Back to blog

25 years of digital analytics with Brian Clifton: Considered an obstacle at first, privacy is now top of everyone’s mind

Analytics Data privacy & security GDPR

Written by ,

Published June 11, 2024

25 years of digital analytics with Brian Clifton: Considered an obstacle at first, privacy is now top of everyone’s mind

In the late 1990s, the recognition of the internet’s commercial potential marked a significant shift into the era of digital analytics. This transition not only reshaped approaches to data but also underscored the importance of privacy as a crucial element of modern analytics.

Brian Clifton, a renowned digital analytics and privacy expert, takes a trip down memory lane to present the history of digital analytics. Our video series comprehensively explores the history, technologies, and mindsets surrounding the analytics industry. The first part was dedicated to the origins of web analytics tools

In the second part, Brian focuses on the growing significance of privacy in data collection and analysis. He also sheds light on the introduction of GDPR and its pivotal role in increasing privacy compliance. You can watch the four episodes of our series in the corresponding sections of this article.

The early days of data-driven analytics

The expansion of digital marketing in the late 1990s led to the rapid development of analytics, which enabled marketers to measure campaign effectiveness. Initially, analytics focused on basic metrics, such as page views and session durations, but with the advancement of tracking technologies, organizations recognized the value of data in shaping business strategies and driving growth. However, despite this evolution, few paid any attention to data privacy and its ethical implications.  

“I was at university in the 1990s, when the web was just coming of age. At that time, it was still very much an academic and noncommercial place. However, I was blown away by its commercial potential.”

Brian Clifton, Digital analytics and privacy expert

The rising importance of privacy and ethics in the analytics industry

The increasing significance of privacy was initially met with skepticism by the analytics industry. However, it gained increasing attention with the general public after, among others, Edward Snowden’s revelations on government mass surveillance, the Cambridge Analytica/Facebook commercial scandal, and the enactment of GDPR. 

GDPR – the first big change

The General Data Protection Regulation (GDPR), prepared by the European Commission, entered into force on May 25, 2018. The regulation marked a significant advancement in data privacy, establishing a new gold standard for data protection laws. One of its many provisions states that companies must have a legal basis to store and process users’ personal data. 

In Europe, privacy has been treated as a fundamental right since the 1950s with the adoption of the European Convention on Human Rights. The idea behind GDPR was to update these protections for the digital age, giving individuals full control over their data. It also strengthened and unified the data collection processes within the European Union.

GDPR also introduced several key principles:

  • Data protection authorities (DPAs) make binding decisions and issue administrative sanctions, including fines.
  • Users can object to data processing based on the controller’s or public interests.
  • DPAs and data subjects need to be notified about data breaches.

After GDPR went into effect, reactions varied widely across industries. Many organizations faced significant challenges adapting to the strict requirements imposed by the regulation. Some companies started to rebuild their data management practices to ensure compliance, while others faced hefty fines for not following the new rules. 

Read our latest study, conducted six years after the introduction of GDPR, to learn how EU companies are leveraging privacy laws – Harmonizing marketing and privacy: How EU organizations are developing their compliant digital marketing strategies.

We ran a survey among 1,800 CEOs and marketing executives from 27 European countries, with the majority of respondents coming from Germany, France, Denmark, the Netherlands, and Sweden, to find out how they were balancing GDPR compliance and effective marketing.

Differences between approaches to privacy compliance in Europe and the US

The implementation of GDPR triggered a “domino effect,” with other countries/regions adopting similar privacy frameworks. These new data privacy laws significantly impact businesses locally and globally, necessitating that companies adapt to varying regulatory requirements. It also underscored fundamental discrepancies between privacy compliance in Europe and the US.

“Europe went through two World Wars and was the epicenter of the Cold War. That legacy  means Europeans today have quite a different perspective on our personal privacy than perhaps other parts of the world. For Europeans, the right of privacy has become a fundamental human right.”

Brian Clifton, Digital analytics and privacy expert

The primary difference lies in the comprehensiveness and universality of the two approaches. GDPR sets a uniform standard for data privacy across all member countries, treating data protection as a fundamental right. This holistic approach contrasts with the US’s fragmented system, where data privacy is governed by state-level legislation and sector-specific regulations like HIPAA for healthcare, GLBA for financial institutions, and FISMA for federal agencies. 

Also, the EU’s philosophy is deeply rooted in historical contexts emphasizing protecting personal information against misuse, reflecting a cultural commitment to individual privacy. The US has traditionally prioritized the commercial use of data, trying to incorporate a business perspective within its regulatory frameworks. The California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), were the first steps towards stronger data protection in the US and came into effect on January 1, 2020.

Another significant milestone in executing privacy compliance in the US happened on July 10, 2023, when the European Commission adopted the Data Privacy Framework. This framework introduces stricter limitations on data collection by US businesses, a development that has far-reaching implications for international data transfers. It also allows these businesses to commit to privacy responsibilities, including deleting unneeded personal data, safeguarding data shared with third parties, and adhering to data minimization principles, purpose limitation, and proportionality.

However, the Data Privacy Framework has come in for its share of criticism. It is thought to inadequately protect non-US residents, as it falls short of European privacy standards due to unchanged US surveillance laws like FISA 702 and EO 12.333. This critique raises concerns about the framework’s ability to ensure equivalent protection for personal data in the US, as questioned by the European Data Protection Board (EDPB) and the European Parliament.

Read more about the EU-US data transfers in our article: Everything you need to know about the Data Privacy Framework (Privacy Shield 2.0)

As debates over EU-US data transfers continue, companies are taking a proactive approach and considering alternative data handling strategies, such as data anonymization or EU-based solutions, reassuring customers about their capacity to adapt to the evolving privacy regulations.

