Understanding digital data collection in the age of GDPR and ePrivacy Directive

With fewer users giving consent, new analytics and attribution approaches are needed

Key points:

• The ePrivacy directive requires that users give explicit consent for their data collected via cookies to be shared with first or third parties
• Guidelines have been proposed by the European Data Protection Board which, if adopted, will have an enormous impact. The Guidelines propose expanding the commonly understood meaning of “gaining access” to effectively cover any passive receipt of information
• Where sites do not enjoy a high ratio of logged-in users, new analytics and attribution approaches need to be introduced

In today's digital marketing world, attribution is pivotal for businesses and marketers. The GDPR and the ePrivacy Directive have significantly influenced the traditional practices of digital data collection and analysis, and therefore, attribution.

The evolving landscape of cookie usage

Traditionally, cookies have been the technology of choice to identify devices and, through that identification, understand user behaviour and interest. This identification evolved from on-site analysis to cross-site analysis capturing enormous amounts of personal information and data and placing it into the hands of technology vendors.

We cannot overemphasise the importance of distinguishing between on-site (first-party) and cross-site (third-party) analytics and cookies. First-party cookies, set by the visited website, enhance user experience by maintaining login statuses and tracking preferences. Third-party cookies, placed by external entities, are used for broader purposes like cross-site tracking and analytics. This distinction is key in understanding data ownership, with first-party cookies allowing direct control and use of data for site-specific purposes, whereas third-party cookies are utilised for extensive tracking and targeted advertising.

Impact of privacy regulations on data collection

The ePrivacy directive requires that users give explicit consent for their data collected via cookies to be shared with first or third parties.

Whilst the GDPR relates to any personally identifiable information, the ePrivacy Directive relates (amongst other matters) to any information obtained from gaining access to the subscriber’s or user’s ‘terminal’ (their device, router, etc).

Guidelines have been proposed by the European Data Protection Board which, if adopted, will have an enormous impact. The Guidelines propose expanding the commonly understood meaning of “gaining access” to effectively cover any passive receipt of information.  In other words, without consent, analytics platforms will not be able to track any user activity, nor will they be able to record any data passively received from the user’s terminal (e.g. IP address or UTM data).

Furthermore, privacy-focused technologies have launched rapidly to allow users to automatically bypass consent requests enabling them to operate ‘incognito’ permanently.

Research from Alphix Solutions has shown that unreported traffic can be in excess of 90%.

This highlights the necessity of user consent as a foundational requirement for effective data analysis and collection, regardless of the employed technologies.

User engagement: logged-in vs logged-out

The distinction between logged-in and logged-out users significantly impacts data collection. Logged-in users, having consented to data use, provide more accurate insights, while logged-out users often bypass consent forms, offering limited data collection opportunities. Consequently, analytics platforms reliant on cookies or fingerprinting are ineffective without logged-in users who have given explicit consent.

B2B vs B2C: tailoring data collection strategies

The approach to online sales and promotions differs substantially between B2B and B2C contexts. B2C sites, often with products enjoying shorter sales cycles, tend to generate higher-volume return visits, encouraging user registrations. In contrast, B2B sites, often characterised by longer sales cycles and lower visit frequencies, face challenges in incentivising user registrations. This difference is especially evident in intermediated sectors like asset management, where many sites lack a login section. Acknowledging and adapting to these distinct approaches is vital for effective data collection and analysis in both B2B and B2C contexts.

The solution for B2B marketers, specifically asset managers

Where sites do not enjoy a high ratio of logged-in users (logged in for each session as opposed to utilising a cookie-based identification technology to match a non-logged in user to a registered user), new analytics and attribution approaches need to be introduced.

The new approaches need to incorporate the following stages:

• Move from a cookie-based analytics platform to a cookie-free analytics platform.
• Revise the consent mechanism to ensure consent is given for the processing of certain data from the user’s terminal.
• Implement a privacy-first attribution model
• Introduce sector-specific trends and signals indices against which to benchmark activities.

How Alphix Solutions can help

Alphix Solutions stands out with its unique analytics platform, focusing on measuring website activity rather than user-specific activity.

Through our deep sector expertise in the financial services sector, specifically asset management, the Alphix Consulting team has been able to strategise mechanisms for gaining consent for the core data sets required for attribution and enhanced reporting, within the framework of both the ePrivacy directive and the GDPR.

Contact your Alphix Solutions Account Manager to arrange a meeting to discuss where Alphix can help you solve your attribution and digital data collection challenges.