Digital Privacy Laws & Analytics Data: Part 2

Written by Emma Anderson

Digital Privacy Laws & Analytics Data Part 2

The Future of Analytics Data

In our first installment of “Digital Privacy Laws & Analytics Data,” we explored what cookies are and how they feed into analytics data. Cookies, while immensely helpful in improving the effectiveness of websites, are the driving force behind digital privacy laws sweeping the globe.
Here we examine some of these privacy laws and explore their impact on the use of cookies, as well as consider what a “cookie-less” future may mean for analytics data.

Digital Privacy Laws & Cookies

For the past 20 years, there has been a big push to establish online privacy regulations. Growing concern about the information websites collect on users and how they use that information (or sell that information to third parties) has driven many of the newly enacted digital privacy laws. From those put into place in the US as well as those enacted across the globe, all seek to make data collection more transparent and require user consent prior to installing cookies on a user’s device. Here’s a look at three major digital privacy laws that are having a major impact on the use of cookies. 

EU’s 2002 ePrivacy Directive – “The Cookie Law”

Since 2002, the European Union has enacted two major digital privacy policies. Though passed to protect EU citizens, websites from around the globe must comply if they attract or serve these individuals. Passed in 2002 (and updated in 2009), the ePrivacy Directive (aka the “Cookie Law”) requires websites to ask users to accept cookies, web beacons, and other tracking files prior to installing them on the user’s device. The goal is to obtain informed consent from users, many of whom do not realize these files are being installed on their devices. This directive seeks transparency. However, because EU directives (as opposed to regulations) provide Member States flexibility in how they are implemented, there is no consistency in the protections this directive aims to provide. Unfortunately, most companies rely upon implied consent, based on a user’s continued use of their site. The push for more comprehensive and consistent digital privacy regulation led to the passage of the GDPR. 

EU’s General Data Protection Regulation (GDPR)

With the enactment of the General Data Protection Regulation, the EU sought to extend data protection measures. This regulation applies to businesses of all sizes and requires websites to get unambiguous, informed consent from users prior to installing data-tracking cookies on their devices. Prior to the implementation of the GDPR, the burden of protecting user privacy was placed on the user – in changing default settings, opting out of cookies, or turning off certain settings, like location services, to ensure their privacy standards were met. Under the GDPR, that burden is placed squarely on the business. Websites that serve individuals from the EU are required to offer privacy by design. This means these privacy standards are built into the website’s design, defaulting to enhanced privacy settings, not less. Websites are now required to clearly communicate to their users what personal data they process, how they store it, and how they use it. The GDPR also requires such information be stored securely, which almost entirely prohibits third-party cookies as they are nearly impossible to secure. 

The California Consumer Privacy Act (CCPA)

Inspired by the GDPR, the CCPA is the most significant US digital privacy law to date. Focusing primarily on information supplied or sold to third parties, this law applies to companies who process information from residents of California and fit any of the following characteristics: 

  • Has a gross annual revenue of $25 million or more
  • Possesses personal information of more than 25,000 California customers, households, or devices
  • Derives more than half of its annual revenue from selling personal data

The CCPA sets out clear guidelines for properly handling users’ personally identifying data. Such data includes anything that allows the identification of a particular consumer or household – name, alias, address, IP address, geolocation data, professional information, etc. Companies are required to provide to a user, upon request, which pieces of personally identifiable information have been collected in the last 12 months. Furthermore, this law requires companies, upon the request of the consumer, to delete all data or adhere to requests not to sell personal data. The CCPA also requires companies to post privacy policies that detail what personal information is collected and how it is used. Impacted companies are also required to provide a clear and conspicuous link on their homepage entitled “Do Not Sell My Personal Information,” where consumers can opt out of allowing their data to be sold. Companies must also provide two additional methods for consumers to make data requests. The law seeks complete transparency regarding the collection and use of personally identifying information and seeks to place control over personal data back in the consumer’s hands. 

How Digital Privacy Laws Impact the Use of Cookies

Digital privacy laws are having a significant impact on businesses’ ability to rely on data from cookies. Many websites attempt to comply with these laws by informing users when they first load their homepage of the website’s use of cookies to improve website functioning. In many cases, users are given the option of consenting to accept website cookies. In others, websites state that the continued use of the website offers implied consent. However, implied consent does not fit the requirements outlined in the GDPR. But even without consent, websites are allowed to install cookies if they are required for the proper functioning of the website. Websites relying on cookies to measure metrics like traffic source, bounce rate, session activity, or even demographic data will need to consider how reliable their information is. Some users will be more inclined to click “accept,” while others will be less inclined to provide any sort of data. As privacy concerns related to the use of cookies grow, users will not only be less inclined to accept cookies, but they will also be more likely to clear their cookies more frequently. 

Furthermore, all major browsers have already eliminated or are moving toward eliminating third-party cookies, preventing websites from tracking users from site to site. Businesses that rely on third-party cookies to measure the effectiveness of their digital marketing campaigns will need to develop forward-thinking strategies. 

What a Cookie-less Future Means for Analytics Data

One unforeseen problem with eliminating third-party cookies is it has led web developers to find new ways of tracking user data. One such method is fingerprinting, which culls bits of information that vary between users to create a unique identifier for a user. By connecting tiny pieces of data provided by your browser to enable a website to display correctly – screen resolution, operating system, language, and time zone – websites create a “digital fingerprint” unique to each user. While helpful in website functioning, users cannot easily control how their information is collected. 

Many browsers, including Chrome, are developing methods for blocking fingerprinting and creating a secure environment that still allows developers to anonymously aggregate user information. Google refers to this as their Privacy Sandbox, a direct effort to enhance users’ digital privacy. Google is in the process of developing new technologies that will allow advertisers access to demographic data without allowing for the unique identification of users. While not capable of completely replacing third-party cookies, these new technologies will still allow ads to be displayed for relevant users.

One of the best ways of preparing for the eventual phase-out of third-party cookies is by reviewing all of your data sources for measuring the effectiveness of your digital marketing campaign. Before you can make changes to your marketing strategy, you need to fully understand the extent to which you are relying on third-party data. You may be able to rely more heavily on first-party data or find other solutions for the data gap created as third-party cookies become a thing of the past. 

Predictive analytics is widely regarded as the new future in analytics reporting. By using data combined with statistics, modeling, and algorithms to forecast potential outcomes, predictive analytics lays out a path for expected consumer activity. Using predictive analytics can help you determine where to best invest your marketing budget and what audience to focus on, based on prior activity. For example, retailers will often rely on predictive analytics to anticipate inventory demands. Airlines use predictive analytics to determine ticket prices, based on prior travel trends. Predictive models help businesses attract and retain their most valuable customers. 

While there are many uncertainties as we adapt to the new digital privacy standards, one thing is certain – a nuanced look at your digital marketing data will be needed to give your company the best footing moving forward. Drawing on several data points, EveryDayta [link to about us] provides a comprehensive measure of your website performance and social engagement. We break down what is working, and what isn’t, in ways that are easy to understand so you can change gears or stay the course as needed. Contact us today [link to contact us] to schedule a consultation.


“A Practical Guide to the European Union’s GDPR for American Businesses” – Nancy Harris, Vox

“California Rings in the New Year with a New Data Privacy Law” – Rachel Myrow, NPR

“ePrivacy: An Overview of Europe’s Other Big Privacy Rule Change” – Natasha Lomas, TechCrunch

“GDPR Explained” –

“Predictive Analytics: What It is and Why It Matters” — SAS

“The Must-Know Guide to the EU Cookie Directive” – Elizabeth C., PrivacyPolicy

“The Ultimate Guide to Cookie Laws” – Noah Ramirez, OSANO

“Ultimate Guide to EU Cookie Laws” — PrivacyPolicies

“What is Predictive Analytics? Transforming Data into Future Insights” – John Edwards, CIO

Leave a Comment