Así es, estamos envueltos en un sinfín de noticias sobre cómo la nueva legislación europea en materia de protección de datos va a impactar, no solo a los CRMs europeos, sino también, las posibles consecuencias en la medición digital basada en cookies.

Os dejamos un overview del posible impacto y algunas soluciones que se nos han ocurrido para contrarrestar los efectos de la GDPR, para cuya entrada en virgor quedan 76 días desde la publicación de este post.

WARNING: El post está en inglés 🙂 Enjoy!

How does the GDPR impact online tracking? How to comply with the GDPR? And how does the new GDPR impact Cookie Policies?

• When cookies can identify an individual via their device, it is considered personal data. Or, any data that can be used to identify an individual either directly or indirectly (whether on its own or in conjunction with other information) is personal data.
• Cookies for analytics, advertising and functional services, such as survey and chat tools will be subjected to the GDPR, meaning that:

-Implied consent is no longer sufficient as well as ‘By using this site, you accept cookies’ messages.

-It must be as easy to withdraw consent as it is to give it and, sites will need to provide an opt-out option.

-Cookie measurement will be restricted to user’s consent, meaning that no cookie tracking will be allowed prior to that explicit consent.

TYPES OF COOKIES IMPACTED:

• TEMPORARY COOKIES:  The cookie is erased when the user closes the browser or exits the site. They are considered as first-party cookies and are part of the programming of the website. These cookies do not track any user’s data, not being subjected to the GDPR.
• PERSISTENT COOKIES: The cookie does not disappear after a user exits a site. They are also known as “tracking cookies” as they are used to study user behavior over a certain period of time through the cookies tracked. They are considered as first-party cookies. These cookies track user’s data (which may be considered as personal data in certain cases), being subjected to the GDPR.
• THIRD-PARTY COOKIES: Are the ones that are placed on a user’s hard disk  by a website from a domain other than the one a user is visiting. They are also known as “tracking cookies” as they are used to study user behavior over a certain period of time through the cookies tracked. These cookies track user’s data (which may be considered as personal data in certain cases), being subjected to the GDPR.

POSSIBLE IMPACTS OF THE GDPR:

NEW USERS arriving to any site will receive the Cookies Policy disclaimer (* new users or +3months returning users). Analytics cookies won’t be fired until the user accepts to be cookie-tracked.

–If the user does accept the Cookies Policy:

1.The visit will be tracked since the consent.

2.If the consent implies re-loading the destination page or the consent takes place when changing from the destination page to any other page within the same site, the Source and Medium from which the traffic comes from may be lost, attributing a massive volume of traffic to the Direct source. Any cookies CAN be fired once the user accepts the Cookies Policy.

–If the user does not accept the Cookies Policy:

The analytics cookie could still be tracked via Google Analytics if anonymizing the user’s IP, so no personal data is tracked through analytics cookies. In this case, those cookies tracking personal data CANNOT be fired.

–If the user leaves the site prior to the Cookies Policy consent:

No analytics information will be tracked, meaning that, from an analytics perspective, the user leaving the site before being tracked could only be counted through the Cookie Policy provider (i.e. Evidon). The number of times that the Cookies Policy disclaimer was shown must be provider by the tech. partner in charge.

A COUPLE OF IDEAS TO FACE THE GDPR IMPACT:

If the consent implies re-loading the destination page or the consent takes place when changing from the destination page to any other page within the same site, the Source and Medium from which the traffic comes from may be lost, attributing a massive volume of traffic to the Direct source.

How to reassign traffic to the original Source via GTM?

1.Track cid (client id) and utmscr through custom dimensions defined on a dataLayer.push.

2.Incorporate the dataLayer.push as part of the GTM tag container placed in the website.

3.Define the custom dimensions above in both Google Analytics and GTM.

4.Edit the UA-General tracking tag for the website on GTM using the Advanced Settings functionality, adding a Custom Field with the “CampaignSource” dimension and using utmscr custom dimension as the proposed dynamic value.

If the user does not accept the Cookies Policy, the analytics cookie could still be tracked via Google Analytics if anonymizing the user’s IP, so no personal data is tracked through analytics cookies.

How to anonymize Ips with Google Analytics?

The IP anonymization feature in Analytics sets the last octet of IPv4 user IP addresses and the last 80 bits of IPv6 addresses to zeros in memory shortly after being sent to the Analytics Collection Network. The full IP address is never written to disk in this case.

Configure the _anonymizeIp as TRUE when creating the object.

<!– Google Analytics –>

//www.google-analytics.com/analytics.js

window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;

ga(‘create’, ‘UA-XXXX-Y’, ‘auto’);

ga(‘set’, ‘anonymizeIP’, true);

ga(‘send’, ‘pageview’);

<!– End Google Analytics –>

Thanks for reading 😉