As more countries introduce data protection regulations and users become increasingly wary of how their data is collected online, organizations have to consider the impact of data privacy on their digital activities, including their analytics.
In October, we had the opportunity to discuss this topic with experienced analytics professional Dana DiTomaso, Founder and Lead Instructor at Kick Point Playbook, who joined our Vice President of Product, Jeff Wheeler, to take a closer look at what can seem like a conundrum at times.
Watch the replay of their conversation by clicking the image below, or keep reading for an in-depth study on the intersection of analytics and Privacy UX.
Data privacy and the digital landscape
In the last few years and ever since the introduction of the General Data Protection Regulation (GDPR) in Europe, we’ve observed an explosion of privacy regulations around the world, including Law 25 in Quebec or the Digital Personal Data Protection (DPDP) Bill in India.
For Jeff Wheeler, Vice President of Product at Didomi, this is only the beginning:
“It has been a pretty common fact that by the end of 2025, we expect 60%-80% of the world to be covered under some type of privacy regulation”
- Jeff Wheeler, Vice President of Product at Didomi
In the United States, several state consumer data privacy laws have been introduced, forming a patchwork that has been difficult for organizations and reflecting the country's political divide. Talks of a federal privacy law have long been lurking on the surface, with no clear path to legislation.
Yet, while regulators are hard at work with new laws coming up worldwide, Dana DiTomaso, Founder and Lead Instructor at Kick Point Playbook, highlights that organizations have not necessarily caught on to data privacy yet.
“Many people outside Europe are unaware of analytics and data privacy requirements. They do believe that if they are outside Europe, GDPR requirements, for example, do not affect them, and just adding a banner to their website would help take care of the cookies, whereas to seek consent from users, the products need to be designed in a certain way for day to day activity.”
- Dana DiTomaso, Founder & Lead Instructor at Kick Point Playbook
A major upcoming regulation that will force many to catch on to the data privacy wave is the Digital Markets Act (DMA), a European Union law aiming to make the digital ecosystem fairer and more contestable by identifying “gatekeepers,” large digital organizations providing so-called core platform services, such as online search engines, app stores, and messenger services.
These gatekeepers were announced in September and have been given six months to ensure full compliance with the DMA obligations for each of their designated core platform services.
Amid all these legal constraints, it’s important to remember that data privacy is more than a box-checking exercise and has real implications for your organization, including your analytics practices.
How does data privacy impact your analytics activities?
The rise of Big Data in the past decades is well-documented, as are its data privacy shortcomings, from Cambridge Analytica to the many data breaches of recent years. As data privacy regulations evolve and appear worldwide, organizations face the difficult task of balancing compliance with digital activities, including their analytics measurement.
While consent for data collection is where things start and is often pinpointed as the main culprit in discussions around analytics and privacy, it is only one of the components and, one could argue, the tip of the iceberg. Analytics activities impacted by data privacy include:
Data collection: Cookies and other tracking technologies are used to track website visitors, collect data about them and their behavior, and understand how they interact with particular products and services.
Data storage and management: How companies store and manage data after collection is critical. Have the purposes been properly laid out during collection? Which parties are the data shared with? Can they be trusted?
Data security and governance: Organizations must take proper steps to prevent data leaks and privacy breaches.
Data access: Under several regulations, consumers can request access, delete, or modify the data organizations hold about them. This can be handled with a DSAR solution.
For these reasons and more, your analytics team must establish a trade-off between data utility and protection level to determine how to leverage data while complying with regulations and respecting users' choices.
Thankfully, organizations can leverage several strategies to operate reliable analytics practices while following data minimization and other recommendations from regulators, prioritizing second-, first-, and zero-party data, or adopting other innovative technologies for analytics.
In a 2021 research paper published in the Journal of Business Research, scholars investigate the relationship between data analytics and data privacy, concluding that the two are not mutually exclusive and can greatly benefit from technological advances:
“The starting point for this research was the recognition of a conventional wisdom that assumes data analytics and privacy protection contradict each other. We hope to have shown that such a view is too narrow, because firms can implement a wide range of methods that satisfy different degrees of privacy, while still enabling them to address all data analytics responsibilities.”
- Data analytics in a privacy-concerned world, Journal of Business Research, Volume 122, January 2021 (source: ScienceDirect).
When it comes to consent-related data and the performance of your Consent Management Platform (CMP) implementation, more specifically, what analytics can you focus on to assess and measure your activities?
