Updated June 4, 2021
I consulted with Termly, a popular compliance solution for small businesses, to get expert advice while creating this tutorial for Shopify store owners.
Running an E-Commerce business gives you the opportunity to sell your products and services to customers all around the world 🌍
However, this also means that you need to comply with various data privacy regulations that can vary from country to country and even state to state.
Throughout this article, I’ll dive into more detail about privacy laws and regulations you’ll want to be aware of. I’ll also introduce a solution that’ll allow you to ensure your website is compliant with them.
📖 What’s In This Post
- The Importance of Data Privacy Laws
- Does This Apply To Me?
- US & International Laws
- What Is Needed To Comply With Data Privacy Laws
- How To Make Your Shopify Website Compliant
- Final Thoughts + Next Steps
The Importance of Data Privacy Laws
As a Shopify store owner, you’re likely collecting some type of information about your customers. It could be their email address, phone number, cookies, or other trackers that are on your website.
A lot of this information is essential to a successful store because you need to ensure you’re targeting the correct customers and capitalizing on website visitors. However, customers and lawmakers are becoming more aware of the value of data, how it’s collected, what it’s being used for, and who has access to it.
79% of respondents said they are concerned about how companies are using the data they collect about them. Source: Data Privacy Manager
To help combat these issues, many countries around the world have put some kind of data privacy laws into place. They typically include:
- how data and customer information is collected
- how customers are informed about your website’s data collection practices
- what control a customer has over their data once it’s collected
⚠️ Not following the proper state and country protocols can potentially lead to fines, lawsuits, and the possibility of your Shopify website getting banned in certain jurisdictions.
You’ll want to make sure you’re compliant with the laws and regulations applicable to you to avoid any legal trouble, but you’ll also build trust with your customers by being transparent about your data collection practices.
100+ countries have put legislation in place to secure the protection of data and privacy. Source: Data Privacy Manager
Here are a few recent examples of companies that failed to comply with data privacy laws:
- Google – Fined $56.6 million
- Marriott – Fined $23.8 million
- Iliad Italia – Fined $976,000
Does This Apply To Me?
While the European Union has some of the most extensive data privacy laws (we’ll dive more into this later on), there are still a bunch of places around the world that have very similar laws and regulations.
If you have users in a country with data privacy laws, your Shopify store must comply with those policies. Here’s a list of some countries that already have data privacy laws as of June 2021:
- United States
- New Zealand
- South Korea
- South Africa
- Most European countries in and out of the EU
US & International Laws
As previously mentioned, your customers are likely located all around the world. This means you need to ensure you’re following the correct data privacy laws for every country applicable to your Shopify store.
US Privacy Laws and Regulations
While the United States is a massive market, it doesn’t have a comprehensive data privacy law. Instead, the Federal Trade Commission (FTC) has broad jurisdiction over the enforcement of privacy laws. They mostly focus on websites and companies using deceptive and unethical trade practices.
Some examples of when the FTC might take action against a company could include:
- Improper data security
- Using misleading advertising practices
Although the United States doesn’t have specific data privacy laws, there are more specific regulations in place at the State level. The largest and most comprehensive one is the California Consumer Privacy Act (CCPA) .
72% of Americans report feeling that most of what they do online is being tracked by advertisers, technology firms, or other companies. Source: Data Privacy Manager
International Laws and Regulations
One of the largest data privacy policies put in place is the General Data Protection Regulation (GDPR). Like the CCPA, it details how company’s use, transmit, and secure customer data. However, this regulation applies to 28 countries within the European Union. Fines for not following GDPR regulations can range up to 20 million Euros.
GDPR fines rose over 40% between January 2020 and January 2021 Source: Data Privacy Manager
What’s Needed To Comply With Data Privacy Laws
Even if you’re located in an area where data privacy laws aren’t applicable, you should understand that your customers are more than likely located in jurisdictions where some legislation is in place. So, what exactly is needed to make sure you’re complying with data privacy regulations?
Here are a few things you’ll want to make sure you have available on your Shopify website:
- Cookie Consent
- “Do Not Sell” Link
- Data Subject Access Request Form
Also, not directly related to Data Privacy but still good to have:
- Terms and Conditions
- Disclaimer (if applicable to your store)
Cookies allow websites to keep track of their visitors and their activity.
If you want to comply with regulations like the GDPR and CCPA, you need to be aware of the cookies your Shopify website is using and specify how you use them. You also need to obtain a customer’s consent regarding cookie tracking and allow them to set their preferences. This also means you need to give your customers the option to block cookies if they do not consent.
“Do Not Sell” Link
In order to adhere to CCPA guidelines, your Shopify site needs to include a Do Not Sell My Personal Information link somewhere on your homepage (usually located in the footer section). This allows users to act on their CCPA privacy rights.
Terms and Conditions
Your Terms and Conditions establishes what your company expects from users, and what your users can expect from your company.
Shopify allows you to generate a Terms and Conditions page from a template. Just keep in mind that you’ll want to tailor it to fit your business so that you limit any legal issues that may arise.
You’ll want to protect your company and website from any legal liabilities by having a comprehensive disclaimer. Some topics you’ll want to include a disclaimer for are (this is not a comprehensive list):
- Legal advice
- Affiliate programs
- Medical and Health advice
- External links
Ensure Your Shopify Website Is Compliant
I know that seems like a lot of legal items you need to check off to make sure you’re following Data Privacy laws, but they shouldn’t be overlooked.
