#48 Cookies and consent in Google Analytics

The Measure Pod
The Measure Pod
#48 Cookies and consent in Google Analytics

This week Dan and Dara chat about some new cookie settings released in Google Analytics 4 and this spins out into conversations on consent management, server-side tracking, 1P vs. 3P cookies, and a whole lot on browsers limitations (i.e. ITP and ETP). All the good stuff!

The new cookie settings feature in GA4 is detailed on – https://bit.ly/3Sp3ewr.

Dan and Dara mention episode #42 ‘Consent Mode and behavioral modelling in GA4’ which can be found in the podcast feed or on our website.

A good artilcle going into far more detail on the difference between 1P and 3P cookies – https://bit.ly/3Sq8Fve.

The browser share stats that Dan mentions is from StatCounter – https://bit.ly/3Qkxmai.

Details on Apple’s ITP in Safari – https://bit.ly/3Jxr4lO.

Details on Mozilla’s ETP in Firefox – https://mzl.la/3SiKOgK.

Simo’s article on server-side GTM and the new FPID cookie used in GA – https://bit.ly/3vzTw0o.

In other news, Dan is drinking science and dara is back into routine!

Follow Measurelab on LinkedIn for all the latest podcast episodes, analytics resources and industry news at https://bit.ly/3Ka513y.

Intro music composed by the amazing Confidential (Spotify https://spoti.fi/3JnEdg6).

If you’re liking the show, please show some support and leave a rating on Spotify.

If you have some feedback or a suggestion for Dan and Dara, fill in the form https://bit.ly/3MNtPzl to let them know. Alternatively, you can email podcast@measurelab.co.uk to drop them a message.


[00:00:00] Dara: Hello, and welcome back to The Measure Pod, a podcast for people in the analytics world to talk about all things analytics, this is episode number 48. I’m Dara, I’m MD at Measurelab.

[00:00:26] Daniel: And I’m Dan, I’m an analytics consultant and trainer at Measurelab. The news this week, there’s been a couple of releases in GA4 and one of them actually is the topic of conversation that I’ve kind of thrown on you Dara.

[00:00:36] Daniel: But the first one is that you can now edit some of the GA (Google Analytics) cookie settings within the interface. And the reason I thought I’d bring it up today is just because it’s the first time you’ve been able to do this within the interface within GA (Google Analytics), before it’s been a bit of a hacky thing to do within some settings in GTM (Google Tag Manager) or through the Gtag configuration. But fundamentally what you can do is you can change the expiry of the cookie within the interface without having to go to the tagging. And there’s also an option to not reset the lifetime of the cookie every time someone revisits your website, two things we’ll dig into a bit more, but just to announce that it’s now a thing, and it’s now rolled out to all GA4 properties.

[00:01:09] Daniel: So there is an analytics Admin API, and what they’ve done is they’ve released this functionality to query audiences, create and edit audiences into that. And it’s currently in alpha and I’m really excited about what this tool will start creating actually, what people will be doing with their tools within, whether it’s a Google Sheets extension or whether there’s some SaaS product that could eventually start using these. The kind of thing I’m thinking about is dynamically creating audiences based on external signals and using APIs to create that without having to log in or upload anything to GA (Google Analytics). So I think it’s really exciting, obviously in alpha at the moment, but a sign of good things to come I hope.

[00:01:43] Dara: Am I right in thinking that did exist for Universal Analytics. It wasn’t the easiest thing to use, but this is the GA4 version of that, is that right?

[00:01:51] Daniel: Yeah, that’s correct. There was an audience functionality within the Universal Analytics side, I think where maybe the GA4 stuff is different, not because of the functionality within the API necessarily, but more so because there’s more of a focus on Audiences in GA4, whereas in Universal Analytics, it was more about Segments. And then if you wanted to, you could push those to an Audience, whereas GA4 is all Audience centric.

[00:02:12] Dara: So you stole my thunder in the news. You took away my role of being able to introduce the topic, but I’ll forgive you for that. But you’re quite right, this piece of news is significant and as you mentioned, it’s the first time you’re going to be able to edit the cookie settings within the interface. So we figured why not make a topic out of it because we were actually talking about this in preparation for the podcast. And we thought, well, why are we talking about this when it’s just the two of us? And we could just do this on the podcast, so here we are. So it is a big change. So, I’ll make the on-air confession, I’m not completely up to speed on what you can actually do within the interface now, and my excuse for that is going to be I’m just back from holiday, but can you just explain what you can actually edit within the interface now, in terms of the cookie settings?

