Beware: Cookieless Tracking in Europe is not always consent-free.

Kilian Hughes
Bootcamp
Published in
2 min readAug 6, 2023

Cookieless Tracking in Europe isn’t automatically consent-Free, especially in EU

Cookieless tracking in a fully data compliant way without the use of visitor’s consent.
Dashboard from web analytics tool scoby.io

We working in marketing or product are confronted with it on a daily basis: The complexity of privacy has significantly increased. This makes running website analytics more complex and affects taking decisions based on data. I recently heard the term cookieless tracking a lot, especially when it comes to finding alternatives to Google Analytics. Cookieless tracking might seem like a simple solution to bypass stringent privacy regulations, especially in countries with strict laws within the European Union. But the truth is more complicated.

IP Address: Personal Information

A user’s IP address is considered a personal information. In the EU, the user must be asked for consent if this is to be transferred to a third party. It is not enough to merely avoid cookies; the handling of IP addresses must be carefully considered aswell.

Issues with Schrems II

Transferring IP addresses to US-based hosting providers like Google, Amazon, or Microsoft can create problems related to the Schrems II ruling. Data transfers outside the EU require special consideration, and the agreements previously used to legitimize such transfers have been scrutinized and found inadequate in many cases.

Violation of Device Integrity

Loading and executing third-party JavaScript in a visitor’s browser without their consent can be seen as a violation of device integrity. Laws such as the Telecommunications and Telemedia Data Protection Act (TTDSG) in Germany or similar regulations within the EU might view such actions as an infringement.

De-anonymization and Identification

Raw data exports enabling the de-anonymization of users, and the passing of Click IDs for identification to third parties, are also problematic from a privacy standpoint.

I scanned the market and found a solution

Scoby Analytics has solved all these problems. It offers consent-free and complete measurement, providing the best data foundation for all necessary analyses for successful website operation. Completely without consent-requiring technologies and in full compliance with all relevant privacy regulations, including GDPR, TTDSG, and Schrems II.

Cookieless tracking is not automatically the consent-free solution it might seem at first glance. Particularly in the European Union, many aspects must be considered to comply with privacy regulations. Using a tool like Scoby Analytics that carefully takes these aspects into account can pave the way for consent-free yet fully compliant website analytics. Users’ privacy is maintained, while website operators are provided with the necessary insights. This, I belive, is the future of web analytics in the post-cookie era.

I would be thrilled to hear from you if you have found other tools that are also fully data privacy compliant in the EU. Just leave a comment.

Kilian Hughes is a manager and leadership coach in the field of UX, building up and leading teams since 2016.

--

--

Bootcamp
Bootcamp

Published in Bootcamp

From idea to product, one lesson at a time. Bootcamp is a collection of resources and opinion pieces about UX, UI, and Product. To submit your story: https://tinyurl.com/bootspub1

Kilian Hughes
Kilian Hughes

Written by Kilian Hughes

UX research & strategy leadership | Coach | Speaker | 17 years UXR experience | 6 years leadership | Psychologist | https://www.linkedin.com/in/kilian-hughes/

No responses yet