Online Privacy – The Good, the Bad, the Ugly

Online privacy is a complex subject. Hence I use this slide to neatly sum up the issue by analogy. Essentially, to illustrate the different levels of privacy, I consider the scenario of an organisation wishing to understand (i.e. gather data on) the impact of traffic on their community. In my analogy, I define:

  • The organisation gathering the data is analogous to a website owner/marketer (you!);
  • The road is the web;
  • a car represents a visitor’s browser;
  • The person(s) in the car are the real people who are using the web;
  • Destinations (shops, schools, houses) are the websites.
  • PII = personally identifiable information.

privacy analogy

Essentially, as you move down this list the data becomes more personal and therefore privacy becomes more important to the visitor. Also it means your legal obligations wrt privacy increase, as well keeping on top of best practice so that your visitors actually trust you.

Where Does Your Site Fit with Privacy…?

To establish this you need to assess your website by conducting a “tracking audit”. That is, document what tracking methodologies are deployed and assigning each to one of the three classifications above. If any of the data you are collecting is *not* classed as green, ask the following questions of it:

  1. Do we need this data?
  2. If so, how does it help us optimise our website content or website’s marketing?
  3. Is it transparent to the visitor what we are doing with their data?

Often I find that organisation’s inadvertently collect way more information than they actually use, or need. So avoid the privacy hassle and cull any unnecessary data points that infringe upon privacy.

Of course all website owners wish to individualise their data and get personal – because that provides opportunities to tailor content, cross-sell and upwell. There is nothing wrong with that per se, so long as you gain the explicit consent of your visitors first, and stop tracking them if they say no. That is now written into EU Law.

Gaining explicit consent is cumbersome. Raising a red flag to your visitors highlighting privacy is likely to put many of your visitors off. That is not necessary because they fear you are doing something bad. More likely its due to privacy being a complex subject with many ramifications for your visitors that they simply did not contemplate when they decided to visit your site. If in doubt, a person will always err on the side of caution i.e. opt out of your tracking.

This is why I recommend you cull any data collection that is not strictly necessary.

Where Does Google Analytics Fit with Privacy…?

All Google Analytics reports are anonymous and aggregate. That means it fits into the green category. So nothing to worry about, right?

Not quite…

It is possible to break the Terms of Service for Google Analytics and collect PII. I see this often. This can happen inadvertently when visitors receive a confirmation email for a sign-up, or registration etc. That is, the confirmation link in the email includes a clear text version of their email address in the URL. GA tracks URLs by default, so that email address is captured in your reports when the user clicks through on the link.

Solution: Either encrypt the email address in confirmation URL, or use a search & replace filter in your Google Analytics setup to remove it from your reports.

Be Aware of Hidden Tracking Code on Your Site

These days it is rare that the only tracking technology you have on your site is Google Analytics. The plethora of useful third party “widgets” website embed in their site means that pretty much all websites have numerous widgets that provided tracking – either directly to the website owner, or back to the third-party widget owner. Often, organisations are unaware of widget tracking abilities.

If you have any of the following deployed on your site, you are collecting more than just green information and need to assess the privacy impact:

  • DoubleClick
  • Google Maps
  • AdSense
  • Disqus
  • YouTube
  • ShareThis
  • LivePerson Chat
  • Social plugin buttons (Tweet me, Follow me, Facebook Like, Google Plus, LinkedIn etc.)
  • Addthis
  • UserVoice

*ALL* of the above set 3rd-party cookies that track individuals (although anonymously).

Useful Tools

There are a number of tools that can help you understand what tracking technologies are deployed on your site. I regularly use the following two (also see my post on The Best Google Analytics Add-Ons):

The Real Privacy Debate – The Triangulation of Anonymous Information

Related: This recent article from the BBC:

Because the widgets I list above deploy third-party cookies, they have the ability to track visitors around the web – not just on your website. That is, tracking the path of visitors to unrelated websites and what they do there. This is possible because of the ubiquitous nature of these plugins.

For example, from my search history Google can easily determine the small town where I live, what my interests are, what industry I work in, that I have written books, what make of car I drive, what language I speak, what music I like, what phone I use, whether my preference is PC or Mac, what university I went to, and a myriad of other “anonymous” data points.Google itself also uses third-party cookies in various products – though specifically not Google Analytics. The fear is that companies such as Google (also Apple, Microsoft, Yahoo, Firefox, Amazon etc) that have so much anonymous information about anonymous user’s that they can triangulate data points to identify an individual.

As you have probably concluded, it would not require a rocket scientist to be able pinpoint exactly who I am and identify me. This is why the EU law makers are trying to nail this down – and quite rightly. We need politicians and policy makers to protect user privacy in this way. The problem is that data triangulation often gets confused with any and all types of benign tracking that take place – such as that used by Google Analytics.

BTW, if you are interested in what I am building in this space – a forensic GA data auditing tool with an emphasis on GDPR compliance – visit

Looking for a keynote speaker, or wish to hire Brian…?

If you are an organisation wishing to hire me and my team, please view the Contact page. I am based in Sweden and advise organisations in Europe as well as North America.

You May Also Like…

Sayonara Universal Analytics

Sayonara Universal Analytics

My first Google Analytics data point was 15th May 2005 for UA-20024. If you are of a certain age, that may sound off...