[00:02:54] Daniel: Yeah, of course. So within the web data streams, so in the GA4’s admin console, if you go into a web data stream, there’s a section there called ‘more tagging settings’. You go into more tagging settings and there’s a new section in there. It’s the same place where you would define your list of internal IP addresses. You can figure domains for cross domain tracking and you can adjust these session timeout and engage session timers. That’s the place that we’re looking, there’s a new section there where we can ‘override cookie settings’. And out of the box it’s not enabled by default. You’re not enabling any custom settings, but if you do tick that box, you get two sections to play with.

[00:03:29] Daniel: And the first one is the cookie expiration. And so the cookie expiration means that when the JavaScript, which is Google Analytics, the JavaScript on the page loads, it looks for a cookie. Again, you can tweak all this stuff, but out of the box, it looks for a cookie that’s named _ga. That is the GA (Google Analytics) first party cookie that’s set. That stores a random ID, which is your user ID or rather your Client ID. That cookie itself is set to the maximum it can possibly be set to. But what we can now do is overwrite that. Everything from zero, which is a bit odd as an option, all the way up to 25 months. And the zero option is the really interesting part, actually from my perspective, because that basically sets the GA (Google Analytics) cookie to a session cookie. So as soon as that session is ended, not the GA (Google Analytics) session, but the browser session, when that browser’s closed, when they’ve closed that tab or exited your website completely, it purges all of these session cookies. Think of it more like incognito, you kind of purge these cookies, they’re not saved beyond that instance of the browser, you can go from one hour, one day, one week, one month, all the way up to 25 months as well, but the session side of it is really quite fascinating.

[00:04:28] Dara: Yeah and a little bit nostalgic for me because closing the browser used to kill a GA (Google Analytics) session back in the old days of classic GA (Google Analytics). So this is a bit different in what you’re saying, that it clears the cookies completely. So it’s not quite the same way as it used to work, but it used to be that was part of the session definition that as well as the 30 minutes of inactivity or midnight, if the browser session ended then that would kill the GA (Google Analytics) session as well. So it’s an interesting concept to bring back into it that you can actually configure the cookies to kill the session if the browser is closed down.

[00:05:00] Daniel: But now we’re killing the user, right. Which sounds a bit more dramatic rather than just the session.

[00:05:04] Dara: Exactly, a lot more dramatic. I also, even though I said, it’s interesting, I can’t really think of a use case off the top of my head. Maybe you can, but I don’t know when you would want to configure that maybe there are cases. I’m not thinking of any at the moment.

[00:05:18] Daniel: No and I think, you know, whenever we discuss these new features that are rolled out, it’s so early in terms of adoption, we haven’t really seen it in the wild for very long to know how our clients and how we might adopt it as well. So for now it’s just a kind of, it’s a thing, it’s there if you want to, but it might be one of those things, like the other defaults, like the session timeout window or the engaged session timer, it might be one of those things that people always just leave the defaults and not realise that it’s a setting at all. Or maybe this is a thing because there’s a lot of eyes on consent management, privacy, cookie policies, maybe this will be used and maybe a use case for it is that some legal team somewhere might decide that having a permanent lifetime cookie is against policy or against the law in some way. So setting a session cookie where the cookie is deleted or purged once they close the browser, that is more acceptable. So if you have the choice between not using Google Analytics and setting session cookies, you take the session cookies, but that’s not something that I can say it is, or isn’t useful in that case, but it gives another option to keep using GA (Google Analytics), which is ultimately what Google want us to keep doing right.

[00:06:18] Dara: And in the case of if a user was identifying themselves. If you had that setting and you cleared the cookies every time the session ended, but you were a website where people did identify themselves and they had consented to be tracked. Then with the User ID reporting that could still join up the sessions for the same user, right? And you mentioned the other interesting thing is the setting that stops the cookie from updating every time there’s a new interaction, because that’s always been the case that, that whether it’s a two year cookie or a six month cookie or whatever it updates with every page view so that a lifetime of that cookie gets extended that little bit each time, the new interaction, but there’s an option now to actually disable that.

