The thing that really bothers me with these privacy discussions is that everybody talks about cookies. The "no cookies, no consent" -mantra is false and does not respect user privacy because there are other ways to track people, like browser fingerprinting, which is even harder to block for an average internet user.
The other thing, GDPR is not about cookies. The ePrivacy Directive regulates the use of cookies, but it's not about cookies either. Article 5.3. in the ePrivacy Directive says:
"Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, ..."
So whatever technology you use, you need consent to use web analytics tools. At least at the moment. A draft online suggests there might be a consent exception for audience measurement if the technology used complies with GDPR - again, this has nothing to do with cookies. The point is that the personal information collected, stored, and processed does not violate GDPR.
Another thing is that all the "GA is illegal" cases have nothing to do with cookies. It's about data transfers between the EU and the US and how Google handles the data. GDPR came into force in 2018, and we will see many more legal privacy cases in the future regarding the ePrivacy Directive. The bulletproof solution at the moment for any web analytics product is to ask for consent in the EU.
I've had talks with EU-based privacy gurus; some think everything is clear, and companies are mean just and reluctant to comply. But most of us agree that the messaging is done very poorly - what to do, how to comply etc.
And yes, giant consent banners break the UX. But at the same time, it's important to remember this data privacy regulation stuff is not about companies. It's about the users. And companies who build tracking tools shouldn't be motivated by the idea, "how can we ignore user consent?".
The other thing, GDPR is not about cookies. The ePrivacy Directive regulates the use of cookies, but it's not about cookies either. Article 5.3. in the ePrivacy Directive says:
"Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, ..."
So whatever technology you use, you need consent to use web analytics tools. At least at the moment. A draft online suggests there might be a consent exception for audience measurement if the technology used complies with GDPR - again, this has nothing to do with cookies. The point is that the personal information collected, stored, and processed does not violate GDPR.
Another thing is that all the "GA is illegal" cases have nothing to do with cookies. It's about data transfers between the EU and the US and how Google handles the data. GDPR came into force in 2018, and we will see many more legal privacy cases in the future regarding the ePrivacy Directive. The bulletproof solution at the moment for any web analytics product is to ask for consent in the EU.
I've had talks with EU-based privacy gurus; some think everything is clear, and companies are mean just and reluctant to comply. But most of us agree that the messaging is done very poorly - what to do, how to comply etc.
And yes, giant consent banners break the UX. But at the same time, it's important to remember this data privacy regulation stuff is not about companies. It's about the users. And companies who build tracking tools shouldn't be motivated by the idea, "how can we ignore user consent?".