Digital Privacy Laws & Analytics Data: Part 2
Written by Emma Anderson
The Future of Analytics Data
In our first installment of “Digital Privacy Laws & Analytics Data,” we explored what cookies are and how they feed into analytics data. Cookies, while immensely helpful in improving the effectiveness of websites, are the driving force behind digital privacy laws sweeping the globe.
Digital Privacy Laws & Cookies
EU’s 2002 ePrivacy Directive – “The Cookie Law”
Since 2002, the European Union has enacted two major digital privacy policies. Though passed to protect EU citizens, websites from around the globe must comply if they attract or serve these individuals. Passed in 2002 (and updated in 2009), the ePrivacy Directive (aka the “Cookie Law”) requires websites to ask users to accept cookies, web beacons, and other tracking files prior to installing them on the user’s device. The goal is to obtain informed consent from users, many of whom do not realize these files are being installed on their devices. This directive seeks transparency. However, because EU directives (as opposed to regulations) provide Member States flexibility in how they are implemented, there is no consistency in the protections this directive aims to provide. Unfortunately, most companies rely upon implied consent, based on a user’s continued use of their site. The push for more comprehensive and consistent digital privacy regulation led to the passage of the GDPR.
EU’s General Data Protection Regulation (GDPR)
With the enactment of the General Data Protection Regulation, the EU sought to extend data protection measures. This regulation applies to businesses of all sizes and requires websites to get unambiguous, informed consent from users prior to installing data-tracking cookies on their devices. Prior to the implementation of the GDPR, the burden of protecting user privacy was placed on the user – in changing default settings, opting out of cookies, or turning off certain settings, like location services, to ensure their privacy standards were met. Under the GDPR, that burden is placed squarely on the business. Websites that serve individuals from the EU are required to offer privacy by design. This means these privacy standards are built into the website’s design, defaulting to enhanced privacy settings, not less. Websites are now required to clearly communicate to their users what personal data they process, how they store it, and how they use it. The GDPR also requires such information be stored securely, which almost entirely prohibits third-party cookies as they are nearly impossible to secure.
The California Consumer Privacy Act (CCPA)
Inspired by the GDPR, the CCPA is the most significant US digital privacy law to date. Focusing primarily on information supplied or sold to third parties, this law applies to companies who process information from residents of California and fit any of the following characteristics:
- Has a gross annual revenue of $25 million or more
- Possesses personal information of more than 25,000 California customers, households, or devices
- Derives more than half of its annual revenue from selling personal data
The CCPA sets out clear guidelines for properly handling users’ personally identifying data. Such data includes anything that allows the identification of a particular consumer or household – name, alias, address, IP address, geolocation data, professional information, etc. Companies are required to provide to a user, upon request, which pieces of personally identifiable information have been collected in the last 12 months. Furthermore, this law requires companies, upon the request of the consumer, to delete all data or adhere to requests not to sell personal data. The CCPA also requires companies to post privacy policies that detail what personal information is collected and how it is used. Impacted companies are also required to provide a clear and conspicuous link on their homepage entitled “Do Not Sell My Personal Information,” where consumers can opt out of allowing their data to be sold. Companies must also provide two additional methods for consumers to make data requests. The law seeks complete transparency regarding the collection and use of personally identifying information and seeks to place control over personal data back in the consumer’s hands.
Furthermore, all major browsers have already eliminated or are moving toward eliminating third-party cookies, preventing websites from tracking users from site to site. Businesses that rely on third-party cookies to measure the effectiveness of their digital marketing campaigns will need to develop forward-thinking strategies.
What a Cookie-less Future Means for Analytics Data
One unforeseen problem with eliminating third-party cookies is it has led web developers to find new ways of tracking user data. One such method is fingerprinting, which culls bits of information that vary between users to create a unique identifier for a user. By connecting tiny pieces of data provided by your browser to enable a website to display correctly – screen resolution, operating system, language, and time zone – websites create a “digital fingerprint” unique to each user. While helpful in website functioning, users cannot easily control how their information is collected.
Many browsers, including Chrome, are developing methods for blocking fingerprinting and creating a secure environment that still allows developers to anonymously aggregate user information. Google refers to this as their Privacy Sandbox, a direct effort to enhance users’ digital privacy. Google is in the process of developing new technologies that will allow advertisers access to demographic data without allowing for the unique identification of users. While not capable of completely replacing third-party cookies, these new technologies will still allow ads to be displayed for relevant users.
One of the best ways of preparing for the eventual phase-out of third-party cookies is by reviewing all of your data sources for measuring the effectiveness of your digital marketing campaign. Before you can make changes to your marketing strategy, you need to fully understand the extent to which you are relying on third-party data. You may be able to rely more heavily on first-party data or find other solutions for the data gap created as third-party cookies become a thing of the past.
Predictive analytics is widely regarded as the new future in analytics reporting. By using data combined with statistics, modeling, and algorithms to forecast potential outcomes, predictive analytics lays out a path for expected consumer activity. Using predictive analytics can help you determine where to best invest your marketing budget and what audience to focus on, based on prior activity. For example, retailers will often rely on predictive analytics to anticipate inventory demands. Airlines use predictive analytics to determine ticket prices, based on prior travel trends. Predictive models help businesses attract and retain their most valuable customers.
While there are many uncertainties as we adapt to the new digital privacy standards, one thing is certain – a nuanced look at your digital marketing data will be needed to give your company the best footing moving forward. Drawing on several data points, EveryDayta [link to about us] provides a comprehensive measure of your website performance and social engagement. We break down what is working, and what isn’t, in ways that are easy to understand so you can change gears or stay the course as needed. Contact us today [link to contact us] to schedule a consultation.