[00:06:57] Daniel: Yeah, exactly. So now you can choose if someone comes to visit your website for the first time, and let’s say you’ve got a 12 month window set on the cookie, you can set it to a fixed 12 month window, which means it doesn’t matter how often they revisit it. Once that 12 months is elapsed, then a new cookie will be set or you have it to the default, which is every time they load a page and that JavaScript is called that it resets that timer on the cookie, so that you’ve always got in a sense, a 6 month, year, 15 month, whatever you’ve set it to period of inactivity before you can kind of delete the cookie. So in a sense, what they’ve done is they’ve put a bit more control onto this. And again, these are things that you might have been able to do anyway, using things like GTM (Google Tag Manager) or hacking it within the Gtag side.

[00:07:37] Daniel: But now they’ve moved it into the interface and actually this is really quite interesting because I think we’ve talked about it a number of times Dara, but like some of the stuff they’ve started releasing in GA4, going above and beyond Universal Analytics is actually taking away from GTM (Google Tag Manager), but not in a bad way, but the dependency on custom stuff within GTM (Google Tag Manager) is actually becoming less needed within GA4. Because cross domain tracking is now a UI feature, it’s no longer a GTM (Google Tag Manager) setting. You’ve got the event creation and modification, which you can do for app and web streams. So you can tweak events as they come in and even create new events off the back of existing events. And now what we can do is we can configure the cookie all from the GA (Google Analytics) UI. Again, removing the dependency on like GTM (Google Tag Manager) skill sets or knowledge or awareness to go in and, and do that. So if you’re not using GTM (Google Tag Manager), you can still have access to these features without having to go in and custom code or something or get a developer involved.

[00:08:28] Dara: Completely off topic, or well, quite off topic, but it made me think of something like Heap and whether Google would eventually move in more of a direction of allowing you to kind of, and probably not because of the number of sites that they’re tracking, but having a much more customisable event configuration within the interface and actually be able to track everything that happens and then configure the events you want to look at within the interface itself.

[00:08:49] Daniel: I very much see GA4 as a step towards the kind of Heap model. In the Universal Analytics world, you had to use GTM (Google Tag Manager) like a scalpel. You had to kind of carve out individual events and think about exactly what you wanted to track. Go into GTM (Google Tag Manager), do the tracking, get the collection and start reporting. In GA4, I use it a bit more like a hammer. So it just track all clicks, all scrolls, all form submissions, all outbound links, all things that happen. And then within the GA4 interface, you can then start using some of these new features or even BigQuery if you need to, to then start filtering out some of the events that you don’t need in that time. Because then if you had this kind of like more generic data collection approach in GTM (Google Tag Manager), you have the historic data if you ever needed a specific form or link or click. And I think this is where that kind of mindset has changed, rather than sort of business as usual UA (Universal Analytics) to GA4, actually think of it more as a use GTM (Google Tag Manager) for the broad stuff, collecting stuff in a more generic fashion, but then use GA4 as the scalpel to then pick out the individual events. Or even if it’s a reporting thing, then you can use Data Studio or Looker or even BigQuery if you’ve got the export set up.

[00:09:50] Daniel: I don’t think they necessarily care too much about the kind of volume of data, because, you know, we’ve talked about the data retention in GA4 being a lot more severe or less of a window available to be used and there’s no do not expire option, which means if you want to keep your data, you pay for it and Google’s going to delete it anyway. So actually if they let you store more data for a shorter period of time, then fine. So Dara, we’ve talked a lot about this cookie setting thing that affects the Google Analytics cookie, which is the _ga (Google Analytics) cookie out of the box. It might be worth just bringing up something that we probably hear a lot, which is this idea of ‘the death of the cookie’. That’s the kind of buzz phrase that’s been going around the last couple of years, and there’s this kind of impending doom and this fear when it comes to cookies, but there’s a lot of confusion around what that means and we get asked all the time, you know, does this have any effect on GA (Google Analytics) and how that’s going to track. And what that boils down to is the kind of fundamental difference between two types of cookie, the first party cookie and the third party cookie. I think it’s worth just going through a bit about these cookies because actually one is severely impacted from this and one of them is going to be pretty much unscathed.

[00:10:53] Dara: Yeah, you could call them the good cookie and the bad cookie.

