Skip to main content

GDPR compliance has been a hot-button issue in the EU for quite some time. With the advent of these broad-reaching laws, many standard marketing practices have been subject to change. The need for GDPR compliance has done away with InMail and cookies as universal tools. It seems, however, that the same may be on the horizon for Google Analytics in some form.

Digital marketing and internet content regulations like the GDPR have also had effects on the structure of marketing departments. Companies have been implementing new policies and personnel to combat the wider effects of the regulations.

This article will discuss the effect this set of legal challenges has had on Google Analytics, marketing strategy, and departmental structures. First, however, we need to cover some recent developments pertaining to GDPR:

NOYB Cookie Complaints Making Waves

Data privacy watchdog NOYB (None of Your Business) has filed complaints against one of the biggest data harvesting programs on the web: Google Analytics. In the wake of this legal development, the Austrian DPA has made a landmark decision. The data protection authorities have sided with NOYB against Google’s data harvesting activities.

Quoting NOYB’s Website: “So-called standard contractual clause should suffice for “low-risk cases”, e.g. when “only” data such as online-identifiers or IP-addresses are transferred. The DSB now found this view to be wrong: the GDPR doesn’t know a risk-based approach for data transfers to insecure third countries, such as the U.S.

A ruling called “Schrems II” invalidates GA’s claim to the “Privacy Shield” framework. This once allowed US commercial companies to transfer and store EU personal data in the US. The decision to rule the Privacy Shield invalid has labeled the US a non-adequate country, denying them special access to Europe’s personal data streams. 

With the gathering of first-party cookies, Google Analytics would have been in the clear. GA has even made a ton of changes, up to GA4, that help it comply with GDPR. However, the core issue is with its use of US-based servers. This transfer to a disallowed third-party makes it run up against the GDPR.

The Future of Data Tracking on Google Analytics

GDPR Compliance Tracking

Google Analytics is a major tool for Marketers and its absence can be a blow to many. However, this does not mean that all is lost. As with all internet and telecommunication regulations, there are some hurdles to overcome. There is no real alternative to Google Analytics but there are workarounds.

Here’s a breakdown of what you need to do if you want GA to run with full GDPR-Compliance: 

  1. Ask for and obtain end-user consent for all Google Analytics cookies on your website prior to their activation and operation.
  2. Control each Google Analytics cookie in order to only activate them after your users have given their explicit consent to them.
  3. Provide transparent information in your website’s cookie policy about the details of all Google Analytics cookies in operation – including their provider, technical details, duration and purpose. This is important as consent is only valid under the GDPR if it constitutes an informed choice on behalf of the users.
  4. Compile detailed information in your website’s privacy policy about all Google Analytics cookies on your domain, and what personal data your website processes in general.
  5. Turn on IP anonymization in your Google Analytics account and make sure that it uses pseudonymous identifiers.

GDPR Compliance & Marketing

GDPR’s impact on marketing can be seen in sever areas. One of the issues that pop up most frequently is unstructured data regulations. Roughly 80% of the data companies gather falls into this category if they don’t have the tools to structure it. These tools can be expensive but adjusting processes may be necessary to organize unstructured data for GDPR compliance. This raises the specter of increasing costs.

Website redesigns are another area. To comply with standards, disclaimers and cookie preference options need to be incorporated into the website to ensure that personal data is gathered with consent. Online privacy awareness has also been a major factor, where websites let you know which precise data points they are gathering through a data collection form compliant with GDPR article 5.

Websites also need to comply with article 30 of GDPR regulations, allowing users to view in-depth records of the usage of their data, data processing, and history.

GDPR & Cookie Regulations

GDPR Compliance Cookies

Data is crucial for most modern marketing activities, especially the unstructured data from cookies. Experts have been proposing workarounds like manual data collection and Business Intelligence gathering.

Due to the GDPR, old-school direct marketing methods may become more viable as a method. With GDPR, direct marketing would be more akin to client outreach, email marketing using authenticated lists, social media targeting, and other such measures that work within regulatory boundaries.

Similarly, cookieless tracking and cookieless targeting have been on the rise. This involves explicit consent from the user or the anonymous targeting. Both Apple and Google are setting up systems to facilitate cookieless functionalities.

GDPR Compliance Training For Employees

Another area where the costs of GDPR compliance increase is in hiring and staffing. Training new staff and departments for GDPR-compliant messaging and processes can be costly. Companies have since created new positions (like compliance officers) to oversee these tasks.

A question many businesses have in mind: How does GDPR affect b2b sales now that tools such as InMail are inaccessible? Companies have either stopped using them within the region, opting for different forms of direct outreach. Alternatively, companies are circumventing GDRP by contracting employees or client organizations outside the EU to send InMails (an act that is harder to track and can potentially be illegal).

Under GDPR, B2B marketing has become much more direct, especially with LinkedIn becoming less prominent. Services like Sortlist might become more popular in this situation with the void left by GA and InMail’s exclusion.

Hopefully, this article has illustrated that the possible end of GA is not the end of Digital Marketing. There are workarounds one can employ to use it or alternative modes of analysis one can explore.