7 Steps To Control Tags and Privacy on University Websites
How to Maintain Tag Control and Privacy
Our previous post examined the negative impact tags, trackers and beacons have on website performance unless appropriately managed. We used Ghostery’s Trackermaps to visualise the many server requests tags make as a page loads and we showed examples of the growth in page load times as the number of trackers on a site increases.
The current post extends our analysis in three ways:
- It examines which tags are found on university and college website tags, prompting the question of what are they doing there;
- It highlights some marked differences between higher education website ‘tagging’ in the UK, US and Canada; and,
- It points to potential privacy issues that may arise when tags are not carefully managed.
A Brief History of Tags
To provide some context we start with a history lesson.
Tag management benefits website performance, but it can be a constraint on the data collection needs of advertisers and other parties. Advertisers working in networks to maximise the reach of their ads, use tags to pass data to other network members. To facilitate data sharing tags can be chained or piggybacked so that a tag originally installed on a site can cause other tags to fire without a site manager being aware that this is taking place. As a result, visitor data may be passed to third parties without site visitors or site managers having control of or the ability to follow where this data is going: raising potential privacy issues.
What Are Tags Doing on University and College Websites?
- They allow third-party content to be integrated into a website. We can categorise third-party content many ways, but one approach is the one we used in our last post, as employed by Ghostery:
- Adult Advertising (we see no examples of this on higher education websites)
- Advertising (the dominant higher education website tag)
- Audio/Video Player (for example, SoundCloud or Kaltura)
- Comments (for example, Disqus)
- Customer Functionality (for example, Pure Chat)
- Essential (for example, Google Tag Manager, Tealium, Adobe Typekit)
- Site Analytics (for example, Google Analytics, HotJar, Clicktale)
- Social Media (for example Twitter, Facebook)
- They set various first- and third-party cookies;
- They tell web browsers to collect user-related and other data; and,
- They allow data from one website to be shared with other websites to perform user tracking.
We used a dataset of UK universities to show the performance issues discussed in the previous post. For the current discussion we’ve included 180 Canadian universities and colleges and 135 US universities and colleges to cover a total of 480 websites. For the combined dataset, we see that the following categories of tags are present on higher education website home pages.
Tags related to advertising (per Ghostery’s categorisation) form the largest single group (41% of all tags present on the websites in the group) and for the 480 websites we examined, 32 distinct advertising tags were installed across the sites. The next largest group (36% of all tags present on the websites in the group) was tags related to site analytics, representing 27 different analytics tags. We found six different variants of Google Analytics, from the original Urchin implementation to the current Universal Analytics on sites and we have reported these as different tags in the pie chart.
Almost 80% of higher education website tags support advertising or site activity tracking. The specific tags we found in these two categories across the 480 sites were:
Site Analytics Tags:
In carrying out our research, we noticed a marked difference in the number of tags firing on the home pages of university and college websites in the three different countries.
The chart should be read as follows. The top red bar represents the proportion of Canadian university and college websites with only one tag installed (typically Google Analytics): just under 40%. About 25% of US higher education institutions have only one tag installed, while only 10% of UK university websites have a single tag installed.
For US and Canadian university and college websites a relatively small proportion of sites have more than one tag installed, so that only 15% of these sites have more than four tags installed. On the other hand, UK websites have a more uniform tag distribution and over half the sites have more than six tags installed and about 10% have 10 or more tags installed.
It is hard to know if the greater ‘tag intensity’ in the UK is by design, around online advertising campaigns, or signs of the need for tag audits? There is some evidence that UK sites are better managed as the proportion of sites use Google Tag Manager across the three countries indicates:
- United Kingdom: 65.4% have Google Tag Manager installed
- United States: 39.6% have Google Tag Manager installed
- Canada: 30.6% have Google Tag Manager installed
Potential Tag Privacy Issues
If we look at two aspects of the above data, the advertising focus of tags installed on website home pages and the relative intensity of tags installed on a page, we can see the potential for data privacy issues. To illustrate we’ll use one of the sites shown in the Trackermaps in the previous post. Here’s the TrackerMap:
There are three different mechanisms at work, as follows.
One set of tags fires directly, as the page loads. Without access to Ghostery’s Trackermaps, you can confirm the requests being made on loading the page, either by using WebPageTest or installing the Chrome browser extension called WASP from Cardinal Path. The specific tags firing directly on this page are:
- Crazy Egg
- Google Dynamic Remarketing
- Lead Forensics
- Visual Website Optimizer
- WisePops Tag
A second set of tags is controlled by Google Tag Manager as follows:
Finally, a third set of tags ‘piggybacks’ on tags that have been explicitly installed on the page, as follows:
- Facebook Connect (via AddThis)
- Facebook Custom Audiences (via AddThis)
- Google+ Platform (via AddThis)
- Pinterest (via AddThis)
- Twitter Syndication (via Twitter Button)
We note that AddThis provides social sharing and share count functionality on websites, but also operates as an ‘audience intelligence’ platform.
We are not passing judgment on using AddThis or similar tools such as ShareThis. We are simply pointing out that the behaviour of these tags is not necessarily understood by website managers and without examining what happens when pages load the implications of using any third-party tools cannot be clear. And, it is clarity that prompts our recommendations.
- Establish the active tags on the entire site. Use tools such as Tag Inspector, or WASP Crawler to check an entire site and use Ghostery, or the developer tools in your preferred browser to examine individual pages, in more detail.
- Produce a tag schedule: Identifying each tag’s ‘owner’, the individual who can explain why a tag has been placed on the site. In some cases, the owner will be an outside party such as an advertising agency. Establish what outcome the tag is intended to meet and if it is still meeting the stated objective.
- Determine and record on the schedule how the tags are loading: directly, via a tag management tool or piggybacking on other tags.
- Identify the ‘legacy’ or ‘unauthorised’ tags: tags that have no owner or the owner no longer needs the tag.
- In consultation with the ‘webops’ team establish which tags can be safely moved under the control of a tag management system and which need to operate directly.
- Again, in conjunction with the webops team plan the elimination of redundant tags and the migration of tags to a tag management tool.
- Upon completion of the migration exercise, rerun the audit to ensure that all the loose ends have been tidied up.
This post was originally published on our blog: Show Me The Data — A Blog About University and College Websites. We strongly encourage you to subscribe and receive updates by email.