DLYX DataLayer Proxy
DLYX DataLayer Proxy
DLYX DataLayer Proxy
 Is Google Analytics Tracking possible without consent
 DLYX provides a Cookie-less soultion!
Google Analytics Tracking  without consent? 
 DLYX provides a Cookie-less soultion!
serverseitiges Tracking

Responsible handling of private data

The discussion about data protection of website visitors is basically not about cookies, it is a matter of respecting the users' individual privacy. Hence, we as marketers should not be looking for ways to circumvent legal requirements, but rather find acceptable ways for everybody involved.

Online Marketing and Analytics Consultant Stuttgart

Wolfram Bartke
Marketing Technology Expert
mail push@dlyx.io

Why are cookies needed for tracking to begin with?

With

The cookie, therefore, is a mechanism for the server to recognize an earlier visitor on a given website. No personal data is being saved in the browser at this point, the cookie only provides for measurement of a user's navigation and subsequent visits through assigning an abstract, individual ID.

Ecommerce shops, for instance, use this principle to save and assign shopping cart content throughout a session to the visitor. Tracking systems, such as Google Analytics, collect data on the users' visiting sources to provide for channel attribution of sales; e.g., did the visitor click on a display banner or on a Google Search ad to enter the shop?

Depending on the intended use, the site operator must observe legal requirements. Only technically necessary cookies may be set without consent. Some cookies can be rejected afterwards (opt-out). Or others may only be used if site visitors actively agree to their use (opt-in).

According to German data privacy regulations, instruments for marketing reach measurement can only be used without asking for user consent if the collecting tools are installed locally within the first-party entity. Additionally, they are required to provide a maximum of transparency to the user and collect only a minimum of indispensable information. The Local Data Protection and Freedom of Information Commissioning website of the German federal state of Baden-Würtemberg provides very specific examples in its Cookie and Tracking FAQ: It lists Matomo as a positive example, and in conformity with the requirements, while Google Analytics is mentioned as a negative one, and in clear need of user consent to perform any tracking activities due to its 3rd-Party-Nature.

Nevertheless, our aim is to find a lawful use of Google Analytics for data collection and marketing analysis, as it is the preferred tracking tool of most businesses and marketers.

Why is consent needed to use Google Analytics?

Relevant data for reach and channel analysis with Google Analytics.

Relevant data for reach and channel analysis with Google Analytics.

Many website administrators use Google Analytics in order to measure the efficiency of their online marketing activities. Web analytics systems such as Google Analytics record page views and page interactions of a website visit.

Isolated page visits and interaction events, however, do not provide for useful analytics data. Only in assigning those actions to users, a meaningful picture of a website's usage can arise. So in tagging users with individual IDs, it becomes possible to analyze user sessions as a journey of interrelated actions throughout a website and session. The individual ID, the client ID, is stored in a cookie.

Additionally to the recorded website interactions, technical information about the browser and the operating system is being captured with the tracking. And by adding in information from other Google services such as Google Ads and Signals, the user information can then be further enriched. For this purpose, Google utilizes unique click IDs from Google Ads link urls as well as active browser and client device log-in data.

Based on Google Click Identifier (GCLID), deeper campaign analysis is then possible. And with active logins, demographic characteristics, interests and store visits are displayed in Google Analytics, for example. For the site operator, these reports are anonymized, but with the help of all participating site operators, Google can further expand personal profiles in the background.

So even without involvement of additional Google services, a website owner must invoke active user consent for integration and execution of the Google Analytics script in the user's browser. Because by tracking the user interactions on the website, individual user data including the ip address is being sent on to Google and stored a cookie in the user's device.

In adherance with GDPR, this form of tracking would still be justifiable as legitimate interest. The ePrivacy regulation, however, makes any storage of data within the browser subject to active user consent, if the purpose of this data is to identify the user. The German Federal Court (BGH) issued a decision based on this regulation in the Planet49 case (October 2017), requiring users to actively consent to the storage of cookies prior to playing.

As with Google Analytics, user-related data is being sent to servers in the USA, according to another popular case, the "Schrems II ruling", even with active consent regulatory conformity is disputable.

Consent-free Google Analytics tracking using DLYX

Privacy firewall for anonymized Google Analytics tracking - consent-free.

Privacy firewall for anonymized Google Analytics tracking - consent-free.

Our server-side tracking technology DLYX acts as a privacy firewall, isolating website visitors from any downstream connected tracking and analytics services.

Through individual hosting, as an on-premise solution, all tracking data can be filtered before being sent on to third parties such as Google.

With DLYX' anonymized Google Analytics tracking, the visiting client's IP address is truncated, and any personal Google IDs are removed from website URLs, so identification of users through these markers by Google is effectively being prevented. The click ID, for instance, cannot be used to identify users across website sessions through Google then.

In order to still be able to allocate a user's page views to a session in Google Analytics, a client ID is needed. This ID usually is being stored with the _ga cookie in the browser. As we cannot store ID tracking cookies in the browser without prior consent, it is being generated on the server and the server-session acts as intermediate storage here. The alternative cookie connecting the user to its session then is a technical session cookie that is being used by most websites and already registered as such with the browser.

Accordingly, no additional cookie is being used to store the Google Analytics client ID on the user device or browser. But wait, isn't this a pretend package while basically being the same thing? No, because this client ID is generated by DLYX, it provides no identification means of the user to Google whatsoever, and it is being deleted at the end of each session.

Only with a consent of the user, a separate cookie with the client ID will be stored on the user device, enabling us to detect the user as a returning visitor at a later point. Addtionally, the Google Ads Click ID will be transmitted to provide for best-possible campaing tracking.

This consent-less tracking method with Google Analytics has already been confirmed by several lawyers. To be on the safe side, however, individual setups must be checked by competent legal counsel.

Does it provide for 100% tracking data?

Google Analytics Tracking mit dem DataLayer Proxy DLYX mit fast 100% Analytics Daten.

Google Analytics Tracking mit dem DataLayer Proxy DLYX mit fast 100% Analytics Daten.

Comparing server-side tracking with the actual shop data, using DLYX, our customers very often achieve a data accuracy of 99%+ with their Google Analytics data sets.

100% is hardly possible for technical reasons. There will always be isolated cases of page views and conversions getting lost, however, e. g., due to physical connectivity problems on the client side.

The key components of a DLYX tracking setup:

  • the DataLayer (as with Google Tag Manager)
  • a matching Google Tag Manager Container
  • integration of a tiny client-side JavaScript on all pages (< 10kb)
  • a DLYX DataLayer Proxy installation (dedicated server oder cloud)
  • a additional Google Analytics Property

With the dataLayer proxy, most browser tracking scripts are being moved to the server. Server-side DataLayer processing is functional the same way as with a client-side Google Tag Manager implementation, including all automatically tracked E-Commerce events.

After checking organizational and legal requirements, DLYX tracking can ususally be implemented within a very short time-frame, as it is easily deployed. Maintenance and development of your Google Tag Manager tracking setups from the GTM backend works the same way as before, the only difference being tha newly released GTM setups need to be exported as json files and uploaded to your DLYX proxy as a simple data file.

Exciting?

Write me an email or
connect with me at LinkedIn.

Online Marketing and Analytics Consultant Stuttgart

Wolfram Bartke
Marketing Technologie Experte
mail push@dlyx.io
www.linkedin.com/in/wolfram-bartke/