Privacy becomes a cornerstone of digital trust

The evolution of privacy awareness, from consumer ignorance to caution, was accelerated by various data scandals and leaks that exposed the risks. Customers are more wary because they started to understand the consequences of improper data collection and exploitation. It also led to greater scrutiny of how companies handle personal data. 

92.1% of respondents from our study believe that companies must respect individuals’ online privacy. In 2023, it was 90%, and in 2022, only 71.2%. Only 2.4% of this year’s survey participants take the opposite view. 

For most organizations, privacy compliance is a box-ticking exercise. Only a few are progressive enough to see that privacy is integral to brand integrity and consumer trust. Responsible data usage is essential in retaining consumer trust, as mishandling data can negatively impact brand reputation.

However, a balance must be struck between safeguarding consumer data rights and enabling data-driven decision making processes, which are crucial for an organization to survive.

The primary factor driving companies’ compliance is building trust with consumers (69.5%), which has increased by almost 4% compared to the previous survey. Other motivators for all countries include company values (52.0%) and legal obligations (39.7%). Only 15.6% of respondents mentioned the risk of fines – an almost 3% increase from 2023.

“In the 21st century, consumer trust has taken on a new digital form. Customers now want to have confidence that data is being harvested responsibly and that they have a level of control over its collection. Data protection and privacy is the new frontier for brands.”

Brian Clifton, Digital analytics and privacy expert

Best practices for privacy compliance

Despite GDPR and the Data Privacy Framework, there is still confusion regarding best practices for achieving compliance, with many organizations struggling to obtain explicit user consent and ensure transparent data collection practices. This discrepancy is primarily evident to data auditors navigating the complex data privacy landscape. Often, data tracking persists even in the face of user rejection, underscoring the need for enhanced transparency and accountability in data collection. 

Here are some of the best practices for organizations that can help increase their compliance.

Developing a deeper understanding of legal frameworks includes investing in education and training programs, engaging closely with legal counsel specialized in relevant laws, and staying updated on regulatory changes. This is the job of a Data Protection Officer (DPO). By prioritizing these steps, organizations can navigate the complexities of legal requirements effectively, ensuring compliance and safeguarding data protection and privacy in their operations.

Understanding data collection

Data teams need to understand the intricacies of data collection methods, destinations, and implications. This involves scrutinizing data flows across multiple platforms and assessing the necessity of each tool employed.

Cross-team cooperation

Analytics teams should collaborate closely with legal and compliance teams to ensure a cohesive approach to data governance. Such partnerships should prioritize transparency and risk mitigation.

Safe data storage and transfer

Companies that understand the geographical considerations of data storage and jurisdictional implications, particularly relevant in the context of European data protection laws, are gaining a competitive advantage. That’s why they should opt for European-based data hosting solutions to ensure compliance and mitigate risks associated with foreign jurisdictional control. The same goes for data transfers, especially between the EU and the US. 

Implementation of privacy-compliant tools

Data teams should emphasize the importance of data minimization and consolidation, as less data equals reduced risk. By advocating for a strategic approach to tool selection and data collection, companies can avoid excessive data accumulation without a clear purpose or utility.

“From a privacy point of view, if you have sensitive data, or want to insulate your customers from becoming a product of ad tech vendors, consider working with an analytics platform that comes under EU data protection jurisdiction.”

Brian Clifton, Digital analytics and privacy expert

Supporting privacy consciousness in data analytics

Collaboration between legal, IT, and analytics teams is essential for navigating the complexities of data management and ultimately safeguarding individuals’ rights and privacy in an increasingly data-driven world. Piwik PRO is one of the privacy-conscious analytics vendors that strictly adhere to data protection regulations such as GDPR, the Data Privacy Framework, or CCPA while collecting valuable insights into user behavior. 

This is the second article based on the video series with Brian Clifton. 

In the third, we’ll discuss how to overcome the everyday challenges of working with data.

Subscribe to our newsletter to receive updates about new episodes


Brian Clifton

Digital analytics and privacy expert

Brian is recognised internationally as a digital analytics and privacy expert and best-selling author who has helped shape the industry over the past two decades. His books are used by students and professionals worldwide. As Google’s first Head of Web Analytics for Europe, Brian built the pan-European team of product specialists, a legacy of which is the online learning test, known as the GAIQ. Brian has guest lectured at University College London, Copenhagen University, and the Stockholm School of Economics.

See more posts by this author


Natalia Chronowska

Content Marketer

A content marketer with a flair for tech-related topics. With almost eight years of experience, she has developed extensive skills in crafting articles that simplify complex analytics, marketing, and technology concepts. Her journey started in a creative agency, where she focused on using storytelling and gamification to design concepts for international clients. Then, she moved to the IT industry, where she discovered her knack for translating technical jargon into engaging content. She joined Piwik PRO as a content marketer with a solid background in technology. Her main area of expertise involves marketing, analytics, personalization, AI, digital transformation, chatbots, and innovations in multiple industries. At Piwik PRO, she has gained an in-depth knowledge of web and app analytics, compliant data collection, security, and privacy.

See more posts by this author

Core – a new plan for Piwik PRO Analytics Suite

Privacy-compliant analytics, built-in consent management and EU hosting. For free.

Sign up for free

Upcoming live webinar

June 27, 2024

Real-time dashboards in Piwik PRO: A hands-on use case

This summer, we’re introducing new real-time dashboards in Piwik PRO Analytics Suite, empowering our clients to make informed decisions in time-sensitive projects. Would you like to learn how to use them in your daily work? Join our webinar to see how our partner agency, Netlife, used real-time insights to streamline the registration process for a major national event, ensuring a smooth user experience and preventing system breakdowns. Stay for a Q&A session where our experts will address all your questions.

Sign up for this webinar