With the GDPR being enforced from the 25th of May and with the upcoming ePrivacy Regulation updating the ePrivacy Directive, marketers need to be very careful about how they measure the performance of their campaigns in a compliant way and without losing data.
In this talk, we look at why these regulations came to be, dig into how the regulations impact marketing and measuring performance, and close with a look towards the future of measurement.
1. Web analytics & EU regulations
Pierre Far
European Search Conference, June 2018
1
2. Hello :) 2
Me
Founder, advisor, ex-Googler, product
manager, biologist.
Find me
● twitter.com/pierrefar
● linkedin.com/in/pierrefar
● pierrefar.com
My work
Website product management
consulting
deliberatedigital.com | @delibdigital
pierre@deliberatedigital.com
Unblockable GDPR-ready
web analytics
blockmetry.com | @blockmetry
hello@blockmetry.com
3. ● Ad blockers can also block
analytics
● This is silent data loss!
Data loss at large scale 3
Analytics blocking Stricter regulations
● GDPR and ePrivacy Directive
affect legal basis for lawful
processing of analytics data
● Draft ePrivacy Regulation likely to
change things even more
5. Users block web analytics at high rates
DE: 18%
FR: 17%
US: 13%
GB: 7.5%
ES: 10%
Data source: Blockmetry own measurements, May 2018.
Numbers are percent of non-bot pageviews with JavaScript enabled that did not load analytics tag, all devices.
IE: 9%
Separate from and in addition to ad blocking
Excludes JavaScript disabled measurements
Separate from (and overlaps) DNT measurements
5
6. Worldwide regulations increasingly stricter
EU DPD
1995
EU ePD
2002
EU GDPR
2016
EU ePR
(2019?)
CoE No. 108
1981
UN UDHR
1948
Privacy is not a new thing.
It's just getting regulated more strictly worldwide.
6
7. Current situation: bad UX & business outcomes
Even with affirmative user consent, neither site will not get analytics
data if a content blocker is installed.
7
9. Structured exercise to understand how you process personal data
● Definition of “processing” is broad under GDPR Article 4.
● It's not about just GDPR, but also PECR (ePrivacy Directive)
○ Keep an eye on upcoming ePrivacy Regulation
In detail:
● Describe the nature, scope, context and purposes of the processing;
● Assess necessity, proportionality and compliance measures;
● Identify and assess risks to individuals; and
● Identify any additional measures to mitigate those risks.
Help:
● ICO DPIA guidance
● CNIL PIA tool
Data Protection Impact Assessment 9
10. Analytics, advertising, social networks
● Audit all trackers and cookies being set
○ Check your source code
○ Crawl the website
● Figure out measures to get you to compliance
○ Varies depending on what you're doing. You need technical and
organizational measures.
○ Follow ICO guidance
● Review regularly
○ Automate if you can
● Document everything
○ Don't forget to update documentation
Focus on tracking and cookies 10
11. Pierre Far
p. +44 (0) 333 006 4045
e. pierre@blockmetry.com
Twitter / LinkedIn: @blockmetry
THANK YOU!
11
Email me to get a free
Blockmetry trial!