GDPR | Web Analytics

Data protection points to check before choosing a web analytics tool

Data protection is increasingly becoming a larger topic year by year. With the General Data Protection Regulation (GDPR) the shift started in the European Union (EU) but it influences businesses all over the world now. Hence, it is important to stay up to date on the constantly changing regulations. GDPR is a regulatory framework that determines how personal information collected from individuals in the EU may be collected and processed. The Regulation applies to all sites, regardless of where they are located, therefore all sites attracting European visitors must comply with it, even if they aren’t specifically marketing products or services to residents of the EU. Following the implementation of GDPR and the ePrivacy Regulation, the Swiss Federal Council has proposed a total revision of the Federal Act on Data Protection (FADP), which will come into force in 2022. Therefore it is important to take data protection into account when choosing a web analytics tool.

1. What is your need?

The question that is most important to consider here is how private does your data have to be? It depends on numerous points: the type of data you want to collect, where you want to store the data, which company you’re working in, which country your company is in, and which customers are you attracting to your site. For example, if you are working at an insurance company in the United States of America, you will have different needs than a retail company in the EU. It also depends on if your company is private or public. Going through this list of points helps you to find out how secure the web analytics tool has to be for you.

2. What is the law in your country on data protection and data privacy and where do your customers come from?

Depending on where your company is situated and who your customers are you must adhere to different data protection laws. As mentioned above there is the GDPR in the EU and the FADP in Switzerland. In the USA, there is no single principal data protection law. On a federal level there is the Federal Trade Commission Act, but there are many different regulations depending on the state you live in, such as the California Privacy Protection Agency (CPPA). As an example, even if your company is based in the USA and has nothing to do with the EU or its citizens, you might still have to take laws in Europe into account. This can influence the way you need to handle your data and which web analytic tools you can use.

3. Points to think about when it comes to the security of the web analytics tools

In terms of the data security when choosing a web analytics tool, you should think about the following questions:

  • What is the tool’s stance on data privacy and liability in general?
  • Can you change and adjust the privacy settings in the tool you’re using?
  • Is it possible to delete data easily?
  • What are the data retention possibilities in the tool?

Once you know the answer to these questions, you will have a better understanding of which tool is right for you.

The widest known example of how not to do it is the case of the political data analytics firm called Cambridge Analytica, where they scraped data from Facebook users through a personality quiz in an external app in 2015. 270 thousand people took part in the quiz, through which data of 87 million Facebook users was obtained. The Federal Trade Commission, as mentioned above, punished Facebook with a fine of 5 billion dollars. This shows how careful you must be as a user with your own data but also as a company analysing data and where and how it is stored.

4. What secure tools can you use?

Different analytics tools offer different levels of security for your data. Here we will list a few web analytics tools, which are very concerned about data protection.

  • Matomo’s most compelling benefit is its ability to comply with even the strictest privacy laws. It is also open-source and allows an easy integration. It allows you to self-host the tool and its database meaning no one but you has access to the data.
  • AT Internet’s Analytics Suite is fully compliant with GDPR and follows the strictest privacy criteria. It offers full transparency, data ownership and privacy experts. Additonally, analytics data stays in the EU.
  • Plausible is a simple and lightweight open source and privacy-friendly analytics tool, which has been made and is hosted in the EU. As an additional benefit, Plausible does not set cookies and does not store any personal data. It is also GDPR, CCPA, and PECR compliant.
  • Google Analytics is one of the most popular and largest tools for data analysis. It provides all the basic reports to evaluate the traffic on the website. And because most marketers are familiar with it, it is relatively easy to use. One drawback is that Google makes a lot of money from advertising. For this, the company needs data that website visitors provide involuntarily. Moreover, as an American company, Google stores data in the USA and has to cooperate with the NSA intelligence agency.

There are of course many more tools to choose from. In order to choose the right one, you must consider factors such as the size of your business, your industry, your needs, and a variety of other factors. One fundamental factor you should consider, however, is the security of the data you collect. Basically, you should look for providers who are ethical, transparent, and willing to store your data where it is properly protected if you want to comply with EU and Swiss data privacy laws. With our many years of experience, we repeatedly advise companies on the choice of the appropriate analytics tool according to the respective circumstances. Contact us now.

Don't miss our Web Analytics Articles

Check out our Web Analytics Services