GDPR restrictions on the collection and use of personal data mean that many analytics users are asking themselves: Can I do useful analytics without personal data?
The simple answer is yes. Although you won’t be able to draw the same conclusions as with personal data, an anonymous data collection method provides you with useful insights into user behavior. We’ll show you how, but first…
Let’s talk about GDPR and anonymous tracking. What you need to remember is:
- GDPR sets a pretty high bar when it comes to data anonymization
- The regulation requires consent to process the data if it’s reasonably likely it could identify an individual
- Most unknown visitors don’t give this consent
If you want to use data about your visitors without collecting consents, you need to make sure that the data is REALLY anonymized (that won’t be the case with Google Analytics – here you can read why).
Fortunately, there are some tools on the market that will be up to the task. Analytics platforms featuring anonymous data collection, such as Piwik PRO, offer a middle way, instead of an all-or-none choice based on consent.
For example Piwik PRO uses the following anonymization process:
- Geolocation is disabled
- No “fingerprinting” data is saved about the visit
- Only a “Visitor ID” cookie is stored in the visitor’s browser (the cookie that has a lifetime of only 30 minutes, after which it’s deleted automatically by the browser)
Thanks to these settings your data will not fall under the category of personal data.
Want to learn more about data anonymization in analytics? Follow this link: The ultimate guide to data anonymization in analytics.
With all the technicalities explained, it’s time to show you what anonymous data collection looks like in practice.
Let’s say your company wants to understand unknown visitor behavior on your site.
You’re especially interested in the following series of actions:
- A click on “learn more about a product”
- A click on a “contact” information page
- A click on a “schedule a meeting form” on the contact page
Fortunately, you’ll have no problem with getting this kind of information from anonymized data, since:
- The anonymous data shows, along with the data for those who gave consent, how the site performed based on a large sample of visitors. You’ll be able to track almost any action (number of visitors, page views, conversions and a time spent on the site) and in most cases credit them to a single visitor.
In other words, you’ll know that an anonymous visitor first performed action A, then B and then C during their session.
- What’s more, basic attribution is also possible. Your company will still see how visitors got to the site: through organic search, Google, an ad campaign, etc.
The anonymous data can only attribute actions to a single visitor across a single session though. That means you won’t be able to determine if any of those actions were performed by a returning visitor. That said, you can’t create a history of actions across multiple sessions.
The lack of persistent tracking means it can’t be used for:
- Long-term personalization
- Attribution of conversions to actions taken over several visits
However, there is the possibility to recover personal data if a visitor gives consent after initially declining.
Let’s say a visitor ignores the consent dialog at first, browses for 15 minutes and in the end responds to a prompt to provide data for personalization. The data from those 15 minutes of browsing can be added to a record, now under a cookie with a longer lifetime (12 months in the case of Piwik PRO).
Initially, data was anonymous but now it can be used for personalization in later sessions because consent was given during the active session.
Want to learn more about Google Analytics and personal data collection?
Read our article: Is Google Analytics GDPR-compliant? 10 things to consider
Since this example of anonymous data collection relies on a cookie, it’s worth clarifying two issues.
First, not all cookies are personal data, even though many are. The cookie used by Piwik PRO for anonymous data collection is not personal data because it’s deleted automatically after 30 minutes. The visitor ID from this temporary anonymous cookie is used to classify visitor data (also not personal data because of the masking of fingerprinting and geolocation fields).
It’s highly unlikely that anyone could reconstruct the identity of an individual based solely on their browsing actions on a single website.
Second, the kind of first-party cookie mentioned here is rarely blocked. Browsers and ad blocking software block more and more persistent cookies generated by third parties. When you read about the end of the browser cookie, they are talking about these persistent third-party cookies.
Although anonymous data collection is still rare in web marketing and analytics, it has a long and productive history in other fields. Whole books have been written about anonymizing health data, for example.
To respond to data privacy demands of internet users the world over, those employing web analytics will have to adapt some of these methods. Anonymous data collection of the kind found in Piwik PRO is a first step in this direction.
>>> The most important benefits of data pseudonymization and anonymization under GDPR
>>> What is a trusted execution environment (TEE) and how can it improve the safety of your data?
>>> Why first-party data is the most valuable to marketers