Consent and analytics
Analytics play a crucial role in understanding the impact of Consent Management Platforms (CMP) on digital activities. The impact of consent on your business comes in many ways, impacting various aspects of your organization:
Analytics and digital campaigns, when incomplete or missing data affect your performance measurement
User experience, since a high volume of opt-outs can jeopardize your ability to perform A/B testing and to improve your UX
Monetization and financial performance, because a high opt-out rate can limit the ability to run targeted ads and personalized content.
As illustrated before, not all analytics require consent, and innovative technologies are emerging to help organizations run analytics campaigns while respecting data privacy and creating personalized customer privacy journeys that respect choices and promote trust.
When consent is needed, however, Didomi provides privacy analytics, including traffic and banner data, that help you measure the impact of consent collection on the rest of the digital initiatives. Dive deeper into consent analytics in our dedicated post (with use cases):
Industry efforts to help navigate analytics and data privacy
The data privacy industry is advancing various initiatives to balance user privacy with data collection and analytics, including in the context of the looming deprecation of third-party cookies:
The Transparency and Consent Framework (TCF)
The Transparency and Consent Framework (TCF) is a voluntary accountability tool created by the IAB to help all digital advertising and publishing stakeholders adhere to GDPR requirements and standardize user data collection and management.
With the TCF, users can make informed consent choices based on transparent information about what data is being collected, for what purpose, by whom, and how it would be used.
Learn more about the TCF and its latest 2.2 iteration in our guide.
Google Privacy Sandbox
Google’s Privacy Sandbox is an initiative of tools and API technologies aiming to make current tracking mechanisms, such as cross-site tracking identifiers and browser fingerprinting (a hidden method to track and gather data about internet users) obsolete.
The Google Sandbox is in the deployment stage and is expected to be fully executed in 2024. Next year, this would help a series of proposals to satisfy cross-site use cases without third-party cookies or other tracking mechanisms.
World Wide Web Consortium W3C
Lastly, World Wide Web Consortium (W3C) standards serve as the toolkit for scalable web solutions and empower innovators to address challenging issues online, from accessibility to internationalization, privacy, and security requirements.
“I think what the W3C group is doing is actually important generally for the internet in terms of where the future is going to be. Because one of the things W3C is trying to come up with a set of rules for consent and how basically sites can get consent and how should this work on the internet”
- Dana DiTomaso, Founder & Lead Instructor at Kick Point Playbook
Other innovative solutions are emerging to address the deprecation of third-party cookies, consent fatigue, and the limitations of consent banners in general. But how viable and realistic are they?
In an opinion piece on the topic, our Chief Privacy Officer, Thomas Adhumeau, takes a closer look at the causes behind consent fatigue and these alternatives and maps out a possible future for the AdTech industry:
Checklist: How to balance data privacy and analytics?
To help alleviate the difficulty of balancing data privacy and analytics, we put together a checklist (download it as a PDF here) for you to go through when implementing best practices internally:
Privacy UX, Privacy Journeys, and how Didomi can help
While compliance with regulations is critical, new and innovative ways for organizations to lead the way are emerging, starting with Privacy User Experience, or Privacy UX, a concept of online experience delivery that puts privacy front and center for organizations and the people they engage with online.
Along with Privacy By Design, Privacy UX helps organizations turn today’s challenges into opportunities by making data privacy desirable, easy to understand, and appreciated by users. By putting privacy at the very core of the user experience, organizations can benefit in several ways:
Earning credibility and trust with their users
Being transparent about data collection practices
Providing a seamless experience that respects user choices throughout their interactions (marketing, advertising, purchase experience, CRM, etc.)
Building rich, higher-quality datasets that continuously improve the user experience and generate repeat business and loyalty
To promote Privacy UX and excellent data collection and analytics practices, Didomi allows organizations to create personalized customer preference journeys, where users can provide granular choices and preferences about the type of experiences they expect from brands.
This is something that consumers have expressed time and time again in recent times in studies and research:
71% of consumers feel frustrated when a shopping experience is impersonal (source: Segment)
54% of consumers say that marketing messages aren't as relevant as they'd like (source: Salesforce)
65% of customers expect companies to adapt to their changing needs/preferences (source: Salesforce)
84% of consumers say they want more control over how their data is being used (source: Privacy made positive)
Personalized Customer Preference Journeys and Privacy Requests help brands address these needs by giving them the tools to reach out directly to users throughout their journey and giving them the power to manage their choices and requests directly.
To learn more about Didomi Global Privacy UX Solutions and how Didomi can help with your data privacy and analytics practices, book a call with one of our experts: