Who cares about data privacy?

We all need to play our part in promoting a more responsible, ethical approach to collecting and using customer data. If we don’t, there’s a risk we’ll be left with nothing to measure.

Some surveys would have us believe privacy is really really important to people these days. A 2020 study in the US by KPMG found 97% of consumers were concerned by data privacy, with 87% seeing it as a fundamental human right.

I’m not buying it. Sure, there may be a minority of activists out there, switching suppliers and cancelling contracts with righteous indignation, but you won’t overhear many heated debates about consumer privacy in the recently unlocked beer gardens of Britain. (Covid, Brexit and Jack Grealish feature heavily).

It could yet change. Check out the latest Apple ad. A naive consumer is shadowed by a growing legion of grey-suited spooks – a sinister metaphor for the dark forces tracking our every move online and sharing our personal information indiscriminately.

Arguably, this powerful piece of communication isn’t based on the insight that consumers these days care about their privacy, but on the insight that they actually don’t.

Apple wants people to care more about privacy. They make most of their billions selling candy-coloured devices, rather than eyeballs and ads. And they’re betting their competitors – Facebook, Amazon and of course, Google – will be reluctant to follow them into an anonymised future.

Does Google care about data privacy?

Well, based on the airtime devoted to the topic at Google Marketing Live, it turns out they do. Hey, presto! Google Analytics 4 is now a privacy-first, privacy-centric analytics solution, with privacy features built-in thanks to Google’s new “privacy by design” ethos.

What exactly does this mean in practice?

Well, Google may have recently called time on third-party cookies, but GA4 still relies heavily on first-party cookies for anything more than basic measurement via cookieless pings. That means in Europe at least, we won’t be doing away with those dinky cookie banners requesting explicit consent any time soon. 

The good news is that GA4 will observe the users who do consent to analytics and use machine learning to model the behaviour of those who don’t. This fills the inevitable gaps in your data so you don’t “lose” all that hard-earned traffic.

GA4 enables much more granular control over how you identify visitors: via the device ID for both app and web visitors; through a user ID to understand logged-in journeys; using Google Signals if you’re keen to personalise ads or some combination of the three.

IP anonymisation is enabled by default and can’t be switched off. Data is retained for a much shorter period of time: either two or 14 months, rather than the infinite option possible with the current Universal Analytics (UA).

An updated user explorer tool makes it easier to delete an individual user’s data to comply with GDPR right to be forgotten. However, as before, you have no choice as to where the data collected on your site is stored and processed. There’s a strong likelihood this will include servers in the US, so you will still need to disclose you’re making international data transfers in your privacy policy.

You’ll still need to carefully review the choices related to sharing your data with Google – in particular, selecting advertising preferences and choosing whether to opt into Google Signals. 

How much do you care about data privacy?

All these new features in GA4, combined with Google Tag Manager’s consent mode, will make it much easier to implement your company’s privacy policies. Unfortunately, Google isn’t going to formulate those policies for you. As a marketer, you still need to weigh up the trade-offs and make the judgement calls. The buck stops with you.

And that begs the question: how much do you care about data privacy? 

Will you bury your head in the sand, refusing to acknowledge reality and hoping it will all blow over? (Sorry, that’s not going to happen any time soon.)

Will you be wilfully negligent? Happy to give the outward appearance of compliance while harvesting data in the background and retargeting at will. 

Will you passively let the tech vendors or your media agencies make the tough calls? Or obediently adhere to the red lines drawn by an overly-cautious legal department?

Or do you genuinely want to do the right thing? Will you actively seek to balance the best interests of the company and consumers? Are you prepared to sacrifice short-term performance in order to establish a sustainable marketing operating model?

What do we care?

The easiest option would be to operate as a no-questions-asked implementation arm, taking and fulfilling orders without question. Who wouldn’t want a reputation for being quick and easy to work with?

But this risks making us complicit in bad practice, or even breaking the law. It’s a slippery slope. One day you’re implementing a cookie without updating a privacy policy, the next you’re burying bodies in some West Sussex woodland. Let’s not go there.

We’re not necessarily going to start advising on legal positions, drafting policies and auditing internal procedures. We’re in this business because we love data and analytics, not statute and precedent. But we will ensure we have a working understanding of the relevant laws and directives. 

We’ll also be asking challenging questions and pointing out potential breaches. Sometimes we may even politely refuse a request. And we will definitely be exploring the new tools and technologies that can assist with consent management – including getting our own house in order.

Hopefully, you’ll join us in taking a more proactive, progressive approach to data privacy. Before it’s too late.

Written by

Steve is Measurelab's Managing Director and self-styled growth guru. When he's not out riding his bike, he's mostly busy plotting how we can take over the analytics world.

Subscribe to our newsletter: