Member-only story
Some dumb objections I have heard when discussing privacy in the context of analytics
Don’t laugh too hard—you probably also said some of these things at some point!
For context, I cut these to keep my forthcoming article “GDPR and overall privacy compliance, the TL;DR version” (link coming soon!) short and very TL;DR. You might want to read that one too!
Needless to say: I represent only myself and the tone is intentionally a bit snarky. I however do not apologize for opinions nor the factual statement that privacy is a dumpster fire and you and I and everyone else should do better.
Without further ado…
Objection #1: “Are you trying to say that Google Analytics is illegal, as in non-compliant with GDPR, ePrivacy Directive and so on…?”
In short: No, Google Analytics as a tool and processor is not “illegal”.
The longer answer is that the default configuration is not compliant (also see Piwik’s blog post). There is also a significant piece that is sometimes missed in discussions like this, and the missing part is about the responsibilities of the “data collector” or simply put — the person/team/company that build the website or app or whatever the context for the use of GA is. Given that it’s a breach of contract (See “Analytics customers are prohibited from sending personal information to Google”) to place Personally Identifiable Information inside of Google Analytics at all, it is your job to also ensure and enforce that anything that is collected there is by the book.
What about the new Consent Mode in GA?
Not going to unfuck this mess, as it’s mostly a technical feature rather than a pure consent management feature. Simo Ahava does have a good article on it though.