  1. Sergio Maldonado

    I fully agree with my fellow Spaniard 🙂

    As for your comments, Brian, there is an important contradiction:

    Indeed the Directive is technology agnostic. To the point of not even making any distinction between first and third party cookies. And to the point of not even using the word “cookies”.

    Now, if you have a look at the Article 29 WP’s Opinion on Cookie Consent Exemption (and this is the basis for every national data protection agency’s own guidelines), you will notice that social plug-ins are exempted when the user is already logged in (to Facebook, Twitter, etc…) in his browser. Here, for your entertainment:

    Keep well.

    • Brian Clifton

      Great conversation Sergio – thanks for taking the time to highlight this.

      Article 29 describes the exemption for social plugins when tracking form these plugins only takes place if the visitor is logged into the social site in question. However, most of these plugins track the visitor via your site even when not logged in. So by placing the buttons on your site, the social sites perform their 3rd-party tracking.

      In some cases the default tracking can be turned off (e.g. I know Addthis has this option), but most social buttons will track by default even when the visitor is not socially logged in. Its a mine field and imo is best to explicitly ask for visitor consent…

  2. Maria Gómez Moriano

    Really great stuff and nice to read blog post Brian, thank you so much for helping readers easily understand such a complex subject matte!

    The new EU Regulation is completely necessary because everything has changed. We thus need new rules, unless we want the Internet to remain the new wild west with respect to Data Protection and Privacy.

    From my experience, I am a privacy lawyer in Spain where the Data Protection law is the hardest one in Europe and the DPA imposes fines up to 600,000€, there are two main points to be revisited in the day-to-day of analytical, marketing and sales departments:

    First of all is wording (Matthias made a point there). For some strange reason the process to create the legal notices used to be, after the creation of a banner, web, offer, promotion or whatever, that the legal guys/gals to write something for it. The legal notice should be taken into consideration from the beginning during the entire creation process. Did anyone hear of “Privacy by Design”? Additionally, all related communication is usually done through email: no face2face discussions nor meetings to share point of views. BIG MISTAKE. All Departments involved need to sit together to understand each others reasons in order to increase the usability and trust for the site. PROBLEM: normally lawyers do not understand marketing nor analytical language and vice versa so find a lawyer who does that is not easy!

    The ways most web sites ask for consent has been the same for the last 10 years. During that time, Marketing departments have changed the way they try to convince people to buy their products so maybe is time to become creative with the way we ask for their consent as well. Basically the proposed EU Regulation tells us the user must provide explicit consent but nothing about the way in which this consent should be provided. This signals to me that it is time to rethink the way consent can be provided (please, notice that way must fit legal requirements) so it is time to challenge ourselves (and your lawyers) and be creative: the door is open as numerous studies have pointed out the will to give up Privacy in exchange for certain advantages.

    The matter is complex and requires great doses of creativity to respect user´s Privacy rights while applying advanced analytical resources. Yet, as far as I know, human imagination has no limits, let´s just exploit that because users increasingly demand their Privacy is respected all around the globe. This is a change to distinguish one-self, a new USP, let´s give them what they want to obtain what we want as well.

  3. Brian Clifton

    +Segio – the EU law is deliberately technology agnostic so exceptions based on this won’t be forthcoming. The same for social plugin buttons. If you place them on your site and they use 3rd party tracking techniques then you need explicit permission from your visitors,

    +Mattias – it still amazes me that CMS vendors have not started to acquire TMS vendors (or the other way round). It will happen soon… BTW, try this article about crafting a best practice privacy policy:
    A 10-point Best Practice Privacy Guide for Working with Google Analytics

    +Geddy – thanks for the feedabck

  4. Sergio Maldonado

    Great post and superb metaphor, Brian. I think it was high time someone pointed this out about people inadvertedly gathering and storing email addresses in GA or elsewhere (all too common).

    As for the rest, I would place a serious bet on the upcoming EU Regulation excluding first-party “analytical” cookies from scrutiny (perhaps under the “statistical purposes” exception). This would be aligned with Do Not Track initiatives in the US and simplify things (putting the terrible news for the IAB aside, of course).

    Finally, social plugins are already exempted under the “strictly necessary” provision (as interpreted by the Article 29 Working Party: Twitter would not be able to provide their service -by nature taking place on a third party site- if their cookies are not set). This would not apply when using AddThis (also in your list), though.

    Looking forward to seeing you around the WAW London or elsewhere.

  5. Matthias

    great article and thanks for the analogy, I like it a lot.

    There are two issues I think are important when managing privacy:
    First, how can Tag Management Systems control the technical aspects of privacy by not only enabling/disabling trackers one by one, but also controlling details of the captured data details within a single tracking stream?

    Second, I think that one big problem is wording: How are visitors informed about the data tracking and a clear explanation of the intended data exploration?
    It is not easy to have a comprehensive and focused privacy disclaimer (by language) which readable for non-legal staff, too. When having a simple but comprehensive and transparent explanation in place, I would assume a much larger user consent rate. A blurry blabla like “we use cookies to optimize your site experience” is not increasing trust, actually it triggers many people to think from a rather bad perception.

  6. Geddy van Elburg

    Hi Brian, I like your article. A good read for businesses and analysts.These kind of articles help people understand the data protection issues.


Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share This