[00:10:56] Daniel: Yeah, the good cop, bad cop. The good cookie, bad cookie. Well, actually both of them are exactly the same thing. So let’s start with what a cookie is. A cookie is a text file that’s saved on your browser, on your machine, on your device, whatever you happen to be using. It’s a really lightweight text file, and what you put in the cookie doesn’t do anything. So cookies don’t do tracking, cookies can’t track you, but the code and the products and the tools you’re implementing on your website and apps can read the cookie and then do something with it. And that’s where the more big brother, we are being watched stuff comes in. So take Google Analytics as a good example, the GA (Google Analytics) cookie has got a random string, a numerical string in there, I think with a dot somewhere in the middle. And ultimately, that’s your Client ID, it’s a random ID that’s been assigned to you when you visit the. The only thing that Google Analytics needs that for is for when you come back to the website, that cookie to be there so that they recognise you as a returning visitor, rather than a new visitor.

[00:11:45] Daniel: There’s nothing else going on in that cookie. It’s just an ID so that it’s the same thing when you come back page after page, session after session. The thing is that Google Analytics uses that and understands what that means. So the cookie itself is harmless, but Google Analytics can read the cookie and do something with it and that can be where people perceive their kind of harm to come from. Now the difference between first and third party cookies, they’re actually both exactly the same thing, they’re both text files and they’re both set in exactly the same way. I suppose technically you can say a cookie set in a first party context or a cookie set in a third party context because there is no real difference between them.

[00:12:17] Daniel: The actual difference comes from where they’re saved. So the first party cookie is saved on your device on your browser against that domain, which is the really important part. So if I visit measurelab.co.uk, I’ll have a cookie saved on measurelab.co.uk saved on my browser. Whereas the third party cookie means that when I visit measurelab.co.uk, I can set a cookie in a third party context, the third party being some other website. So Google Analytics domain, or the DoubleClick domain or Facebook is a really good example. So I’ll have a cookie set on facebook.com while I visit measurelab.co.uk. By the way, we don’t, we don’t have those tags on our websites, it’s just an example, but this is where the really intrusive stuff comes in because if Facebook sets the cookie on the Facebook domain, whenever I go to any website, so whether I go to measurelab.co.uk, or whether I go to google.com or if I go to Twitter, they can read the same cookie and they can identify me as the same person across multiple different websites and that’s why the third party cookies are becoming problematic because I can be personally tracked across different websites.

[00:13:15] Daniel: First party cookies, you can’t, you can only track that person in that first party context on that one website. So when we hear about the death of the cookie, what we are really talking about, or what’s actually meant behind that is the death of the third party cookie, because they’re the types of cookies that advertisers use to track their marketing performance. So if you see this ad on website A and go convert on website B, they can track you doing that. And I think that’s where, you know, especially in the advertising world, the death of the third party cookie is becoming quite problematic. And then things like retargeting and post-impression conversion reporting becomes almost well, impossible.

[00:13:49] Dara: Yes, absolutely. When you hear people talk about the death of cookies, it’s more around third party cookies. And in a lot of ways, I don’t want to be too broad brush about this, but it is kind of clamping down on pretty nefarious behaviour where people are tracked across different websites and profiled based on their behaviour. And in a lot of cases, people don’t actually know that that’s happening and they’re not clear on what exactly is being shared across different domains. But the other thing, just to add a distinction is these cookies are set per browser and device. If you visit the same website on your mobile browser versus your desktop or your laptop and potentially use different browsers as well, you might browse in Safari, then on another device you might use Firefox. You might use Internet Explorer, if you do that, I don’t know who does. That’s all going to be different cookies, the cookie is tracked on a device and a browser.

[00:14:36] Daniel: Yeah and that’s a really interesting point, thanks, Dara. Is that the fact that cross-device tracking doesn’t happen automatically, and again, third party cookies could enable that. So it’s one of those additional elements that first party cookies are less intrusive, I think, because it’s all kept within the same context. The browser limitation is actually a really interesting thing because I suppose it goes back to the whole point of this conversation from that change that GA (Google Analytics) released. It’s really interesting that you can change the duration of a cookie and you can set it to 25 months if we wanted to. But realistically cookies don’t last that long, right? There’s lots of limitations per browser, so every single browser and even browser version out there might have a different approach to how it handles first party cookies specifically. And this is a really interesting thing more recently because there’s something called Intelligent Tracking Prevention, or ITP in Safari browsers and also all Safari based browsers. And there’s also ETP or Enhanced Tracking Prevention within Firefox and their suite of browsers. None of this happens in Chrome just yet, but they’re looking to deprecate the third party cookie now, in 2024 and kind of move completely away from that and have their own version of these things.

