Business profits vs an individual’s right to privacy. Where should the line between these two conflicting needs be drawn when it comes to Digital Analytics tracking. Consent banners aggravate everyone as they are an intrusion on the online experience everywhere we go. Worse, they commonly include dark patterns to gain consent to track more than people are actually happy with, negating the reason for which they are required.
What if, hypothetically, there was a legal level of tracking under legitimate interest which was permissible without the need for a consent banner. If a business is happy with this reduced level of information, proceed without the need to request consent. If they want more information, they need to revert to consent banners. What would that level of tracking look like?
This workshop tackled that challenge. It was tool agnostic and was based on the assumption that an agreed level is possible, legally and technically. If the minimum level of permitted tracking is page hit counters (can we at least agree no issues here) while the extreme case is automated identification of every website visitor with full personal details exposed to every business/advertiser who requests it, where is the middle ground?
Thinking about CRO tools, do you mean any ab testing has to be done in a single session basis (users might to see different things if they come back after session ends)?
Yes that is correct. If you want to identify users, so you can keep them in the same experiment, you need to ask their consent to do so. If you have not asked for consent (and they have not given it), then you cannot run user experiments.
slide 14: So you are okay with google´s wbraid / gbraid as identfier instead of a gclid in a consent-free context?
I admit that when this question was asked, I had not heard of this change. And research is now making me question my acceptance of the gclid parameter.
I am ok with an ID that allows Google to transfer the details of the campaign parameters to GA. I was seeing this purely as a dimension widing exercise. I am also ok with data being captured within Google marketing tools, as long as for optimisation of the marketing campaigns only without users being identified or retargeted.
However I am not comfortable if the gclid (or other parameters) are used to identify individual users with information transferred both ways. If that is the situation (and it appears it is), then the solution is to use manual campaign tagging, not auto tagging.
Would it be possible to achieve your tracking solution using GA/GTM? If not which tools would you recommend?
In theory yes. My set-up of GA doesn’t link to Google Signals, the user cookie is set to expire after 30 min and the IP address is anonymised. I don’t collect any PII (to my knowledge) within GA. An equivalent set-up should be possible with any web analytics tool.
Isn’t the real problem from the user’s POV that Google can identify them cross-referencing data? That is I think also the basis of a German sentence that sees any data sent to GA as PII.
Reading the T&C referenced here, it is difficult to disagree. It is not definite in either direction in my opinion. They do not state that Google identifies users for their own purposes using their Google ID, regardless of GA user cookies and other settings. They also do not state that Google definitely does not do this – Google appears to have left this as a grey area with wriggle room for themselves.
So I agree, that is a concern.
Any more questions
This is a different approach to a Web Analytics set-up, only for organisations that don’t need user information and potentially in breach of GDPR (depending on the interpretation of it). If you want to discuss your set-up and how best to balance user privacy and data collection, please get in touch.