Meta Pixel (formerly Facebook Pixel) is one of the most common tracking tools on ecommerce stores. It powers retargeting, conversion tracking, and audience building for Facebook and Instagram ads. It also sets cookies like _fbp and _fbc that collect personal data. Under GDPR, you cannot fire Meta Pixel until users give explicit consent for marketing cookies.
Why Meta Pixel Requires Cookie Consent
Meta Pixel tracks page views, add-to-cart events, purchases, and other user actions. It links this behavior to Facebook profiles for ad targeting. EU regulators classify this as processing personal data through non-essential cookies, which requires opt-in consent before activation.
- _fbp cookie: identifies browsers for ad delivery and measurement (13-month duration)
- _fbc cookie: stores click identifiers from Facebook ads
- Event data: page views, purchases, and custom events sent to Meta servers
- Advanced matching: hashed email and phone data if you enable it
The Problem with Default Pixel Installation
Most merchants install Meta Pixel by pasting code in their theme header or enabling the Facebook sales channel. This loads the pixel immediately on every page visit—before any consent is collected. That is a clear GDPR violation for EU visitors and increasingly scrutinized by privacy authorities.
Common mistake
Adding a cookie banner while leaving Meta Pixel code unchanged in theme.liquid means the banner is cosmetic. The pixel fires regardless of what users click.
Compliant Meta Pixel Setup
- Remove unconditional Meta Pixel code from your theme and header scripts
- Deploy a cookie consent tool that categorizes Meta Pixel as marketing
- Configure the tool to block pixel scripts until marketing consent is granted
- Load Meta Pixel conditionally only after opt-in
- Ensure the pixel stays blocked when users reject marketing cookies
- Provide a way for users to withdraw consent and stop tracking
Meta Pixel on Shopify
Shopify's Facebook & Instagram sales channel can auto-install Meta Pixel across your storefront. Disable automatic pixel loading if your consent tool cannot gate it, or use a compliance platform that integrates with Shopify's Customer Privacy API. Test by rejecting marketing cookies and confirming no requests to connect.facebook.net appear in your browser's Network tab.
WooCommerce considerations
WooCommerce stores often use Facebook for WooCommerce or manual header scripts. Both need consent gating. Move pixel initialization into your cookie consent plugin's marketing category and verify the pixel does not load on shop, product, or checkout pages without consent.
Limited Data Use and Consent Signals
Meta supports Limited Data Use (LDU) for California and processes consent signals from some consent management platforms. For EU users who decline marketing cookies, the pixel should not load at all—not load in a limited mode. LDU is designed for US state privacy laws, not as a substitute for GDPR opt-in.
Documenting Meta Pixel in Your Policies
Your cookie policy must list _fbp and _fbc cookies, explain their purpose, identify Meta as the third party, and state the retention period. Your privacy policy should describe what event data you share with Meta and link to Meta's data policy. Accurate documentation matters as much as technical implementation.
Using StoreComply for Meta Pixel Compliance
StoreComply generates cookie policy language for Meta Pixel, blocks connect.facebook.net until marketing consent, provides a deferred Meta install snippet, and logs banner choices. Remove duplicate pixel code from your theme and disable conflicting Shopify channels where possible.
Testing Your Meta Pixel Consent Setup
- Open an incognito window and visit your store—reject all marketing cookies
- Check DevTools → Application → Cookies for absence of _fbp
- Check Network tab for blocked requests to facebook.net and connect.facebook.net
- Accept marketing cookies and verify the pixel fires and events appear in Meta Events Manager
- Withdraw consent and confirm the pixel stops on subsequent page loads