Web analytics and data privacy

During an interview with John Marshall, CEO of ClickTracks for our blog recently, the thorny issue of web analytics and data privacy came up. It’s something that I have touched on before and it’s always a sensitive subject. But first of all, a disclosure. I’m not a lawyer, I never wanted to be a lawyer and I don’t even know that many lawyers. So, I’m probably treading on very thin ice when it comes to legal matters. However, in our quest to understand and influence consumer behaviour (which is what we are all trying to do, right?), there are inevitably issues and concerns about how much we can use what we know about someone in our attempts to have an effect on their behaviour.

Some of the reaction to the interview with John Marshall on the Web Analytics forum and on the blog itself revolved around data privacy issues of organisations using Google Analytics. Google Analytics is in a somewhat unique position relative to other providers of hosted web analytics services in that as part of the deal for getting the service for free, Google has rights to use the information it collects from the site. As a rule, hosted web analytics providers do not assert any rights over the data they collect from organisations using their service. The rights to that information belong to the buyer of the service. Obviously if you collect, store and process the data on your own servers, then there are not any issues about information rights.

Each country or region of the world tends to have a different legal view about online data privacy and what is and what is not acceptable. Here in the European Union there is a directive that states if you use cookies, for example, you have to tell people that you use cookies in “clear and precise information” and that you also provide information on how the user can reject the cookie.

There is a difference though between minimum legal requirements and what might be considered to be best practices. The phenomenal adoption of Google Analytics around the world probably means that we need to review what is best practice when it comes to data protection and the communication of that protection to consumers. This is not because Google’s approach to privacy issues is lax. On the contrary, they are very explicit in their privacy policy about how they will and won’t use personal data. Also, if you look at the privacy section in Google Analytics’ terms of service it places strict conditions on what a website owner can do with the data they collect on their users using the Google Analytics service. It also states that people using the service must post a privacy policy and explain that a cookie is used to collect data.

So, the issue seems to me that it is not so much an issue of privacy but a matter of transparency. There has always been a tacit contract between consumers and providers of good and services that understanding how people use things ultimately leads to the improvement of those goods and services. For example, that is the basis upon which the whole market research industry works. However we increasingly need to be seen that we are not abusing that trust and it’s not so much about realities here but about perceptions.

Organisations are generally highly sensitive to data protection issues, they know it makes sense. With the advent of a widely deployed web analytics system like Google Analytics where the website owner has granted rights to user behaviour data to the service provider, it also makes sense to tell people that’s what you’re doing and the implications of that in a “clear and precise” way.

In doing some research for this article I looked at what people were putting in their privacy policies about their use of Google Analytics. From what I can tell there are a number of websites who are explicitly referring to their use of Google Analytics in their privacy policies and what their use of Google Analytics meant. An example of what I thought seemed to be a very transparent statement can be found at the website of the Forestry Commission here in the UK. I found the same wording a number of different websites, so maybe it’s becoming a de-facto standard, at least over here. But it seems to me that it would be useful in this instance if Google (and other service providers where information rights are shared) were to provide users of their service with a template that people could use in their privacy policies. I’m sure that will help raise the level of transparency and assist in the maintenance of the contract of trust with consumers.

More from Applied Insights

See more: Articles
See more: Web analytics

Learn about our web analytics consulting Discover our innovative marketing applications Get to know Applied Insights