is for your Shopify website to be in compliance with these data privacy laws.

There are various ways you can go about creating the legal items you need. Whether it be:

  • Having a lawyer create them for you
  • Using a service like Termly
  • Creating them yourself

Regardless of the route you take, this is something you’ll want to take care of sooner rather than later to make sure you’re protected.

We don’t provide legal advice, we’re just sharing what we think is the best solution and the app that we use. If you have questions about compliance I recommend contacting Termly – they have lawyers on their team to provide up to date compliance.

Next Steps

Thanks for taking the time to read this article. I hope you’re walking away with some knowledge that’ll help level-up your Shopify store. 🤙

1. If you enjoyed this post or have any questions, please leave a comment below.

2. Our team specializes in Shopify optimizations and development. If you need help with your store, please feel free to contact us.

3. If you found this content useful, join our email list below to hear when we review apps and share speed tactics.