The End of Tracking

Today at Trusted Conf. we’re talking about data and analytics and The End of Tracking with Ben Weber, Digital Analytics Specialist.

Watch the video below to get the full insights into the end of tracking:

 

View the slides:

 

The End of Tracking

Before we dig in, let’s learn a little about Ben:

• Educational background in software/research engineering
• Specialised in Google Analytics, GTM
• Passionate about data governance and integrity
• Based in Da Nang, Viet Nam

 

Cookies or No Cookies?

Agenda:

• Introduction
• User privacy & Data Regulations
• ITP, Adblocker and Firewalls
• Exercise: Impacts on tracking
• Conclusion

 

Cookies and Tracking

• Cookies are the keystone of tracking.
• Cookies enable us to identify a user while collecting information about him and his interactions on site.
• Cookies are the primary tool that advertisers use to track your online activity so that they can target you with highly specific ads.

 

User Privacy and Data Regulations

Protect and respect user privacy preferences

Source: Wired

The challenge of data privacy is to use data while protecting an individual’s privacy.

We (the marketer) collect loads of information while users are navigating our sites. 

And often, we just track users without asking for consent: well, since they don’t ask, we don’t tell. We forget to put the user’s first. A lot of the users used to give it away easily. So why not?

A lot has happened in the last couple of years (including data breach such as Cambridge Analytica), and users became more aware of the risks but also annoyed by the multitude of ads and retargeting they are subject to. They now are not only more protective and want to know what we do with their data 

Regulations and legislations are released across the world to help users and force companies to be more transparent about what data they collect and what they do with it.

 

Data Privacy Regulations Are Global

IMWT is global but data privacy regulations are too. Our clients are around the world and their customers too. 

We must be aware of each country’s regulations and advise our clients and tell them about their obligations. We, as a marketing company, process, collect and control data. It is our duty to respect these regulations and ensure that our clients respect them too. 

Example of impact: IMWT should never create a Google Analytics or Google Tag Manager container on behalf of our client. The responsibility falls upon us if we are the owners of the account. 

 

GDPR

In all of the regulations across the world, I decided to take GDPR as an example to show you the impact it has on tracking.

The General Data Protection Regulation is one of the most comprehensive data protection legislation that has been passed by any governing body to this point. Since May 2018, GDPR entered into application. This set of data protection rules applies to any companies operating in the EU.

The GDPR protects personal data regardless of the technology used for processing that data – it’s technology-neutral and applies to both automated and manual processing, provided the data is organised in accordance with pre-defined criteria (for example alphabetical order). It also doesn’t matter how the data is stored – in an IT system, through video surveillance, or on paper; in all cases, personal data is subject to the protection requirements set out in the GDPR.

It reinforces the security and privacy of personal data of its customers and users, resulting in their trust. It allows people to have more control over their personal data.

Source: GDPR

 

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.

Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR.

Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.

2 Lines in GDPR About Cookies (Online Tracking)

Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. 

This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

 

Cookies Fall Under the PECR

The regulations that concern tracking are under the PECR which stands for Privacy and Electronic Communications Regulations.

They implement ‘the e-privacy Directive’.

The e-privacy Directive complements the GDPR (general data protection regime) and sets out more-specific privacy rights on electronic communications including cookies and therefore tracking. 

There are specific rules on:

• marketing calls, emails, texts and faxes; cookies (and similar technologies);
• keeping communications services secure; and
• customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings

Under PECR, we must:

• Receive users’ consent before using any cookies except strictly necessary cookies
• Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received
• Document and store consent received from users
• Allow users to access your service even if they refuse to allow the use of certain cookies
• Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place

Source: ico.org.uk

 

Types of Cookies Marketers Need

In general, there are three different ways to classify cookies: what purpose they serve, how long they endure, and their provenance.

Duration

• Session cookies – These cookies are temporary and expire once you close your browser or the session ends.
• Persistent cookies — These cookies remain on your hard drive until you erase them or your browser does, depending on the cookie’s expiration date. While these cookies should expire before 12 months, some cookies can last a lot longer and will only be removed when you take action.

Provenance

• First-party cookies — First-party cookies are put on your device by the website you visit.
• Third-party cookies — These cookies aren’t directly placed by the website you’re visiting but by a third-party, such as an advertiser or analytics.

Purpose

• Strictly necessary cookies — These cookies are essential for you to browse the website and use its features.
• Preferences cookies — Also known as “functionality cookies,” these cookies remember your preference settings, like language settings.
• Statistics cookies — Also known as “performance cookies,” these cookies collect information about how you use a website, including the pages you visit and the links you click.
• Marketing cookies — These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always of third-party provenance.

Source: GDPR

 

Without consent we can’t measure ROI

 

ITP, Adblockers and Firewalls

ITP Cuts Cookies Lifespan to 24 hours

Intelligent Tracking Prevention prevents advertisers and other technologies from tracking and collecting information about users.

In Safari, with ITP 2.2, first-party and third-party cookies are now limited to 24 hours.

Example:

• If Safari users do not convert within 24 hours after clicking on a Google Ads campaign, we won’t be able to attribute the conversions to our campaign
• In GA,  if the same user accesses our website from Safari 2 days in a row, he will be perceived as 2 unique users

47% of Users Have an AdBlocker

AdBlockers offer the possibility of blocking GTM or specific javascript such as Google Analytics.

Source: GlobalWebIndex

 

Firewalls Can Block Any Service

Firewalls give you the ability to block DNS request from specific IP ranges or domain names. 

Adding 1 rule to block the domain analytics.google.com would prevent Google Analytics from receiving data.

 

What Remains?

1. System admins can use Firewalls to prevent certain domain from collecting data. It is not uncommon to have tools such as Google Analytics be cut off at a network level.
2. Users can add ad blockers in their browsers. These ad blockers are usually targeting advertising and marketing platforms but adblockers offer a feature that enables blocking tracking (such as Gostery). There are also options to outright block Google Analytics or Google Tag Manager.
3. Cookie consent, intelligent tracking prevention and other browsers cookie handlers are preventing us from properly measuring user behaviour over multiple sessions.
   

After filtering out some users, how much do we actually see in our analytics? How much can we trust what we see, analyse and report on? 

• • Traffic
  • Audience
  • Personalisation
  • Attribution & conversion

 

Exercise

 

 

Prepping for a Post Cookie Era

As a publisher, you can’t find your way out of Safari’s ITP alone. We need the industry to work together and devise a workaround (also a long-term solution) as soon as possible. But that doesn’t mean there’s nothing you can do. We see two ways as of now.

There are always workarounds (server to server tracking, cookieless tracking) but IMWT and the industry should embrace this change. should also advocate for the adoption of the only tracking method that cannot be interfered with by browsers, privacy and ad-blocking extensions, or even operating systems.