Since May of 2018, the collection of digital data has had the shadow of Europe’s General Data Protection Regulation (GDPR) looming over it. GDPR regulates the collection and storage of data on websites for users in the European Union. Since so many websites handle traffic from international sources, this was a change felt across the globe, with many U.S. websites furiously updating how cookies are tracked and stored. This is typically in the form of more control on the user’s end, allowing them to opt-in or opt-out of different types of cookies, as well as gain insight into which cookies are being tracked, what they are being used for and how long the data is retained.
Since websites are allowing visitors to make cookies optional that used to be mandatory (e.g., Google Analytics), some are seeing dips in their site analytics data. Depending on what type of cookie policy they’ve set up, the dip may range from hardly noticeable to significant. Whether you’ve already implemented cookie control or are thinking about adding the ability to opt out of cookies, you should think about how this change may affect your collection of website data and implement a proactive strategy to account for this.
How Does Cookie Consent Affect Google Analytics Tracking?
Many websites use Google Analytics to track which pages are being viewed, which promotions are being clicked and which forms are being filled out. Since Google Analytics uses cookies to identify users and their actions and attributes, this means that if a user opts-out of cookies entirely, they won’t be tracked as a visitor at all through your analytics. This could cause a decrease in measurable website traffic depending on how many visitors choose to opt in. In addition to your website analytics data decreasing, you may see drop-off in other forms of tracking that relies on cookies, such as pixels used for remarketing or conversion tracking.
Google Analytics has also implemented updates which make it easier to comply with policies like GDPR and CCPA. Within your Google Analytics Administrative settings you have the ability to request a deletion of user data, which is part of the terms of GDPR. The amount of time that User-level data is retained has also been set to a 26-month default, though you can extend this timeframe to be shorter or longer as needed. You can even set your User-level data to never be deleted.
If you didn’t update the User-level data retention setting prior to May of 2018 you may find that some of your historical data is missing. While you can still view Session-level historical data without limitations, you won’t be able to segment that data by any User dimensions including demographics or device. You can still update this option in your Google Analytics administrative settings, but any historical User data that has already been purged cannot be recovered.
Types of Consent and Their Impact on Tracking
One way to minimize any decline in your analytics tracking is to choose a method of cookie consent that makes it more likely that cookies will be allowed. If your cookie consent policy is added specifically to adhere to a state or national guideline like CCPA or GDPR, you should make sure you select a consent method that conforms to that policy. You will have to work with your legal or compliance partner to confirm which is recommended for your business or institution:
-
Notice Only: The visitor is informed that a website uses cookies but doesn’t give them the ability to opt out. This method is not CCPA or GDPR compliant since the visitor cannot opt out of cookies and only receives a notification.
-
Opt-In Consent: Cookies are disabled by default and visitors will need to accept cookies before they track. This method is compliant with both CCPA and GDPR since it gives the visitor control over which cookies are tracked. This can also negatively impact analytics tracking.
-
Opt-Out Consent: Cookies are enabled by default and will track unless a visitor manually asks not to be tracked. This method is compliant with both CCPA and GDPR since it gives the visitor control over which cookies are tracked.
-
Implied Consent: The visitor is informed that the action of browsing the website means that they have accepted cookie tracking. Typically there is still some means of opting out. This method is only CCPA and GDPR compliant depending on the type of cookies you are tracking. You typically cannot used Implied Consent if you are using cookies for third-party purposes.
The type of consent with the most potential to cause a decrease in tracking is Opt-In Consent since it falls completely on the visitor to accept cookies before analytics tracking begins. If the cookie alert is not visible enough it could be missed entirely, and there are likely a good number of people who will ignore it anyway. The traffic tracked after an Opt-In Consent cookie alert is implemented is an indicator of your website visitors who are actively engaged and alert on your website. In order get as many people as possible to accept cookies you need to ensure your cookie alert is noticeable and persuasive.
If the end goal is to cause a minimal drop in your analytics tracking, while still giving visitors an easy way to disable cookies, then Opt-Out Consent is the best option. This functions similarly to the Opt-In Consent method, but instead of relying on the visitor to click to accept, cookies will be tracked automatically whether someone clicks to accept, closes the cookie alert notification or just ignores it and continues to browse the site. They would need to actively opt out of cookies and save their settings to stop cookie tracking from happening.
Notification Only consent cannot be used on websites that primarily serve visitors from EU countries as it does not give someone the ability to opt out. If you’re not limited by GDPR guidelines and only want to inform visitors that your website uses cookies, then Notification Only is fine. Implied Consent would function very similarly, but somewhere on your website would be a page with the ability to opt in or out of cookies.
Getting Started
If you’re interested in enabling a cookie alert on your website, whether because you need to comply with GDPR or California Consumers Privacy Act (CCPA) or you just want to give your users more control over their tracking, there are a few questions you should ask before getting started.
-
What type of control am I legally required to allow based on local regulations? You will need to consult with your legal and compliance team to answer this.
-
What types of cookies is my website currently using?
-
What type of consent policy should I enable to allow control while minimizing a traffic dropoff?
ZAG cannot provide legal advice in regards to cookie policy choices or verbiage, but we hope that the information we’ve provided gets you thinking about your options and how they will affect the data you’re able to analyze. There are a number of third-party services specializing in cookie consent and overall privacy management. Contact ZAG if you need assistance selecting a vendor or if you need help implementing your selected cookie policy on your website.