Since May of 2018, the collection of digital data has had the shadow of Europe’s General Data Protection Regulation (GDPR) looming over it. GDPR regulates the collection and storage of data on websites for users in the European Union. Since so many websites handle traffic from international sources, this was a change felt across the globe, with many U.S. websites furiously updating how cookies are tracked and stored. This is typically in the form of more control on the user’s end, allowing them to opt-in or opt-out of different types of cookies, as well as gain insight into which cookies are being tracked, what they are being used for and how long the data is retained.
How Does Cookie Consent Affect Google Analytics Tracking?
Google Analytics has also implemented updates which make it easier to comply with policies like GDPR and CCPA. Within your Google Analytics Administrative settings you have the ability to request a deletion of user data, which is part of the terms of GDPR. The amount of time that User-level data is retained has also been set to a 26-month default, though you can extend this timeframe to be shorter or longer as needed. You can even set your User-level data to never be deleted.
If you didn’t update the User-level data retention setting prior to May of 2018 you may find that some of your historical data is missing. While you can still view Session-level historical data without limitations, you won’t be able to segment that data by any User dimensions including demographics or device. You can still update this option in your Google Analytics administrative settings, but any historical User data that has already been purged cannot be recovered.
Types of Consent and Their Impact on Tracking
One way to minimize any decline in your analytics tracking is to choose a method of cookie consent that makes it more likely that cookies will be allowed. If your cookie consent policy is added specifically to adhere to a state or national guideline like CCPA or GDPR, you should make sure you select a consent method that conforms to that policy. You will have to work with your legal or compliance partner to confirm which is recommended for your business or institution:
Opt-In Consent: Cookies are disabled by default and visitors will need to accept cookies before they track. This method is compliant with both CCPA and GDPR since it gives the visitor control over which cookies are tracked. This can also negatively impact analytics tracking.
Opt-Out Consent: Cookies are enabled by default and will track unless a visitor manually asks not to be tracked. This method is compliant with both CCPA and GDPR since it gives the visitor control over which cookies are tracked.
Implied Consent: The visitor is informed that the action of browsing the website means that they have accepted cookie tracking. Typically there is still some means of opting out. This method is only CCPA and GDPR compliant depending on the type of cookies you are tracking. You typically cannot used Implied Consent if you are using cookies for third-party purposes.
The type of consent with the most potential to cause a decrease in tracking is Opt-In Consent since it falls completely on the visitor to accept cookies before analytics tracking begins. If the cookie alert is not visible enough it could be missed entirely, and there are likely a good number of people who will ignore it anyway. The traffic tracked after an Opt-In Consent cookie alert is implemented is an indicator of your website visitors who are actively engaged and alert on your website. In order get as many people as possible to accept cookies you need to ensure your cookie alert is noticeable and persuasive.
If the end goal is to cause a minimal drop in your analytics tracking, while still giving visitors an easy way to disable cookies, then Opt-Out Consent is the best option. This functions similarly to the Opt-In Consent method, but instead of relying on the visitor to click to accept, cookies will be tracked automatically whether someone clicks to accept, closes the cookie alert notification or just ignores it and continues to browse the site. They would need to actively opt out of cookies and save their settings to stop cookie tracking from happening.
If you’re interested in enabling a cookie alert on your website, whether because you need to comply with GDPR or California Consumers Privacy Act (CCPA) or you just want to give your users more control over their tracking, there are a few questions you should ask before getting started.
What type of control am I legally required to allow based on local regulations? You will need to consult with your legal and compliance team to answer this.
What types of cookies is my website currently using?
What type of consent policy should I enable to allow control while minimizing a traffic dropoff?