Disclaimer

With anything to do with people’s privacy and laws, we always have to say that we are not lawyers, and this is not legal advice. Please consult your legal counsel on what you must do to comply with your laws.

It’s not all about cookies

I’d like to clarify that cookies are only one of the tools used that can relate to user’s privacy.

Cookies are a mechanism to keep tabs on a user (or their browser). Some cookies are required (session cookies to track logins and what’s in the cart), some improve the user’s experience (preferences, language, don’t show me this again), some help track user activity on a site (Analytics), some help track users to optimise advertising campaigns and finally the evil third-party cookies that let advertisers stalk you around the internet.

But cookies are just part of the picture. They help tracking code (tags or pixels) do their job better. But blocking the cookies does not stop that tracking code. And some tracking code does not use cookies (e.g. localStorage).

So, any consent system has also to be aware of tracking scripts and what they are up to.

Consent systems typically provide several options to the user for what they would like to give consent for. In BigCommerce, they have:

EssentialEssential for the site and any requested services to work, but do not perform any additional or secondary function: Login, tracking carts…
AnalyticsProvide statistical information on site usage, e.g., web analytics so we can improve this website over time: Google Analytics, GA4…
FunctionalEnables enhanced functionality, such as videos and live chat. If you do not allow these, then some or all of these functions may not work properly.
Targeting; AdvertisingUsed to create profiles or personalize content to enhance your shopping experience: Google Ads, Facebook Ads, Pinterest Ads, Microsoft Ads…

Other systems may have slightly different groupings and names, like Cookiebot has a “Preferences” option.

The BigCommerce Consent Banner

BigCommerce has a built-in consent banner that is well integrated into their custom scripts and tracking functionality. If you follow the rules, making your scripts consent aware is easy. First, switch it on:

BigCommerce Cookie Consent Banner Setting

Once on, some of the “data solutions” from BigCommerce (GA Universal, GA4, Facebook) will automatically become consent aware and will be disabled until the user provides the required consent.

If you add a script using the “Script manager”, you can specify what type of consent it requires.

BigCommerce Custom Script Manager Consent Options

Non Compliant Scripts!

However, adding scripts in other places means they are not consent aware. If you add a script in any of the following places, they will still run when consent has not been granted. Putting you at risk. These places do not automatically comply with consent:

  • Editing the theme
  • Data solutions->Site verification tags
  • Data solutions->Affiliate Conversion Tracking
  • Footer scripts (Available to older themes)

If you add any scripts in those places, you must implement your own way of dealing with consent. If you don’t, you will track users after they explicitly say you can’t!

We often see people using Google Tag Manager (GTM) to add scripts without caring for complying with consent. GTM has its own consent system that you can set up, but it has to know what consent has been given. Not a trivial task.

Single Page Consent

The latest BigCommerce consent banner is quite clever. Once a user provides consent, it will enable all appropriate scripts without reloading the page. This has a significant benefit as it helps retain referrer information. Before this, many users would have been classified as direct visits because the original referrer is lost on a page reload.

BigCommerce automatically handles this single page script enabling for scripts that you add via the custom script manager.

BigCommerce is Strict

To cover their backs, BigCommerce operates a very strict consent system. They have to be legal all over the world. This means they block all tracking until the user has explicitly given consent.

Other consent systems are more lenient e.g. they may assume consent until a user denies it, or they may only provide information about what private information they collect and assume consent based on the user staying on the site. Again, talk to your legal advisors about your own requirements.

The BigCommerce banner is also not blocking and has a low profile. Users can continue using the website without giving consent, as many ignore it.

Because of this, many store owners opt for a third-party consent system.

Other Privacy Concerns

Privacy laws cover a lot more than user consent for using their Personally identifiable information (PII) for analytics and advertising. BigCommerce has some articles that cover more on this for the European Union GDPR regulation and the Californian CCPA law.

Tag Rocket and the BigCommerce Consent System

Tag Rocket is designed to work with the BigCommerce consent system. As it manages many scripts with different consent restrictions, it replicates the BigCommerce consent mechanism. This includes full support for single page consent.

Tag Rocket also supports special consent modes used by Google, Facebook and Microsoft. When enabled, the tags still run, but Tag Rocket tells them the current consent status. Each channel then makes appropriate privacy restrictions for the data it uses. This means less data is lost while waiting for consent.

Tag Rocket also works with third-party Consent Management Platforms, especially if they support Google Consetn Mode V2.

Find out more about using Tag Rocket to control your tags in a consent compliant way.