Online privacy is a complex subject. Hence I use this slide to neatly sum up the issue by analogy. Essentially, to illustrate the different levels of privacy, I consider the scenario of an organisation wishing to understand (i.e. gather data on) the impact of traffic on their community. In my analogy, I define:

  • The organisation gathering the data is analogous to a website owner/marketer (you!);
  • The road is the web;
  • a car represents a visitor’s browser;
  • The person(s) in the car are the real people who are using the web;
  • Destinations (shops, schools, houses) are the websites.
  • PII = personally identifiable information.

privacy analogy

Essentially, as you move down this list the data becomes more personal and therefore privacy becomes more important to the visitor. Also it means your legal obligations wrt privacy increase, as well keeping on top of best practice so that your visitors actually trust you.

Where Does Your Site Fit with Privacy…?

To establish this you need to assess your website by conducting a “tracking audit”. That is, document what tracking methodologies are deployed and assigning each to one of the three classifications above. If any of the data you are collecting is *not* classed as green, ask the following questions of it:

  1. Do we need this data?
  2. If so, how does it help us optimise our website content or website’s marketing?
  3. Is it transparent to the visitor what we are doing with their data?

Often I find that organisation’s inadvertently collect way more information than they actually use, or need. So avoid the privacy hassle and cull any unnecessary data points that infringe upon privacy.

Of course all website owners wish to individualise their data and get personal – because that provides opportunities to tailor content, cross-sell and upwell. There is nothing wrong with that per se, so long as you gain the explicit consent of your visitors first, and stop tracking them if they say no. That is now written into EU Law.

Gaining explicit consent is cumbersome. Raising a red flag to your visitors highlighting privacy is likely to put many of your visitors off. That is not necessary because they fear you are doing something bad. More likely its due to privacy being a complex subject with many ramifications for your visitors that they simply did not contemplate when they decided to visit your site. If in doubt, a person will always err on the side of caution i.e. opt out of your tracking.

This is why I recommend you cull any data collection that is not strictly necessary.

Where Does Google Analytics Fit with Privacy…?

All Google Analytics reports are anonymous and aggregate. That means it fits into the green category. So nothing to worry about, right?

Not quite…

It is possible to break the Terms of Service for Google Analytics and collect PII. I see this often. This can happen inadvertently when visitors receive a confirmation email for a sign-up, or registration etc. That is, the confirmation link in the email includes a clear text version of their email address in the URL. GA tracks URLs by default, so that email address is captured in your reports when the user clicks through on the link.

Solution: Either encrypt the email address in confirmation URL, or use a search & replace filter in your Google Analytics setup to remove it from your reports.

Be Aware of Hidden Tracking Code on Your Site

These days it is rare that the only tracking technology you have on your site is Google Analytics. The plethora of useful third party “widgets” website embed in their site means that pretty much all websites have numerous widgets that provided tracking – either directly to the website owner, or back to the third-party widget owner. Often, organisations are unaware of widget tracking abilities.

If you have any of the following deployed on your site, you are collecting more than just green information and need to assess the privacy impact:

  • DoubleClick
  • Google Maps
  • AdSense
  • Disqus
  • YouTube
  • ShareThis
  • LivePerson Chat
  • Social plugin buttons (Tweet me, Follow me, Facebook Like, Google Plus, LinkedIn etc.)
  • Addthis
  • UserVoice

*ALL* of the above set 3rd-party cookies that track individuals (although anonymously).

Useful Tools

There are a number of tools that can help you understand what tracking technologies are deployed on your site. I regularly use the following two (also see my post on The Best Google Analytics Add-Ons):

The Real Privacy Debate – The Triangulation of Anonymous Information

Related: This recent article from the BBC: http://www.bbc.co.uk/news/technology-21499190

Because the widgets I list above deploy third-party cookies, they have the ability to track visitors around the web – not just on your website. That is, tracking the path of visitors to unrelated websites and what they do there. This is possible because of the ubiquitous nature of these plugins.

For example, from my search history Google can easily determine the small town where I live, what my interests are, what industry I work in, that I have written books, what make of car I drive, what language I speak, what music I like, what phone I use, whether my preference is PC or Mac, what university I went to, and a myriad of other “anonymous” data points.Google itself also uses third-party cookies in various products – though specifically not Google Analytics. The fear is that companies such as Google (also Apple, Microsoft, Yahoo, Firefox, Amazon etc) that have so much anonymous information about anonymous user’s that they can triangulate data points to identify an individual.

As you have probably concluded, it would not require a rocket scientist to be able pinpoint exactly who I am and identify me. This is why the EU law makers are trying to nail this down – and quite rightly. We need politicians and policy makers to protect user privacy in this way. The problem is that data triangulation often gets confused with any and all types of benign tracking that take place – such as that used by Google Analytics.