How to Fix Your Blind Spot in Analytics (Based on Privacy Regulation Updates in 2020)
September 4, 2020 –
Privacy laws are limiting the collection of data
When running a business, you need certain data points to steer the ship in the right direction. Collecting these data points used to be a matter of just grabbing all of it and later figuring out what you actually need. Today this is quite different due to privacy regulations, which you have undoubtedly heard of.
I am Adriaan van Rossum and I run a privacy friendly analytics business called Simple Analytics. We care about privacy a lot, and at the same time understand the need for analytics for businesses. Let’s start by briefly going over the current privacy regulations that affect collecting website data.
Privacy laws and recent updates
When you have European visitors, you must obey the rules of the GDPR. But it’s not always clear what you can and can’t do. Because the GDPR is technology-neutral, it’s not always clear on how to interpret the legislation. For example, the word cookies is only used once.
European countries can have their own legislations on top of the GDPR. In the UK, for example, PECR (UK’s Privacy and Electronic Communications Regulations) is more clear on the specific technologies being used. It forbids the use of non-functional cookies without consent. It’s also more clear on how the consent is retrieved. A visitor needs to actively consent, meaning there has to be a clear action of opting in (no pre-checked boxes).
In a recent status report, “Two years of the GDPR”, one of the improvements that can be made is making the national legislations fully in line with the GDPR.
In the previously mentioned EU status report, a lack of enforcement is made clear. While the GDPR is effective in many ways, the enforcement is lacking. More time and money will likely be allocated for the enforcement of the legislation by the EU and its member states.
In a paper Studying GDPR Consent Notices in the Field (pdf) from the Ruhr-Universität Bochum, Germany, the researchers write:
Our results further indicate that the GDPR’s principles of data protection by default and purposed-based consent would require websites to use consent notices that would actually lead to less than 0.1% of users actively consenting to the use of third-party cookies.
How to implement a legally valid cookie banner
There are many guides on how to implement a cookie banner. Many of those are incorrect or incomplete. A good one I found was the guide written by data protection lawyer Mario Steinberg. In Cookie Banner – Done Properly! 7 Things You Should Pay Attention to, he lays out the most important legal aspects of implementing a cookie banner.
Most cookie banners are very badly implemented. Based upon a study, 56.6% of companies that used a cookie banner that purported to seek opt-in consent did not, in fact, alter the quantity of cookies deployed based upon whether a visitor agreed to the banner.
Website owners are missing out on important data
These legislations make your analytics less accurate and there is a certain blind spot in which you don’t collect any data about your visitors.
How big this blind spot is depends on a few factors:
- Third, if your audience is using privacy-friendly tools like ad-blockers, privacy settings in their browsers, or blocking browser extensions. Because of these services, popular privacy-invasive services will likely be blocked. This will increase your blind spot within your analytics.
Measure your blind spot
Now you know you miss a certain percentage of your analytical data. But how big is this percentage? You can measure your blind spot in a few ways:
- First, by using a service that doesn’t require a cookie banner and can bypass ad-blockers. The big advantage of this way is the implementation time. It’s usually just embedding a simple script. The service does the rest.
- Third, by measuring the logs of your server. This comes with a big disadvantage, which is the lack of robot detection. Also, when resources are cached, it might not show up in the logs. Therefore, this option should be your last resort. This technique is especially good when you don’t want to embed any scripts.
How to get the full picture
As the founder of Simple Analytics, I see a lot of customers using our tool as an addition to their other analytics tools. They measure their blind spot all the time and compare this data with their other analytics tools.
If your cookie banner blocks 20% of your analytics data and there is another 5% being blocked by ad-blockers, you miss out on 25% of your traffic in your cookie tools.
You can get these numbers when you use one of the ways described above to measure your blind spot. You can multiply your other analytical data by this number. The best data point to base your comparison on are page views. Page views can be measured accurately, with and without cookies. Other data points like sessions can’t be measured without cookies, so it does not make sense to compare those.
Let’s start with an example of how to compare the numbers. You know you have 1000 page views collected with Simple Analytics. Your Google Analytics dashboard for that same period gives you 800 page views. You have a blind spot of 200 page views which is 20% of your total. If you have 500 unique visitors within Google Analytics, you can calculate the unique visitors you missed. Your more accurate amount of unique visitors is 1000 ÷ 800 x 500 = 625 unique visitors.
| Page views|
(1,000 ÷ 8000 X 500)
(22,000 ÷ 16000 X 10000)
You can do the same calculations for your other metrics. It’s not perfect, because the data in the blind spot can be different. But it’s one way to get to more accurate statistics while still caring about the privacy choices of your visitors.
Over to you… how do you use analytics in your business? Let me know on Twitter.