[00:15:39] Dara: Wasn’t that recently pushed back?

[00:15:41] Daniel: That’s right yeah, so it was going to be the end of 2023 and they’ve pushed it into 2024 now. An advertising company making billions of dollars a year in advertising getting rid of the way that they can measure advertising is, they’ve delayed it a couple of times now they need to be very sure don’t they, that that’s not going to break anything. A lot of people will be dependent on that continuing to work. Not just the company existing, but a lot of people’s salaries, I can imagine, job security. But yeah, the browser limitations are a real big thing so as Safari’s ITP, for example, when it sees someone like Google setting a cookie, it limits the maximum duration that it can be set for. And in most cases, there are nuances either way, but in most cases, the Google Analytics cookie is actually set to a maximum of seven days. So even if you’ve set 25 months in GA4, you won’t get 24 months lifetime in that cookie if they’re in Safari or a Safari-based browser. That will be set to again, there is nuance, but mostly an average of seven days.

[00:16:32] Daniel: If they revisit the website every six days, that Cookie’s going to be permanently there, it’s going to be refreshed that seven day windows going to be refreshed all the time, that’s no problem. But as soon as they don’t visit for a week, let’s say you’re a grocery retailer and you visit every two weeks or month to do your shopping on a Safari browser. Every time you do that you’re a new visitor. Obviously, if you log in, you can identify yourself that’s not the case, but the kind of basic out of the box, bread and butter metrics that GA4 has, you’ll be identified as a new visitor and your user count will be incremented by one. So these are some of the things that as, some of the nuance around some of these metrics that are maybe not so obvious because you think, oh, well, users and cookies exist. First party cookies are fine, or maybe I think they’re fine, set them to 25 months, but the reality is each individual browser will be slightly different.

[00:17:13] Daniel: And I’ve actually pulled up some browser stats Dara I thought I’d share with you because depending on where you are in the world and what devices are being used and more specifically, what type of business you are, you’ll have a different sort of blend of browsers or your users will be using different browsers. But what I’ve done is I’ve just got to hand some stats for the UK for desktop and mobile browsers. So on desktop, 59% is Chrome and this is for July 2022 by the way, if you’re listening in the future, this is just for July 2022. Edge is about 19%. Safari is actually only 13.5%. So in terms of desktop browser share, 13.5% Safari, and that’s where we are seeing this seven day maximum cookie length being set. Firefox is 5% by the way, not a huge share at all.

[00:17:53] Daniel: However, when we go into the UK mobile browser share, Safari is actually the biggest with 46.2%. Chrome is second with 43.9%, so they’re very similar. And actually, if you look at the lines, they kind of interchange, they swap quite often. But Safari and Chrome are about 45% each, and then Firefox is less than 1%. So yeah, if you are predominantly a B2B SaaS vendor, and you are servicing a lot of businesses that are very desktop heavy and going to be maybe Windows based then you’re going to have a huge percentage of like Chrome and Edge users on desktop. I think this thing is probably not something that’s going to dramatically impact the data you’re seeing. However, if you are maybe a luxury fashion brand that maybe the majority of people are visiting by their mobile or in the UK via an iOS device, then you’re going to see a higher than 45% Safari proportion. And that is actually going to have more of a detrimental impact on these kinds of stats. Because every time someone visits the website, they could quite likely be classed as a new visitor.

[00:18:50] Dara: Yeah there’s two things in there isn’t there? There’s the frequency of visiting, you mentioned like if you’re a grocery site, well you’ll have some customers who will shop weekly and they might be okay, but it depends on whether they do it every eight days or every six days. If you’re a website where even a loyal user is only going to visit every 2, 3, 4 weeks. Then they’re going to be seen as a new user each time unless they are logging in and identifying themselves and consenting to be tracked. So that’s like one lever or one aspect that could affect the data, and then the other one is the percentage share and you’re right I mean, you’ve got the hard stats that, you know, you’ve got in front of you, but even anecdotally, I know from experience of looking at websites who do fall into the category you mentioned of maybe being, not to pigeonhole, but it is sometimes where it’s maybe like a luxury brand, does tend to have a higher percentage of Safari users.

