On June 13th, 2022, the State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate, Germany, declared the use of Shopify to be de facto illegal and threatened a user, Christian Häfner, with a fine of 4% of his last annual turnover if he continued to use it.
Read more about this situation on the LSWW website.
The Overall Context
Shopify is a Canadian Software as a Service (SaaS) company - the shop system is only available as a complete package that includes software and infrastructure, including web hosting and CDNs.
While Shopify was designed to be GDPR compliant with regard to how it processes and collects consumer data, that isn't enough to also keep your e-Commerce store compliant with the EU’s data privacy law..
Shopify sends all personal data to CloudFlare, CloudFront (Amazon), and Fastly, which are all US-based companies. They could sign "data processing agreements" in which they promise to protect personal data. However, the Shopify FAQ expressly states that they are unable to do so.
So, anyone who chooses Shopify also uses services from US providers.
This occurs regardless of whether data is stored on servers in the USA or Europe.
Choosing a European Tool to Gather Data
Due to recent changes in German law, Shopify may not work properly in this country. We recommend that you check with your local laws and regulations before using Shopify.
And if you continue using Shopify, you'll need a website analytics platform that complies with GDPR if you're selling to people living within the EU.
Visitor Analytics offers a privacy-perfect solution that enables you to optimize your Shopify e-Commerce store without having to worry about GDPR compliance issues.