I've been following this for a while and there is still a lot of contention surrounding how to apply the directive, so I have put together this post to help guide organisations to respond to the directive.
So, what is the directive trying to achieve?
It's about people's privacy and giving them choices in respect to it (more than just web analytics). That means no 3rd party techniques (sharing information with other organisations) and no personal information such as name, email address etc. being collected. The only exception is where explicit consent of the individual is given. Google Analytics (GA) collects only 1st party cookies and although you 'could' collect personally identifiable information it goes against Google's terms of service.
There appear to be a number of organisations making hay over the confusion that this has generated and whilst I don't have anything against these companies per se, what they are touting I have to disagree with.
If (and that's a big if) the Information Commissioner's Office (ICO) were to completely ban data collection under the directive it is more than likely that all data collection technologies would also be in breach of it. The wording of the directive is not technology specific, it states: "All "similar technologies" to cookies are covered by this law." That is to say, whilst it discusses cookies it refers to any technology which collects information. All web analytics vendors would need information for visitor tracking. So any technology, including IP Tracking, that circumvents cookies will be in breach of the law.
So what should you do?
That doesn't mean you shouldn't do anything. The official recommendations from the ICO are:
- Check what type of cookies and similar technologies you use and how you use them.
- Assess how intrusive your use of cookies is.
- Decide what solution to obtain consent will be best in your circumstances.
The first two are pretty straightforward and something we work with our clients in the form of a cookie audit. You're likely to be collecting far more than just Google Analytics cookies and some have even been found to be recording personal identification in Google Analytics. The third is more complex and the ICO do not make any specific recommendations:
"However, we do not intend to issue prescriptive lists on how to comply. You are best placed to work out how to get information to your users, what they will understand and how they would like to show that they consent to what you intend to do."
Which seems to me that the ICO is unlikely to consider fining organisations that are working towards the directive and therefore investigating the first two key points are the best way forward until such time that the directive becomes clearer.
Stick with Google Analytics
In that respect (at the moment) it doesn't seem worth going with alternate analytics packages over Google Analytics. Google Analytics is far more powerful than most and I imagine it has and will always have a lot more investment going in to it. Oh and did you know it's free to the end consumer?
One issue we come across with our clients is that using something that is free means it's unsupported and the documentation can be quite difficult to understand/implement. The most basic of Google Analytics installations still provides functionality beyond what other vendors provide. The real value comes from more advanced Google Analytics integration and the good news is that numerous companies provide support. Yes you'll have to pay for it but then you're not paying for the actual product so it will be much cheaper in the long run. There are also multiple companies offering Google Analytics support which makes the offering more competitive and thus keeps the cost down.
If you require assistance in understanding and interpreting your analytics, you might like our online Google Analytics introduction training course and Google Analytics advanced training course.
Posted by Jens Sorensen 11th November 2011
Gain insight from Google Analytics
- Google Analytics introduction online training course
- Google Analytics advanced online training course
