GDPR restrictions on collecting and using personal data mean that many analytics users ask themselves: Can I do useful web analytics without personal data?
The simple answer is yes. Although you won’t be able to draw the same conclusions as with personal data tracking, an anonymous data collection method provides you with useful insights into user behavior. We’ll show you how. But first, let’s talk about GDPR and anonymous tracking.
What you need to remember is:
- GDPR and the ePrivacy directive set a pretty high bar when it comes to anonymous data collection
- GDPR requires consent to process the data if it’s reasonably likely this data could be used to identify an individual
- Consent opt-ins vary between 30% and 70%, depending on the industry
If you want to collect and process data without users’ consent, make sure that it has been completely anonymized and that your analytics software allows such tracking.
Compare tracking options offered by the most popular analytics vendors: 6 ways analytics software collects data online – plus a comparison of 5 popular platforms.
If you want to use data about your visitors without collecting consents, you need to make sure that the data is REALLY anonymized (that won’t be the case with Google Analytics).
Fortunately, there are some tools on the market that will be up to the task. Analytics platforms featuring anonymous data collection, such as Piwik PRO, offer a middle way, instead of an all-or-none choice based on consent.
Let’s dive into the nitty-gritty of anonymous tracking used in Piwik PRO. The platform gives you three anonymous tracking methods to choose from:
1. Anonymous tracking with cookies and session data
In this scenario, Piwik PRO deploys a session identifier as a cookie that collects session data but no personal data. After 30 minutes, which is the duration of a session, Piwik PRO removes the identifier from the web browser.
The major advantage of this approach is that it gives you more trustworthy data than any other anonymous data tracking method.
2. Anonymous tracking without cookies but with session data
In this method, Piwik PRO deploys a session identifier in the form of a device fingerprinting. The platform collects only session data, without personal data.
The major advantage of this method is that it’s permissible under several regulations. The downside is that it creates duplicate sessions. This translates into slightly less accurate data.
3. Anonymous tracking without cookies or session data
This method can’t identify an individual and can’t be used to pinpoint a single session. It doesn’t track time spent on page, bounce rate, user flows, funnels or channel attribution.
That said, it’s still useful in many business use cases. It’s also the most strict of all the presented methods.
Here’s a short recap:
|Anonymous data tracking with cookies and session data|
|Anonymous data tracking without cookies, but with session data|
|Anonymous data tracking without cookies or session data|
If you want to read more about this topic, we suggest these posts:
Anonymous data can only attribute a certain type of action to a single visitor across a single session. That means you won’t be able to determine if any of those actions were performed by a returning visitor. Also, you won’t be able to connect data from multiple sessions.
All three methods work under the following conditions:
- Browser fingerprinting is deactivated
- The geolocation is based on anonymized IP addresses or is deactivated
- No personal data is tracked and stored in the database without explicit consent
- Visitors who don’t consent appear as one-time visitors and can’t be identified across sessions
The lack of persistent tracking means your data can’t be used for marketing activities, such as:
- Long-term personalization
- Attribution of conversions to actions taken over several visits
With all the technicalities explained, it’s time to show you some use cases for working with anonymous data.
Let’s say your company wants to understand user behavior on your site.
You’re especially interested in the following series of actions:
- A click on the “learn more about a product” button
- A click on a “contact” information page
- A click on a “schedule a meeting form” on the contact page
Fortunately, you’ll have no problem with getting this kind of information from anonymized data, since:
- Anonymous data shows how the site performed based on a large sample of visitors. You’ll be able to track almost any action (number of visitors, page views, conversions and time spent on the site) and in most cases credit them to a single visitor. In other words, you’ll know that an anonymous visitor first performed action A, then B and then C during their session.
- What’s more, basic attribution is also possible. Your company will still see how visitors got to the site through organic search, Google, an ad campaign, etc.
Let’s say a visitor ignores the consent dialog at first, web browses for 15 minutes, and in the end allows you to use their personal data for personalization.
The data from those 15 minutes of browsing can be added to their record now by using a cookie with a longer lifetime (12 months in the case of Piwik PRO).
Initially, such data was anonymous, but now it can be used for personalization every time this person visits your website.
Want to learn more about Google Analytics and personal data collection?
Read our article: Is Google Analytics GDPR-compliant? 10 things to consider
Since one of the methods is based on a session cookie, you may wonder if it will still work if the visitor blocks cookies, for example through their browser settings or an ad blocker. There are a few things to clarify:
- Most of the cookies contain personal data, but there are exceptions. The session identifier cookie, which Piwik PRO uses for anonymous data collection, doesn’t collect any personal data, as the web browser automatically deletes it after 30 minutes. It’s unlikely to identify a person based on the actions taken on a single website.
- In many EU countries, privacy-friendly analytics is exempted from the consent requirement. For example, CNIL, the French data protection authority, has added Piwik PRO Analytics Suite to the list of analytics platforms that can be used to collect data without consent, given a certain configuration and set of limitations.
Although anonymous data collection is still rare in web marketing and analytics, it has a long and productive history in other fields. Whole books have been written about anonymizing health data, for example.
To respond to data privacy demands of internet users all over the world, those employing web analytics will have to adapt some of these methods. Anonymous data collection such as the one used by Piwik PRO Analytics Suite is a first step in this direction.