I’ve had to extensively read up on GDPR requirements as with every other Marketing Manager in Europe. This has been quite frustrating but also has given me the opportunity to rebuild my existing analytics solution in favour of:
- A better understanding of the data processing on the backend
- More control of what data is actually being stored and question if I should store it in the first place
- Full access to the data in case a user requests a copy of the data
What is GDPR?
On the 25th of May 2018, The European Union General Data Project Regulation or GDPR came into force. It’s designed to standardize data protection laws within Europe and inform/protect EU citizens of their rights in relation to data privacy, data processing and access to information about them.
In summery it gives users the:
- Right to be informed
- Right of access
- Right to erasure
- Right to rectification
- Right to data portability
- Right to object
- Right to withdraw consent
This article is not intended as an introduction to GDPR, if you want to know more about this (which I highly recommend you do) then read the directive at the EU 2018 reform of EU data protection rules.
Before GDPR I often had a generic implementation of tracking pixels, usually with the following set-up:
- Google Tag Manager for Google Analytics tracking pixels
- Remarketing / Re-Targeting pixels
- Display advertisement pixels i.e. GDN
- Social media pixels like Facebook / Twitter
These tracking pixels would always be active on all my websites (of course not client sites), just in case I ever wanted to start a PPC campaign.
GDPR made me ask myself:
Do I really need to track this? If so, is there any open-source / self hosted solution. If I remove this pixel will it negatively affect my revenue or future revenue potential? And if I keep this active, could I have an issue with non-GDPR compliance?
What I decided to change because of GDPR
IMHO GDPR was spot on, I’m sorry marketing guys and girls. We are a bad bunch of salespeople. We want every possible information point we can get our hands on because someone said “More data = More Money” and that “Big data” with “AI” / “Machine learning” would transform our channels (and yes I’m exaggerating) but a lot of people think this.
How many of you have actually done a single detailed analysis of WHY a certain demographic is being displayed in Google Analytics? I bet that 1 in 50 of you have.
With all these questions I came up with the following conclusion:
|Google Tag Manager||I removed GTM in favour of Matoma Tag Manager (BETA)||
I don’t like the idea of pinging Google’s servers in the US with every request a user makes on my website
|Google Analytics||Moved all my tracking to Matoma (Piwik) and additionally made Log Based analytics in case users start blocking tracking pixels.||
Ensure that I have full control of tracking pixels on my site
Matoma gives me the same data as GA without the risk and has clear documentation about GDPR at here.
|Google AdWords Pixel||Sadly there is no “easy” way to go around this. The only solution I’ve come up with for other clients is server-side pinging for goal completion based on campaign parameters.||
I’ve limited Google Adwords tracking pixel to only fire IF the traffic generated from a PPC campaign. If the traffic has come from organic sources then the pixel will not be fired.
As most of the traffic (95% plus) on my sites are from organic search/referral / returning traffic. Why would I force them to fire a tracking pixel that would not generate anything? Yes, I am aware of the audience benefits but again, it doesn’t justify it.
|Facebook / Twitter Pixels||Full out deleted the Facebook pixels as revenue from this channel didn’t justify the possible liabilities.|
I understand that a lot of Marketers will see this and be like “Why would you take these dramatic actions” and “know-one really knows what will be the outcome of GDPR, I’ll just wait and see”.
The thing is that privacy standards are here to stay, and as a Professional Marketing Consultant, it is my responsibility to inform my clients the best way I can, and how could I do that if I don’t do what I recommend or know at least the worst case scenario? Maybe I’m just a pessimist (my academic background is in risk management/accounting) and I had a professor who always said “Always count on future costs” and “NEVER count on future income”.
The future of Privacy Online
For me it’s very clear what is going to happen over the next few years, you can see with iOS
- Tighter privacy regulations not just for Europe
- Browsers WILL start blocking tracking pixels
- Search engines WILL penalise websites that do not comply with privacy standards
- An overall increase in lawsuits due to infringement of privacy laws
- Customer awareness of their Data Processing / Privacy Rights
Just look at Intelligent Tracking Prevention from Apple’s web kit, Firefox’s Prevention of Facebook … tracking and safari with they’re new functionally which will inform the user if the site is trying to read third party cookies
“The days of client-side website tracking is over”
Because of this, I’ve set up new analytics accounts including:
- Server-side rendering (Log file Analysis)
- Server-side rendering (Log file Analysis) + Bot traffic*
*After all I'm an SEO Professional so I must always analyse the behaviour of search bots.