Digital Compliance | GDPR | Web Analytics

Web Data & Data Protection

Companies are increasingly seeking better insights by using web data sources that offer lots of opportunities. Web data can be used to gain new insights that can help increase efficiency and revenue. Internally generated information can have gaps, and companies are increasingly moving to incorporate new, non-traditional sources of data into their analyses. This can help companies see risks and opportunities that they would miss with inputs limited to their own internal data.

Linking web data and offline data provides more value and insight across a company’s data, by combining both data sources a company can get a better overview of what happens in their digital campaigns and offline transactions. For example, by onboarding first-party data, it is possible to match offline data to what was previously anonymous online behaviour. This presents a significant advantage for attribution, as it will allow to visualise if a given campaign led to actual sales, even if the sales occurred offline. However, using this data effectively can be challenging.

1. What are the challenges of collecting web data?

For many companies, the implementation of new technology has outpaced the logistics of tracking and managing data that they had already in place. The fast-changing digital marketing industry introduces daily questions: How should we support a multitude of online platforms? How should we address big data? How can we ensure data compliance?

Some of the common challenges businesses face when collecting web data are:

  • Technical challenges: Site performance data is not always accurate, there can be issues like missing tracking code on web pages, data sampling with skewed results, ad block services that remove valuable web data, etc. this poses a challenge when collecting and analysing web data.
  • Remaining data compliant: Growing regulatory requirements make all aspects of handling data more complex. As businesses continue to increase the amounts of critical and sensitive data they store, regulatory pressure to ensure the protection of sensitive data increases accordingly.

2. How do data protection laws work?

Data protection laws controls how someone’s personal information is used by organisations, businesses, or the government. It ensures everyone responsible for using personal data follows ‘data protection principles’.

GDPR is to date the world’s strongest set of data protection rules, it requires businesses to protect people’s personal data and limits what organisations can do with personal data. In Switzerland the FADP allows a general permission for processing personal data unless “no unlawful violation of the person” arises.

Both data protection laws are based on different concepts, the Swiss FADP is built on a principle of permission, while EU GDPR is founded on a principle of prohibition. FADP understands a fine as a sanction for criminal behaviour, while GDPR use of fines aims at strengthening the motivation for regulatory compliance.

If your company is based outside of the EU, the EU data protection regulation is directly relevant to you if you conduct business activities within the EU area and have access to personal data from your EU customers, suppliers and EU employed staff.

3. How does it affect the use of web data?

How is personal data defined?

Personal data is defined as any personally identifiable information that could be used to, directly or indirectly, identify a specific individual. For example, online identifiers and location data are considered personal data, and therefore they must be protected in the same way as other identifiers, like the health information of a data subject.

Do you have a lawful reason to use the data?

Under data protection laws, in order to use or hold the personal data of any EU citizen, companies must comply with one or more of the legal reasons for storing or using personal data: Consent, Contract, Compliance, Public Interest and Legitimate Interest. For the purpose of this article, we focus on Consent and Legitimate Interest.

  • Consent: refers to when the data subject explicitly consented to having their data used by a company. For example, a company that offers a video service and ask for users’ consent to process their preferences to suggest tailored movies to them.
  • Legitimate Interest: allows data processing to be undertaken if it is necessary for specific business interests. For example, a company ensures its network security by monitoring the use of its employees’ IT devices. Using the least intrusive method as regards to privacy and data protection rights of their employees, by, for example, limiting the accessibility of certain websites.

Do you have data retention and access policies in place?

Company’s retention policy should consider the data types it stores and assign appropriate lifecycles accordingly.

Are your IPs GDPR compliant?

GDPR regulation defines IP addresses as personally identifiable information you need to ensure that any EU residential IPs you use as proxies are GDPR compliant. This means that you need to ensure that the owner of that residential IP has given their explicit consent for their home or mobile IP to be used as a proxy.

4. What web analytics tools can be used?

There are different tools that work differently and depending on if you need to be GDPR compliant or FADP compliant, different measures would need to be taken within a tool or even a different tool could be the right one to make sure to get as much data as possible while staying compliant.

  • Google Analytics: is designed to analyse the traffic of a website or a blog and to study user behaviour. Sources of web traffic, conversion rate, number of visits, etc. are the indicators provided. In addition, it can be viewed in data studio, a 100% customizable dashboard.
  • Matomo: collects information in a more ethical way than the leader of search engines, and it is also a free software for measuring web statistics. Unlike google analytics, Matomo does not offer data sampling. With this tool, it is possible to collect as much information as necessary, in addition, the database can be modified or even deleted, which is not the case with Google Analytics.
  • ATinternet: is used in various fields including e-commerce, finance, media and institutional sites. Like Matomo, AT Internet is exempt from collecting consent cookies. It is therefore less constraining for data collection. Moreover, it does not offer sampling and allows different analyses to be carried out.

5. Conclusion

In our data-driven world is clear that data is power. Data protection laws help protect peoples’ personal data. GDPR, FADP and other data regulation laws requires companies to develop a new sensitivity towards the handling and protection of personal data. It promotes greater transparency with users about how their data is being used and how they are being tracked on a website.

It is important for companies to evaluate the right web analytics tool and do an optimal setup of the tool according to their situation and applicable law. Only then they can gain the insights they want while being data compliant.

Don't miss our Web Analytics Articles

Check out our Web Analytics Services