top of page
Search

Decoupling Data & Consent: Why This CMP is a Masterclass

  • Dec 17, 2025
  • 5 min read

Updated: Dec 18, 2025

A summary of what to expect in this post about our experience with the Didomi CMP:

  • Clean Data, Clear Conscience: Why Our New CMP is a Commercial Game-Changer

  • Stop Leaking Data: Didomi: The Shopify Integration That Actually Works

  • The ROI of Trust: How a Spectacular CMP Boosted Our Tech Credibility

  • How to Master the Privacy Paradox: Balancing UX with Ironclad Consent

  • There's more than just a Banner: How Didomi supported Duga to deliver a working CMP on Shopify


Pros:

  • Technically very capable

  • Multi-platform support

  • Zero-to-live in minutes

  • Shopify capability

  • High quality support


Cons:

  • Shoulda done it sooner!

  • Pay attention to your configuration to get the best performance


Introduction

At Duga, we believe privacy is a key part of the data foundation, not a friction point. We were motivated by a gnarly challenge: how to integrate tech stacks while ensuring every byte of data is ethically sourced.


We've seen "compliance-lite" solutions fail to integrate with complex data architectures. By partnering with Didomi, we bridged this gap. We now see a consent-first ecosystem that eliminates technical lag and race conditions. This spectacular success proves that, with the right orchestration, you never have to sacrifice commercial performance for regulatory integrity.


While we’re celebrating the technical capabilities of the Didomi CMP, please note: I am a Technical Marketer, not an attorney/lawyer/legal expert. This article reflects our technical implementation and should not be taken as legal advice. We think we've got our moral compass pretty well aligned on the user privacy front but you do you.


Implementing the Didomi CMP on DugaDigital.com

This isn't an exhaustive run through of the setup process as it's largely intuitive. I'll call out key steps. We started with a scan of the site. We have minimal data collection so the consent challenge is trivial.


We went with a basic consent banner but made some minor wording and style changes.


In the 'Customization' section, choose the notice format carefully - this is a key choice in the Shopify section discussed later. This can vary with each regulation in the "Specific Settings section.


Custom CSS is used to reorder the buttons:

#buttons {
  display: flex;
  gap: 0.5rem; /* spacing */
}

/* Assign order */
#didomi-notice-agree-button {
  order: 1;
}

#didomi-notice-disagree-button {
  order: 2;
}

#didomi-notice-learn-more-button {
  order: 3;
}

Implementing the CMP is a breeze - drop in the provided script before the GTM snippet. We use Wix to host the site, not exactly a warm hug, but not exactly hostile. Easy enough so far.


Now to address the Consent Mode functionality. The GTM tag template is available in the GTM gallery. Super straightforward to use. Nice touch, acknowledging the EU regulation with a simple checkbox.


That is SO easy to miss as can totally hose your data. A CMP banner that's region aware but a CoMo solution that isn't is a great way to drop off a cliff. If your CMP banner is region aware, make sure the consent signals in the data are too.


With zero drama, a few minutes of config, it's live and functional:


Shopify

BIIIIG elephant in the room. Doing basic analytics on Shopify is totally fine with the standard GA integration. Doing anything remotely sophisticated in the GMP space requires GTM.


That needs a custom pixel solution to function across the site including the scary dark place called "The Shopify Checkout".


Don't have nightmares - we got this. We recommend the Addingwell Shopify app as the ideal vehicle for GTM.


GTM Preview mode for client side containers still doesn't function normally thanks to the sandboxing but the dataLayer is clearly working fine - checkout the nice early consent default and update events - more on those shortly.


How hard can it be?

Right, so you have the Addingwell app providing GTM capability - what about Didomi? Going through this experience was a superb example of how good the Didomi support was - thanks Clara!


What's the big deal? From previous experience, if the CMP solution isn't properly integrated with Shopify, your data is toast. Say you hit the homepage to start a session, open the dev tools network tab, and filter for requests going to GA and you'll see the GA events firing.  Take note of the sid value.


Add a product to your cart, and hit the checkout with the console open in dev tools.  This is where it gets challenging. 


The Shopify checkout is sandboxed so APIs that use event listeners to extract consent cookie data don't function as you'd expect. There's actually a console log about this - not exclusive to Shopify but common in sandboxed execution environments: 

In a sandboxed environment, addEventListener may not behave as expected.

So, if no consents can be detected, _ga can't be read, so a new session starts and all the revenue is attributed to Direct. #Fail. That's bad for your data obvs.


How does Didomi solve this?

First, the standard implementation requires the line of script to be dropped in head, add a Didomi snippet and then add the render line below:

{% render 'didomi-shopify-integration' %}

Assuming you've got the Didomi tag in GTM, that pretty much takes care of the setup apart from the checkout.


In the checkout, we need to perform consent cookie functionality using code in the custom pixel. Handily, the Addingwell custom pixel code section is where the Didomi script lives too - happy partnerships work well like this. But there's a key detail to be aware of. The standard Didomi CMP uses a super efficient consent string to encode consents. You need to turn this off:



With the didomi_dcs disabled, the older consent string, didomi_token, is used, and this can be easily parsed in the custom pixel code.


Event with the best will and tech solution in the world, the Shopify checkout will not completely lay down and play nicely. If you land on the checkout without consent cookies/local storage, the banner cannot be injected. This can mean data loss. So, you might take the decision to adjust the banner style to a pop in:


With the pop in, ya gotta make a choice - no getting round it. This pretty much seals the deal, if you get to the checkout, you're most likely carrying consent signals. Good:


The Duga Shopify test site banner above has standard wording, and button position, but the custom JSON prevents banner dismissal:


"preferences": {
	"canCloseWhenConsentIsMissing": false
}

The result is spectacular. The GA session id is maintained through the checkout and your data quality is preserved.


In closing


The "Shopify Sandbox" has long been the graveyard of accurate attribution, but this implementation proves that you don't have to choose between legal compliance and data integrity. By moving away from a "bolt-on" banner approach and treating consent as a core architectural requirement, we’ve managed to preserve the user journey from the first landing page right through to the final "Thank You" screen.


The partnership between Didomi, Addingwell, and Duga has turned a notorious technical hurdle into a seamless, high-performance solution. For the data gurus, it means clean, reliable session data. For the privacy folks, it means ironclad regulatory peace of mind. And for the business, it means a commercial edge built on a foundation of trust.


If you’ve been watching your Shopify revenue fall into the "Direct" bucket or struggling with race conditions in your tag firing, it might be time to stop patching and start orchestrating.

 
 
 

Comments

Google_GMP_Certified_Badge_Final_Med (1).png
  • Facebook
  • LinkedIn

CONTACT US

Lime Tree Work Shop, Lime Tree Walk, Sevenoaks, Kent, TN13 1YH

info@dugadigital.com

Registered in England and Wales no. 13177452.
VAT Registration no. 397 6168 39.

bottom of page