Maru asks, “I recently learned that Google Analytics poses certain privacy concerns and that other analytics tools like Piwick are more secure. Any comments on other analytics tools other that Google?”
Can’t see anything? Watch it on YouTube here.
Listen to the audio here:
- Got a question for You Ask, I'll Answer? Submit it here!
- Subscribe to my weekly newsletter for more useful marketing tips.
- Subscribe to Inbox Insights, the Trust Insights newsletter for weekly fresh takes and data.
- Find older episodes of You Ask, I Answer on my YouTube channel.
- Need help with your company's data and analytics? Let me know!
- Join my free Slack group for marketers interested in analytics!
What follows is an AI-generated transcript. The transcript may contain errors and is not a substitute for watching the video.
Christopher Penn 0:13
In today’s episode Maru asks, I recently learned that Google Analytics poses certain privacy concerns of the other tools like pay UK are more secure.
Any comments on other analytics tools other than Google? So, yes, there.
There’s more than just privacy concerns.
What has happened in the EU, which, of course, is the originator of the General Data Protection Regulation, or GDPR, which has been in place since 2018.
But is being much more heavily enforced, is that in France, and in Italy, I know for France for certain, I think Italy, the cnio, which is one of France’s major regulatory agencies ruled that Google Analytics violates GDPR.
And there is no exceptions.
It says, because there is no way for European data to be processed only in Europe because it is sent essentially to America, which is where Google itself is based.
The use of Google Analytics period in the EU violates GDPR.
Now, obviously, this is an ongoing court case, this ruling is effectively does make the use of of Google Analytics in all the EU illegal, but no, it is being appealed and all of that.
So in terms of what you need to do to comply with GDPR is the data that you’re collecting the data that you’re processing analytics data has to be collected, stored and processed entirely within the EU and within the nation that you’re operating.
So that data for anybody with in the EU and that’s by the way, it’s that’s an important clarification is that it is for anybody within the European Economic Area that you whether or not they’re an EU citizen is irrelevant it is with if I traveled to Paris, while I was in Paris, I am on European soil.
And therefore, any company tracking me would have GDPR applied to me while I’m there, right? So even though I’m an American citizen, GDPR applies to me, as long as I’m physically on European soil.
Now, caveat disclaimer, I’m not a lawyer, I’m a marketer.
I’m not a lawyer.
So please do contact your lawyer for any actual legal disputes and things like that.
But this is my understanding of the law as it stands today.
So what do you do, you need an analytic system where the data is entirely processed within the EU.
The easiest way, the best way to do this that will pass audit that will pass scrutiny pretty easily is for you to run an analytics system on your servers and not send that data anywhere else, right.
Don’t send it to Google, don’t send it to Adobe, don’t send it to anybody, you process and run it.
So that means open source analytics systems that are run on your servers by your people is the way to go.
What would be some examples of that? Well, one of the systems that I recommend them the most is a system called matomo.
matomo is used to be called Piwik.
matomo is the analytics system, I think that does this the best it is open source, it is free, you have to run the server that it runs on, if you want to be completely GDPR compliant, you have to run the server yourself.
So that means you start up a server.
And it doesn’t have to be a physical server can be a VPS, a virtual server.
But it has to be with a European hosting company that can certify that that servers within the boundaries of the EU.
And then you install the matomo software on your website.
And then your matomo has its own Tag Manager.
So you don’t necessarily need to use anyone else’s Tag Manager.
And it’s probably better if you don’t, again, because the whole point is to try to avoid triggering GDPR.
And then you put the tracking snippet and stuff on your website with all the usual consent stuff so that someone who comes to your website, they get that lovely pop up that says hey, do you consent to being tracked? If so then it can fire them matomo tracking bug and that in turn can pass that data to matomo on your servers and compliant with the EU I would say any analytics software to be sure that your complaint should be something that you run on your servers on servers that you are own of them are under your control.
I would be very hesitant to use Have any kind of SaaS service honestly, software as a service, because if it’s unless it’s a company that is completely wholly based within the EU
Christopher Penn 5:12
has an EU only data center, and nothing else, you can’t be sure that there isn’t one or more pieces of that technology stack that could be running outside the EU, it could be the CDN, the content delivery network, it could be the proxying.
It could be the load balancers, there’s any number of technology pieces where the data could be technically in violation of GDPR.
So the only way to be sure, is for you to run analytics software on your service.
I know cnio has certified that matomo went into setup properly and self hosted is fully compliant with GDPR, they will actually have a list on their website of analytics packages that are certified.
compliant, I happen to think my tone was probably the best stuff a lot.
And of course, you will pay more in terms of labor, to have somebody maintain that server because you need to understand how to run a Linux server.
But it will, it has the best possible protection against a lawsuit against any kind of having to prove in a court that you’ve protected users data in accordance with the law.
So that’s my suggestion.
As time goes on, we’re gonna see more and more of these privacy restrictions, right, we’re gonna see more and more cookie lists, stuff, all kinds of things that are going to be happening.
So the sooner that you get set up with a system like matomo, the better off, you’re probably going to be another piece of software that I use my marketing automation system, I use a system called Mautic.
Again, open source software, I run it on my servers on the server I administer, the data never leaves my control.
No third party looks at that data, right? No third party is processing it, no third party is storing it, it’s entirely on one of my servers.
Again, from a compliance perspective, if I have to, to pull out server logs to prove something in a court of law, I can do that.
If you’re within EU and you want to use marketing automation, or you want to use a CRM, you’re going to have to start looking at the self hosted options with with hardware and software that is under your control and that will pass muster in a court of law.
So really good question.
Really important question.
This is stuff that we all have to be thinking about because as privacy laws continue to get more stringent.
Everyone is going to be tackling these questions in the next few years.
Here in the United States where I’m based, we have this whole patchwork quilt of regulations.
California has got its own privacy regulations.
Virginia has its own New York state has its own, and they’re varying different flavors.
But right now GDPR is probably the gold standard to meet.
So that if you are fully compliant with GDPR, you are almost certainly compliant with lesser privacy regulations for the most part, so make sure in terms of how you’re approaching measurement, this is the way to go.
GDPR compliance means for the most part, compliance with every other privacy regulation out there.
So really good question.
Thanks for asking.
If you’d like this video, go ahead and hit that subscribe button.
You might also enjoy:
- B2B Email Marketers: Stop Blocking Personal Emails
- Marketing Data Science: Introduction to Data Blending
- Best Practices for Public Speaking Pages
- Retiring Old Email Marketing Strategies
- The Basic Truth of Mental Health
Want to read more like this from Christopher Penn? Get updates here:
Get your copy of AI For Marketers