Beware: Cookieless Tracking in Europe is not always consent-free.
Cookieless Tracking in Europe isn’t automatically consent-Free, especially in EU
We working in marketing or product are confronted with it on a daily basis: The complexity of privacy has significantly increased. This makes running website analytics more complex and affects taking decisions based on data. I recently heard the term cookieless tracking a lot, especially when it comes to finding alternatives to Google Analytics. Cookieless tracking might seem like a simple solution to bypass stringent privacy regulations, especially in countries with strict laws within the European Union. But the truth is more complicated.
IP Address: Personal Information
A user’s IP address is considered a personal information. In the EU, the user must be asked for consent if this is to be transferred to a third party. It is not enough to merely avoid cookies; the handling of IP addresses must be carefully considered aswell.
Issues with Schrems II
Transferring IP addresses to US-based hosting providers like Google, Amazon, or Microsoft can create problems related to the Schrems II ruling. Data transfers outside the EU require special consideration, and the agreements previously used to legitimize such transfers have been scrutinized and found inadequate in many cases.
Violation of Device Integrity
Loading and executing third-party JavaScript in a visitor’s browser without their consent can be seen as a violation of device integrity. Laws such as the Telecommunications and Telemedia Data Protection Act (TTDSG) in Germany or similar regulations within the EU might view such actions as an infringement.
De-anonymization and Identification
Raw data exports enabling the de-anonymization of users, and the passing of Click IDs for identification to third parties, are also problematic from a privacy standpoint.
I scanned the market and found a solution
Scoby Analytics has solved all these problems. It offers consent-free and complete measurement, providing the best data foundation for all necessary analyses for successful website operation. Completely without consent-requiring technologies and in full compliance with all relevant privacy regulations, including GDPR, TTDSG, and Schrems II.
Cookieless tracking is not automatically the consent-free solution it might seem at first glance. Particularly in the European Union, many aspects must be considered to comply with privacy regulations. Using a tool like Scoby Analytics that carefully takes these aspects into account can pave the way for consent-free yet fully compliant website analytics. Users’ privacy is maintained, while website operators are provided with the necessary insights. This, I belive, is the future of web analytics in the post-cookie era.
I would be thrilled to hear from you if you have found other tools that are also fully data privacy compliant in the EU. Just leave a comment.
Kilian Hughes is a manager and leadership coach in the field of UX, building up and leading teams since 2016.