I’ve had 0 luck raising this with Google, so thought I’d try here on the off-chance someone has direct contact or are experiencing a similar issue.
A client of ours is using the official Google/YouTube App to handle their tracking, very typical setup.
However.. on this store in particular, we were seeing a default consent state of “granted” being passed all the time. This was regardless of what CMP was installed and regardless of the Shopify Privacy API state, so even when the user has declined cookies it was being passed.
To track down the issue, I hijacked the gtag function in a preview theme, to list out the function caller and what was being passed.
I cleared my Cookies, and viewed the preview theme fresh, what I found was “interesting” (see image below).
The CMP was loading fine and passing in denied to the default state as expected (tick one).
The Shopify Privacy API was loading fine, and showing “false” against each of the consent options as expected.
However it gets weird after that, another call happens changing the default consent state to “granted” (cross)
With the default consent state, it lists out an “fe” function - the source of this function? You guessed it a Web Pixel being brought in via the Google/YouTube App.
So I grabbed the code from the Pixel, de-minimized it and used AI to change the variable names into something more useful. I found that the Google/YouTube App is passing in a default consent state based upon the initial privacy state provided by Shopify to the Pixel.
What’s even more strange is on the front-end the Privacy API was returning declined, and the consent logs showed a decline too.
So, this actually implies that there’s an issue with Web Pixels & Shopify providing an incorrect initial consent state.
Again, this was regardless of CMP (even if I removed it entirely) and the Customer Privacy Settings in the admin were setup to require consent in the recommended regions. The Privacy API returned my location as being one of those regions.
Also.. feel like I’m being gaslit here - but as of this morning the behaviour has changed, it is now acting as if “Basic Consent Mode” is setup, whereby it simply doesn’t load the Google Tags at all unless consent is given. Before it was Advanced Consent Mode which was passing in decline signals..
Both myself and the client haven’t made any changes. So either something has changed with the Google/YouTube App or Shopify
did you take Country and Regionality into account? bc consent rules would function differently depending on that by default and then any customizations you made in admin.
Yup, as per this part of my message:
”the Customer Privacy Settings in the admin were setup to require consent in the recommended regions. The Privacy API returned my location as being one of those regions.”
So my location is the United Kingdom, which is in the recommended regions and what the store is set to.
The Shopify Privacy API also returned by region correctly when calling `window.Shopify.customerPrivacy.getRegion()`
I also checked the Consent Logs to make sure my consent was being called correctly (declined)
But alas, a defauit consent state of granted was being pushed by the Google/YouTube App as per the images in my post.
We use a custom Cookie Banner on this site, as there’s certain tracking scripts which don’t abide by Shopify’s Privacy API.
I did however try it without the Custom Cookie Banner and also used the Shopify one with no difference in behavior.
It wasn’t specific to me either, the clients SEO Expert raised the same issue and @Luke also experienced this issue on a site a few months ago (he gave up in the end and just opted to use Custom Pixels).
This issue was going on for weeks on the clients site, and then all of a sudden with no changes the behavior was fixed I spent a long time speaking to Google whom were no help and just said:
Have there been any reported fixes with the Privacy API? My concern is that the issue is fixed for now but could arise again and there’s not really any monitoring for this sort of thing.
Thanks for sharing more context on the issue that occurred.
If you’re based in the UK, then that default behavior is definitely concerning. Glad to hear it’s resolved now!
We monitor for issues on our end and also rely on user reports. However, I can’t find any concrete evidence that we made changes that would have affected this.
Yes, quite concerning that it just magically got fixed too I’ll have to check to see if the content of the Pixel has changed.. as I did see another post about Web Pixels not deploying correctly.
Out of curiosity.. say if the Privacy API fails to determine the users country, does it fall-back to the Stores Country Or does it just fall-back to the US/Canada?
Hi @ceri_waters, thanks for sharing that Loom video!
It looks like the root cause might be that the default consent is getting set twice.
Can you reach out to us through help.shopify.com about this shop? We’ll check our Customer Privacy API logs for this shop to see if we can narrow down the issue.
@Paige-Shopify I tried speaking to Shopify support about this last time their response was simply “It’s a theme issue” or “please try contacting your developer” when I say I am the developer they typically respond with “Please talk to a Shopify Expert instead”
The first time the default consent state is set, is by the privacy App and to “denied” which is the expected behavior for any CMP - the default state of granted also happens even when the CMP is disabled, this time it’s even a different CMP compared to when I had the issue last time..
I believe @Luke has had this issue before as well on another store, he gave up and opted out from using the Google YT App, I don’t really have that option though
Oh no, that’s not good!
Did they say why they believe it’s a theme issue?
We don’t typically recommend uninstalling the official app since it handles a lot of basic functionality and sets the default Google Consent Mode v2 config.
Usually I provide these recommendations for Google Analytics:
Review any analytics code present in your theme files and remove them to prevent potential conflicts.
If the analytics provided by the Google and YouTube sales channel do not meet your store’s analytics needs, consider installing an analytics app that includes an app pixel. Alternatively or additionally, you may create a Custom Google Tag Manager pixel .
Consent management should be handled by cookie banners only. Review any consent management code in your theme files and remove them to prevent potential conflicts.
Honestly? That’s Shopify Support’s go-to answer when they don’t know what the problem is
If it’s a technical problem (beyond cache clearing or domain issues) I simply don’t bother with Shopify Support as I never get anywhere - it’s very difficult to explain technical issues to them and the response is simply “speak to an expert” or “raise it with your theme developer”.
Yup, I use the Google/YouTube App as well since it handles so much off the shelf, there’s no analytics or CMP code present in the theme. Even if I remove the CMP, the issue remains, if I change themes the issue remains, if I change browsers and clear cookies the issue remains, I don’t use any VPNs and the Customer Privacy API recognizes my region (UK) correctly so it’s definitely something weird going on with the Privacy API as per my video.
Is there any chance you could pass it along to the relevant team? I’ve done a lot of investigation work on this last time it occurred and this time and I’ve come to the same conclusion that the Privacy API must be passing in the wrong consent signals. Last time it magically fixed itself with no changes, so I’ve got no idea if this is intermittently becoming an issue on other stores and then magically correcting itself again.
Thanks for sharing your experience, and I’m sorry to hear your past support interactions haven’t been helpful.
Are you reaching out as a Partner or as a collaborator on a store? Partners typically get routed to Developer Support and should receive more technical responses than what you described.
I’ll pass this issue along to the development team for both the Customer Privacy API and Web Pixels API. Since this issue is with Google Consent Mode V2 requests coming from Google’s app, our ability to resolve it directly is limited. We’ll need to coordinate with Google to investigate this, so I won’t be able to provide updates on when it gets resolved. I’ll make sure we reach out to them about it though
@ceri_waters, I had a look at the storefront of the shop in that video and it seems like there’s some theme code that can conflict with consent management. Do you know if the issue occurs in a fresh installation of Horizon?
If I’m reading the Google/YouTube Pixel code right.. they simply set the default state based upon the the consent status passed from Shopify.. so it would imply that it’s actually a consent API issue with web pixels receiving the wrong result from the initial consent object.
I spent a long time speaking to Google whom were no help and just said:
I’ll have to check to see if the content of the Pixel has changed.. as I did see another post about Web Pixels not deploying correctly.
their response was simply “It’s a theme issue” or “please try contacting your developer” when I say I am the developer they typically respond with “Please talk to a Shopify Expert instead”
