Back to blog

Sensitive data, profiling, and your web analytics

Data privacy & security Product best practices

Written by

Published March 31, 2016 · Updated August 6, 2020

Sensitive data, profiling, and your web analytics

With so much of our time spent online, our activity logs can reveal a lot of personal information considered as sensitive data. All websites we visit or keywords we search can be a valuable source of information that can be used to enrich our profiles and subsequently help advertisers find the right segments for their ads. What do you need to know about profiling and how can you protect you and your visitors’ sensitive data?

Profiling involves tracking and recording online user behavior for the purpose of producing targeted advertising. Such activity can encompass every sort of interaction, including viewed pages, conducted searches, purchased products, or abandoned carts. Targeted advertising takes into account past actions of an individual to predict not only their preferences, but also their personal situation — possibly including delicate matters such as financial or health conditions. According to this information, a marketer or a salesperson may decide if, for example, this person is ready to convert into a paying client.

Growth of the so-called Global Internet User Activity Database is what worries both website owners and visitors, and while it’s true online profiles can remain anonymous, it’s also a fact that many companies attempt to match personally identifiable information (PII), such as a name and address, with consumer profiles they have at their disposal. Even if based on cookie usage, such collection can still include sensitive data.

How to Leverage Web Analytics

When Your Company is Dealing with Tons of Sensitive Data

Download FREE Guide

The closer a given piece of information gets to enabling identification of an individual, the more caution needs to be taken when dealing with such sets. This type of special attention can take the form of:

  • consent requirements
  • increased control
  • informing users on data-collection purposes

It is therefore vital to provide users with, at minimum, a way to opt-out as presented below:


There are categories of data considered more sensitive by default, such as health or financial data, but also information on an individual’s sexual orientation, political affiliation, race, etc. Such knowledge can cause personal harm, as in the infamous case of the US-based retailer Target.

To predict pregnancy and run specific campaigns aimed at mothers-to-be, Target collected and used information on individuals’ shopping behavior. What seemed random and non-sensitive at first glance was in fact used without any consent in order to obtain a piece of very sensitive information

Expert advice by Aurelie Pols, Mind Your Privacy

Expert’s Advice: Aurélie Pols, Mind Your Privacy

“The Target case highlighted very common issues the field of web analytics is faced with — a lack of understanding for how significant context may be for privacy best practices, as well as the need for adequate decision making and responsibility attribution.”

How to Leverage Web Analytics

When Your Company is Dealing with Tons of Sensitive Data

Download FREE Guide


Ewa Bałazińska

See more posts by this author

Core – a new plan for Piwik PRO Analytics Suite

Privacy-compliant analytics, built-in consent management and EU hosting. For free.

Sign up for free