Digital Analytics Privacy: A Never-Ending Conundrum?

Written by Ewa Bałazińska

Published September 07, 2015

Digital technologies have radically advanced our freedoms, but they are also enabling unparalleled invigilation, to the extent that privacy on the Internet is a major concern for many users, webmasters, and companies today.

There has been a lot of confusion, and many are against web tracking, some even comparing it to the Orwellian Big Brother who’s always watching you. The main opinions in favour of web tracking, cookies, etc., seem to come from giants like Google or Facebook that, to be honest, may not sound very credible as privacy defenders.

So is our privacy doomed? What can be done to make the process of collecting data on our organisation’s web visitors slightly more civilised?

Analytics Privacy: The Lure of the Free

We spend so much time online that access to our Internet-activity logs can reveal a lot of personal information. So many of the apps we use on a daily basis are available to us at no cost take the example of Google Analytics, providing great service and not even asking for a dime. But wait, is GA really free?

Your web-analytics data is tracked, stored, and owned by one company, and while the giant provides you with an excellent service, they can also re-use the visitor-log data tracked on your website to enrich existing profiles for a given user or IP address. In this way, Google Analytics is able to build a very accurate picture of most websites’ users and their demographics. That gives them knowledge about you and your visitors; this knowledge is power, and power is money.

Many Internet users and website operators are increasingly concerned about what could be termed a Global Internet User Activity Database. You don’t need to be a privacy junkie to be interested in what happens to your data on the Internet and how it is sold to advertisers. According to W3Tech, even without actively using any of Google services, the probability of providing data to the giant when visiting five random websites is 99.35%. Quite scary, right?

FREE Guide: Avoid Privacy Risks and Prepare for GDPR

Learn how GDPR will change web analytics and data collection practices:

Analytics Privacy: Why Balance is Needed and How to Achieve It

We mustn’t forget that when done correctly, web tracking can be beneficial to both users and marketers. At the end of the day, one of the primary goals of digital analytics is to learn about our users’ interests and needs to optimise the site and respond better to their intent.

It is not about tricking people into buying stuff they do not really want, but rather, trying to understand what they DO want and deliver that to them. If we do our homework well, the next time they require a certain product or service offered by your company, they might come directly to you instead of Googling it.

So what can be done to ensure your and your website users’ privacy isn’t compromised when collecting the necessary data? Many companies are moving towards data warehouses, keeping all of their information within their own domain, and self-hosting, instead of giving it to third parties, and if you have any concerns about privacy following the NSA revelations, then you might consider this decision quite sensible.

Many privacy experts and advocates have recommended Piwik PRO as a privacy-compliant analytics tool, helping users to keep control of their data. It has not only been singled out by the Independent Center for Privacy Protection in Germany (ULD), the Center for Data Privacy Protection in France (CNIL), and the Privacy Commissioner of New Zealand, but also deployed by numerous government agencies around the world.

So what makes Piwik PRO more privacy-friendly? First of all Piwik PRO is a tool you install and store on your own infrastructure, using your own MySQL database, so your logs or report data is never sent to other servers. Piwik PRO Cloud is also recommended for institutions that require secure and reliable hosting for their analytics without compromising control and ownership of their data and privacy. Whichever version of Piwik PRO is used to measure and report on performance of your organisation’s website, you know that your information is private, not shared with any third party, and that your visitors’ privacy won’t bet compromised. In other words, by using Piwik PRO instead of GA for your website, you create a decentralised building block of the free and open Internet.

Analytics Privacy: How to Ensure Your Platform is Privacy-Compliant

There are several ways to enable important privacy features in Piwik PRO – we’re presenting you with a short guide on how to configure your analytics platform to ensure it’s privacy-compliant. So let’s log in as a Super User, click on Administration > Privacy and dive in!

Step 1: Automatically Anonymize Visitor IP

Your visitor IP is Personally Identifiable Information (PII), but Piwik PRO ensures you do not store it. You can go to Administration > Privacy to enable IP anonymisation, with at least 2 bytes masked from the IP. Anonymise Visitor IP also gives you the option to mark whether you want to use the Anonymized IP addresses when enriching visits.
analytics and privacy blog post_step1

Step 2: Delete Old Visitors Logs

Automatically delete your older logs from the database and keep detailed Piwik PRO logs for only three to six months. This will help protect your and your users’ privacy and also free significant database space, which will, in turn, increase performance! Go to Administration > Privacy > Delete old visitor logs from database. You can then configure to Delete logs older than X days, and execute the log purging every day, week, or month.

Step 3: Include a Web Analytics Opt-Out Feature on Your Site (Using an iFrame)

All of your website visitors are tracked by default, but if they opt out by clicking on the iframe link, a ‘piwik_ignore’ cookie will be set and all visitors with this cookie will not be tracked. Go to Administration > Privacy, then copy and paste the following Iframe code:
analytics and privacy_piwik_optout
Adding this snippet to your existing privacy policy page or to the legal notice page, you actually allow your visitors to choose if they prefer to opt out of being tracked by your Piwik PRO server.

Below you can see an example iframe for this website:
analytics and privacy_blog_post_opt-out2

Step 4: Respect DoNotTrack Preference

Do Not Track is a technology and policy proposal that provides users with a simple and persistent choice to opt out of tracking by websites they visit, including analytics services, advertising networks, and social platforms. By default, Piwik PRO respects users preference and will not track visitors who have specified “I do not want to be tracked” in their web browsers.
analytics and privacy_supportdonottrack

Step 5: Optional Privacy Preferences

There are some other optional privacy settings you may want to consider as a Piwik PRO administrator:

  1. HIDING SERVER URL: If you track multiple websites with the same Piwik PRO server, all your websites will contain the server URL in their Javascript code. To prevent other users from finding out all your websites, you can set Piwik PRO up to avoid revealing its server URL footprint.
  2. DISABLING COOKIES: In some countries, the law requests websites to provide a way for users to opt out of all tracking, in particular tracking cookies. All Piwik PRO Cookies can be disabled for individual or all of your visitors by calling a Javascript function in the Piwik PRO code.
  3. DISABLE REAL-TIME AND VISITOR LOG: You may decide that giving access to real-time and visitor-log features is not necessary for your Piwik PRO users. In this case, you can disable the Live plugin in the Administration panel.
Real time

To sum up, with so much of our time spent online, it’s no wonder that our Internet activity logs can reveal a lot of our personal information, and that there are technology moguls who are indeed interested in getting, or even purchasing, as much data on us as possible. Yet it doesn’t mean that one should shrug off the whole concept of web tracking. Quite the contrary; when configured correctly, web analytics can prove beneficial for both users and marketers or webmasters. At Piwik PRO, we strongly believe that a sound compromise between respecting user privacy data-gathering can be found, and invite all Piwik PRO admins and users to configure privacy settings following the steps outlined in this blog post.

That’s it for now. In one of the upcoming posts, we’ll cover tips and best practices that will help your organisation keep your Piwik PRO secure. Stay tuned!

FREE Guide: Avoid Privacy Risks and Prepare for GDPR

Learn how GDPR will change web analytics and data collection practices: