Web Analytics in a privacy-conscious world - user tracking is in the crosshairs

In 2017, Apple announced its intention to roll out Intelligent Tracking Prevention (ITP), which first rolled out in September that year. In doing so, Apple sent a clear message to big tech that changes needed to be made in the way that user data was used for the benefit of profit.

Since then, we’ve seen the rollout of GDPR (May 2018), CCPA (June 2018), ATT (April 2021), ePrivacy (regulation expected in 2021), and ETP (Firefox - Aug 2020), alongside many other privacy regulations in different jurisdictions, indicating that this space is somewhat of a moving target right now with frequent new developments.

Regardless of the nuance of the different (I am not a lawyer!) regulations and platform changes, one thing is clear - user privacy changes will have a dramatic impact on both Web Analytics and AdTech in the near future.

The situation today

Setting aside the (very important) legal regulations for a moment, which dictate what should be done with user data, it’s important to understand how the technical landscape has changed in what can be done with that data already.

Firstly, a quick primer on how this data is typically used by Web Analytics/AdTech, simplifying somewhat and focussing just on website browsing:

• When a user first visits a website a cookie is added, which identifies the user anonymously.
• On subsequent page views/interactions within that visit, this identifier is used to group this activity together with the user.
• If that user then comes back to the website a week later, that same cookie is used to identify a repeat visit.
• In addition, with Third Party Cookies, the same logic is applied -  though not isolated to just one website - whereby that identifier is shared across thousands of other websites, linking a user’s activity across multiple websites and thus tracking their overall online behavior.
• These identifiers are then shared to AdTech/Web Analytics vendors alongside the activity.
• If a user identifies themselves during a visit, this identifier is then associated with that user in an Identity Graph - enabling offline data to be mixed with online data for (potentially) extremely granular analysis and activation within advertising.

All of the above is enabled by web browser capabilities that were originally designed for other purposes. In today’s world, browsers are now actively closing the door to the usage of these features for advertising/tracking purposes.

Currently, all of the major browsers, Google Chrome inclusive, are making sweeping changes to enhance the user privacy provisions of their products:

Live tracking prevention

• Safari - 18% market share - Intelligent Tracking Prevention
• Firefox - 3% market share -  Enhanced Tracking Prevention
• Edge - 3% market share -  Tracking Prevention
• iOS - 26.5% market share (App) - App Tracking Transparency

Announced tracking prevention

• Google Chrome - 65% market share - 3rd Party Cookie Blocking (Delayed until 2023)

It is highly likely that businesses’ tracking and/or AdTech use is already impacted by these changes, regardless of the adoption of the regulations by the businesses themselves. Google’s delay of cookie blocking is good short term news for AdTech, but it is only a delay of the inevitable roll back of cookies, meaning that AdTech needs to plan for a future cookieless world.

In addition, it is likely that, as a user, you have seen a cookie banner of some description; these are a by-product of these regulations and, if implemented strictly, will typically mean that all cookie use and tracking must be opt-in and, with little value-exchange for the user (legally enforced), it is likely you’ll be seeing a continued decline in cookie rates.

To recap, right now, browsers are fighting for user privacy, cookies and browser storage and are being attacked from multiple angles (both legal and technical) and your data collection is likely already starting to feel the impact of changes in the technical and legal landscape.

This is the reality that we face, this “problem” is not going away any time soon and the next 5 years will see a very different landscape.

Web Analytics in focus

Web Analytics (Such as Google Analytics) typically deal with “anonymous” data and are not reliant on 3rd-Party cookies in the same way that AdTech is. The anonymous nature of these platforms has historically been enough, by definition they could not store “Personally Identifiable Information” in their products.

However, the roll out of GDPR targeted these identifiers by requiring opt-in if, when joined with other data, these identifiers could be used to identify an individual. The impending ePrivacy regulation takes this further too - in that a business cannot store data on a user’s terminal (web browser/device) without prior permission - which means that cookies/browser storage is no longer available either. In addition, an IP Address is also considered personal information under GDPR, so that’s another door closed.

In short - to be strictly compliant with GDPR/ePrivacy - Web Analytics tracking via an identifier stored (even temporarily) on the user's device will require opt-in.

The future of Web Analytics

The impacts of browser technology changes and cookie banners are already impacting data collection, this will only continue to lead to a decline in available measurement in the coming months and years. 

Currently there is no out-of-the-box solution to recover Analytics for users that opt-out and thus where that data is entirely dark - if you’ve blocked data collection, that data does not exist.

Analytics data can still be used to directionally and relatively support the analysis of campaign performance - yes, we’re no longer seeing the full picture - but this data can still support the optimization of marketing campaigns.

There is some light for Web Analytics, especially with Google Analytics. Google has developments underway to support conversion reporting and Google Analytics measurement - Consent Mode is widely expected to use data modeling to fill the gaps left by opt-out users, however there is no current timeline for this modeling and these anonymous pings cannot currently be accessed within reporting UIs.

We recommend deploying Consent Mode, rather than entirely blocking Google Tags via your consent manager - this ensures your tags are privacy compliant and that, as Google develops modelling within the User Interface, your deployments will benefit from these developments.

Can’t wait for Consent Mode? We’d love to talk about a bespoke setup for cookie-less tracking that utilizes an anonymous fingerprint for privacy-first measurement instead!

Get in touch with us here.

 

MORE
INSIGHT