You could have an attorney draft up these documents for you, but that could get pretty expensive. You could also try and create these items yourself, but as a busy Shopify business owner your time might be better spent doing other tasks.
We recommend Termly for creating your policies and staying compliant with up-to-date privacy laws. After researching various solutions, we determined Termly to be the best solution for compliance – we use it on our site too.
Here are a few reasons why we enjoy using Termly’s service:
- Simple to use
- Easy to integrate with your Shopify websites
- Compliant with US and EU laws
- Constantly updated to reflect changes in global privacy laws
In the next few sections I’ll walk you through how to use Termly.
1. Sign up for an account at Termly.io
2. After you log in for the first time, you’ll see a screen that will ask you to add your website. Simply fill out the form.
4. Once your scan is done, you’ll be given a report that details all the cookies on your site. I suggest you take some time to go through them.
📌 You’ll want to make sure the cookies being used on your Shopify website are classified correctly. Also, make sure they have links to the 3rd party site so users can read their policy if needed.
If there are scripts essential to the function of your website, make sure you categorize those cookies in the Essentials tab in the Scan Report section of Termly, this allows those scripts to run if the user does not accept all cookies.
Click the Add To Website button to see your options for adding the policy to your Shopify website.
Copy the code block that’s given to you
For embedding policies like this, I recommend the Code Snippet option and embedding the code into a Shopify page you created. This ensures your policy stays up to date with privacy laws + your settings in the app.
Head over to your Shopify Admin and create a new page.
Click on the highlighted button below. This allows you to insert HTML code into the page
After pasting the code, save the page.
Now you can add this page to your Main Menu, Footer Menu, or anywhere you’d like.
If needed, here’s a Shopify resource that shows you how to add new pages to your menus.
6. Next, you’ll want to create your Cookie Consent banner.
Navigate to Banner Settings in Termly and configure it to your liking.
To stay compliant, it’s necessary to block scripts that embed cookies. Termly’s Auto Blocker feature helps you with this:
Once you’ve customized your banner, you’ll be given another code snippet to insert into your theme.
📌 I recommend duplicating your live theme first, then embedding the consent banner on the backup theme and previewing it to make sure everything functions normally before you make it live.
Copy the code snippet > Navigate to Shopify Admin > Themes > Actions (on theme you want to edit) > Edit Code
In your theme.liquid file, paste the copied code right under the head tag and save
Now your Shopify website will show visitors a Cookie Consent banner
- The policy is custom generated based on your business using a question and answer format
- The policy stays up to date to abide by privacy laws for GDPR, CCPA, etc., for example updated language to distinguish between EU and UK customers following Brexit
- Helps ensure you’re including the necessary information based on the services you use on your website
2. You’ll be presented with a form. Simply fill it out with all of your Shopify store’s details.
Click the Add To Website button and copy the HTML code.
Head over to your Shopify Admin, create a new page, and click on the highlighted button below. This allows you to insert HTML code into the page
Paste the copied code in.
Now you can add this page to your Footer menu.
Termly policy generators:
Include a “Do Not Sell” Link In Your Shopify Website’s Footer
1. In Termly, under Consent Management > DSAR Manager you’ll find the CCPA “Do Not Sell” Link section.
2. Copy the code snippet provided to you.
3. Head over to Shopify, open your code editor, and navigate to your footer section file.
4. Paste the copied code where you’d like it to appear in your Shopify website’s footer and click save.
Add a Data Subject Access Request form to your Shopify Website
A Data Subject Access Request (DSAR) form is required by GDPR, CCPA, and other international regulations. It allows visitors to contact you regarding the handling of their personal information.
1. In Termly, under Consent Management, click on DSAR Form.
2. Click the Add To Website button
3. Copy the line of code given to you with the HTML option to embed in a page, or the url option if you just want to link to a form hosted on Termly’s site server
Now, you can add this as a menu item in your footer.
Reasons To Upgrade To A Pro Plan
Termly’s free plan is great for getting started but it caps out at 100 unique visitors per month, so for active businesses doing volume the Pro plan will be necessary.
Here are a few reasons why you might want to consider upgrading from a free plan:
- Be fully compliant if you have more than 100 unique visitors per month
- Enable regional consent rules depending on the user’s location
- Remove the Termly logo and customize the policy style to match your branding
- Enable multiple languages
- Automatically scan your website for cookies more frequently, to ensure compliance
- If you’re operating a business, protect your asset by ensuring you’re compliant
🏁 That’s It!
Termly has a lot more info you can check out if you’re interested. They make the process very easy to ensure that your Shopify site is complying with GDPR, CCPA, and other international regulations.
Yes, U.S. websites need to comply with the GDPR if they collect personal data from European Economic Area residents.
Throughout this article we’ve gone into detail about some common data privacy laws you should be aware of like the GDPR and CCPA. We’ve also talked about how important it is for your Shopify website to be in compliance with these data privacy laws.
There are various ways you can go about creating the legal items you need. Whether it be:
- Having a lawyer create them for you
- Using a service like Termly
- Creating them yourself
Regardless of the route you take, this is something you’ll want to take care of sooner rather than later to make sure you’re protected.
We don’t provide legal advice, we’re just sharing what we think is the best solution and the app that we use. If you have questions about compliance I recommend contacting Termly – they have lawyers on their team to provide up to date compliance.
Thanks for taking the time to read this article. I hope you’re walking away with some knowledge that’ll help level-up your Shopify store. 🤙
1. If you enjoyed this post or have any questions, please leave a comment below.
3. If you found this content useful, join our email list below to hear when we review apps and share speed tactics.