Comment by rambambram
3 years ago
Congrats. We also chose to do the analytics ourselves. No tracking, no cookie banners, and probably better stats as well. One thing that Google did very cleverly was to only give GA users the search terms that visitors used to end up on their site.
Don't you still have to provide a cookie banner as soon as your analytics are storing cookies, even if it's your own?
> Don't you still have to provide a cookie banner as soon as your analytics are storing cookies, even if it's your own?
You need consent for every kind of storage usage on client side if you create profiles to analyze the them for marketing goals. If not, and no PII is being processed, no consent is required. Eg you could easily aggregate your server logs without a consent.
You generally don't need a consent for gathering data that is required to run the site.
But if you use the data for analytics purposes, you do need the users' consent for that, even if it's the same data that you use for operational purposes.
But that means you shouldn't have IP or user-agent or any unique identifier in the path.
Just to be clear: PII is not the same as personal data as defined by the GDPR. The latter is generally much stricter as it also includes indirect data. Data which would be anonymous by itself but in a collection uniquely links to a single person would still be considered personal data under the GDPR.
> if you create profiles to analyze the them for marketing goals.
That's not correct; if you collect PII, even if you don't use it, you need consent. Actually, if you don't have a legitimate use for the data, you are prohibited from collecting it at all.
GDPR isn't an assault on online marketing; it's about privacy.
Isn't the search term in the Referer header?
Nope. They forward through an in-between that obscures it. They argue that because search results are personalized, being able to see the search terms can give you information about the visitor that can compromise their privacy. Google doesn't want anybody violating user privacy except for Google.
If you get your site setup on Google Webmaster tools you will still have access to the search terms. Definitely not as precise as with GA, but should suffice. Unless you want to do per user funnel tracking starting from their search term. Which is pretty privacy invasive.
1 reply →
Not for many years. The only way to get Google search term data now is through the Search Console product, which integrates with GA.
How are you tracking returning users without cookies? Also if it’s multi-lingual, how are you storing the language prefs?
> How are you tracking returning users without cookies?
We're not. And that's exactly the point, because we don't want to track. I make a distinction between tracking, analyzing and stats. What we do is guess who are the unique visitors (and who are not), and I say guess because it's guesswork since the browser can spew out any kind of info.
> Also if it’s multi-lingual, how are you storing the language prefs?
Cookies you require for functionality (ie. login cookies, language settings) require no consent, but do require to be laid out in a cookie policy.
Persistent preferences require consent and is considered tracking. Only auth doesn’t. Go visit any government site and they have cookie banners for their preferences cookies.
1 reply →
Why would you need that? All businsess that aren't online can't collect that data and we still have newspapers and supermarkets. If you are interested in that data just ask your users.
Supermarkets were the original trackers of users and first to start using personas. They are tracking you with personalized coupons redemptions, loyalty programs and through digital payments. Tesco's personalization is so good they can tell if you started a diet or are dating someone new.
Printed newspapers are disappearing. Ad supported news sites need tracking for ad targeting otherwise there isn't enough ad revenue to support their business.
1 reply →