Privacy is a topic unlikely to pass for digital marketeers. In my current role, I deal with a number of clients that are highly aware of the risks involved with a brush with the ICO over a GDPR or ePrivacy issue. This has set me more challenges around tracking and analytics than previous roles.
Cookie acceptance banners are here to stay, but given the strictest interpretation of the rules that can decimate a web analytics profile. I have had clients appear to drop over 80% of traffic when cookies are only set after acceptance. So what are the options?
Tracking without cookies
Disclaimer – I’m not giving legal advice etc. etc…
Even without out cookies, you are still going to be tracking users and I believe that still needs to be referenced in your privacy policy. There are still considerations around setting up your Google Analytics account to be secure and privacy focuses. I’m just focusing on being cookieless for this post.
My start point was this post on infotrust. They cover some of the background reading there, but there are some important definitions to help understand the data.
A cookie is fundamental to linking interactions. Without a cookie GA will not know if a pageview is a users first or 7th. This also applied to returning visits, referring sources (after first interaction), bounce rate (Bounce rate is useless anyway!) or even converting sources.
Cookies are the glue that stick all those together
What you will get is a more disparate set of data, but unencumbered by cookie blockers or unaccepted popups. This will be total numbers of pageviews and pageviews by source (not sessions or users).
Therefore, I strongly recommend you set up a second property to track all this and then use a data visualisation tool to place side by side comparisons. This has the potential to sully a data set beyond repair.
Stopping GA Cookies
Google Analytics provide fairly clear guidelines on using their consent methodology to only set cookies once a user has accepted or click the cookie banner or tool. The issue I have with this is, the data is potentially fouled as you will have both cookied and cookieless users tracked on the same profile.
The crux is to deny the gtag access to storage for those cookie. I have chopped away are the recommended code to get to the below example:-
<script>
// Define the gtag() API
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments)};
// Consent commands must appear before gtag.js or Google Tag Manager is loaded
gtag(‘consent’, ‘default’, {
‘ad_storage’: ‘denied’,
‘analytics_storage’: ‘denied’,
});
</script>
<!– Load gtag.js as normal –>
<script async src=”https://www.googletagmanager.com/gtag/js?id=GA_MEASUREMENT_ID”>
</script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag(‘js’, new Date());
gtag(‘config’, ‘Your-GA_ID’);
</script>
Points to note, the consent tag needs to go in before the gtag or a cookie will be set.
In the example on google dev guide, you can delay this and then update based on the outputs of your cookie tool. I’ve added this to the site with GTM and can achieve tracking completely cookieless.
I do have a legacy profile that is a more standard implementation for comparison. I’ll update with some data examples shortly, however I don’t expect there to be mush difference in my two profiles because
- I don’t have a cookie acceptance banner
- I don’t get any traffic 🙁