[00:19:36] Dara: And you mentioned that on desktop it’s what did you say? 13.5%? I’ve seen it a lot higher than that on some websites for desktop and then yeah, for mobile, it can be 70, 80, even 90% of the traffic. So the ITP could be having a really big effect on the data. So it’s a really quick thing to check, isn’t it, you go into GA (Google Analytics) and you just look at your browser breakdown by desktop and mobile and see which browsers are driving most people to your particular site and how much you should really be worrying about this.

[00:20:05] Daniel: Yeah, for sure. And even if it is impacting you greatly, then it’s something to take note of because it could change the metrics or even the KPIs you look at. Quite often when I’m talking to people about this, even if they’re not in that vertical, but if they are in that kind of fashion or high end vertical, I always say that things like the new versus returning user splits in GA (Google Analytics) they’re kind of meaningless in that case, especially if they’ve got, like you said, people visiting every couple of weeks and they’re mostly Safari. So it kind of throws some of those stats that you might be quite used to, or the business might be quite used to out the window.

[00:20:32] Dara: Can we just solve this problem with server-side tracking? That’s me with my optimist hat on thinking, I’ve heard server-side tracking is all the rage, let’s just use that.

[00:20:42] Daniel: Yeah we’ve got to be careful with that because server-side does improve the quality of the data capture, but a lot of people are using it to work around user’s privacy. And I think this is the biggest thing or the responsibility on people like us now, Dara, going into this new kind of server-side world is that this server-side product and we’ll talk a bit about how that’s different and how that works in the sec, but it is a way to make your cookies last longer ultimately. Which basically improves the things like attribution in your data in GA (Google Analytics), because you don’t have these deleting cookies every seven days for Safari. However, it is not a reason to work around a problem, which is Google Analytics trying to track people because that in itself is not necessarily a bad thing. I think we have to talk about consent management in a bit anyway, but if people haven’t consented, you can’t just work around and fix this. I think, like you said, it’s a bit of a change where it’s like, we have to be wary that just because we’ve had something today, doesn’t mean we can keep it. Going back to your point, Dara, what server-side does is you can set a cookie via your server. I suppose the basic version of that is rather than the browser seeing Google Analytics setting the cookie, it sees your website setting a cookie.

[00:21:46] Daniel: And so for example, Safari has a list of domains that it does this seven day window for, Google is one of those. So technically Google’s not setting the cookie anymore, it’s you, it’s your website, and you can do whatever you want on your website. They let you set cookies, you know, Safari lets you set cookies on your own website in your own way. And so when you implement server-side tagging, let’s say we’re using server-side (Google Tag Manager). You can actually upgrade the Google Analytics cookie from the _ga cookie to something called First Party ID (FPID), very generic, and that first party ID cookie is set in a first party context. It doesn’t change the data you’re collecting in any meaningful way. You still have to do data layers and tags and that kind of stuff. But fundamentally at its core, the thing that glues all this data together is set in a more efficient way.

[00:22:29] Dara: You were right to respond to my slightly flippant suggestion that we just use server-side to get around this and if you do have consent from your users you have to work around the browser limitations anyway, don’t you. If you’re legitimately gaining consent from your users, because of the way the browser limitations work, you don’t have a way of communicating to them to tell them that you have consent from your users, tell me if I’m wrong about that. So you would have to use a technical work around to actually technically collect that data if you did have consent from your users, otherwise Safari would just cut that cookie off at seven days right?

[00:23:04] Daniel: Yeah, I suppose yes and no. So the consent you gain from your users, isn’t around the lifetime of cookies. It’s just, can we collect the thing right now? Do you allow us to do that? I think whether they’re using a browser or not, it’s like you’ve got a store in a shopping centre and, you know, the shopping centre has its own opening hours and rules that you have to abide by yet you within your own store, you can do your own thing in a way. So as a website, in the Safari browser, you’re still beholden to those rules, regardless of what you decide to do, you still have to open at 9 and shut at 6. You know, you still can’t work around that even if people in your store want to and allow you to stay open, you can’t physically get in. Maybe that’s a really bad analogy, and so it’s not like it’s your job to then work around it, it’s just more like, if you have a method, if you’re using server-side tagging, for whatever reason, if you’re using that not just for things like cookies, but it also improves page load times it takes a lot of the bloat out of the browser and puts it into the server. You can manipulate data in a better way, so you can actually control the data you’re sending to things like Facebook and Google a bit better. So rather than letting Google and Facebook collect whatever they want on your website, you can give them what you want. So there’s lots of other meaningful benefits of doing server-side tagging but there is that bonus of, if they have consented, you set a cookie in the way that you want to set the cookie, it’s a better way of setting a cookie with that longevity.

[00:24:18] Dara: Okay, anyway, I’ve maybe slightly taken us off into the murky world of the ethics of all this, but pulling it back in, maybe more into the topic. You said we’d come back to Consent Mode as well, a worthy part of this conversation. And we talked about Consent Mode a little bit before on a previous episode, but we were coming at it from the angle really of it enabling this behavioural modelling within GA4, but Consent Mode is probably worth picking up here as well in relation to the whole kind of cookies and consent topic relating to GA (Google Analytics).

[00:24:47] Daniel: You can’t talk about all this stuff without talking about consent because it’s on at least everyone’s conversation that I’m speaking to right now, everyone in the world is aware of it. Everyone’s been on websites where you get popups and banners and please opt-in, please opt-out, you know, all these different things. When we talk about this, we often refer to them as cookie banners, but actually what we’re doing here is we’re trying to be compliant with things like ePrivacy or the GDPR, or other kind of localised sort of rules and legislations. And actually when we’re talking about getting consent to do stuff, what we’re actually saying is getting consent to store data on your device. Because technically what I want to do is go onto your device, your desktop, your laptop, your phone, whatever, and save a file, that’s technically what I need to do. And that’s the thing that we need consent to do, whether that’s a cookie or whether that’s set into something called local storage or any other method of doing that, we need consent to access your device, to save a file or to do something. And so the lazy way of saying it is a cookie banner, but actually what we are saying is, do I have consent to access your device to save something for next time?

[00:25:45] Daniel: And I think that’s what I wanted to touch on first. I’m going to say cookie banner, but actually what we are not just talking about is cookies. So there is like cookieless tracking, that kind of thing, but some of those use things like our local storage or other methods that are still applicable by consent management platforms, even server-side tracking, like you need to collect, you know, consent to then do stuff even if you’re doing it via the server, you’re basically asking for permission to collect something about a user and store a bit of data on their device for next time. And so what Google’s done, and I suppose it’s a pretty big job and we talked about this in the modelling episode, but what they’ve actually been able to release is a way to fire off the tracking, but without any cookie data or session data or any kind of identifiable data at all, there’s an argument there that things like IP address, device model, brand, those kind of things could be used for fingerprinting, but I’m not going to go down that rabbit hole.

[00:26:35] Daniel: But the idea is that the data you are collecting isn’t necessarily bad and against the law, what you don’t want to do is set stuff on their browser without them consenting. So in a sense, when users decline the consent in the ‘cookie banner’, you can still do stuff. You still get the website, you still load fonts and pictures and stuff like that, the same way you can still fire an event tracker into GA4. You just don’t have these IDs to tie all together, the glue that holds all this stuff together. So Consent Mode is just a name Google’s given to firing the GA4 tracking with or without consent. If you do have consent, it grabs the cookie ID and sets the cookie, without consent it fires the code just without doing the cookie stuff. Again, revisit the modelling episode if you want to figure out how it then accounts for that within the data. But all of that is kind of handled within the kind of modelling aspect.

[00:27:20] Dara: And of course that’s, you know, as we talked about on the episode before and kind of really briefly touching on now, this is relating to Google Tags or for anybody who’s has bought a consent management platform, has bought a licence to a consent management platform. It’s not a plug and play, it’s not necessarily a plug and play solution. It can be quite intricate and actually plumbing it in to get it to work with various different tags that you’re firing on the site can be quite an involved job. And also one that probably falls between maybe a bit of confusion typically between, it might be an IT team that actually gets the licence to the consent management platform, it’s very much crossing over with, you know, potentially legal and with analytics in terms of what’s actually being managed using that CMP.

[00:28:01] Daniel: Sounds odd, but I really quite like when I’m talking to someone new, going on their website and seeing if they’ve actually plumed it all in before I’ve clicked accept all, seeing if GA (Google Analytics) GA’s firing, if they’ve got Google Ads, Floodlights, Facebook pixels. It’s really interesting to see if they’ve done that plumbing, or if it’s just a bit of a vanity project, really.

[00:28:17] Dara: Okay, what have you been doing Dan outside of work to wind down lately?

[00:28:21] Daniel: Well this weekend I actually went on a little brewery tour in my local brewery. I live almost right next door to one, and they did a Kickstarter campaign about a year or so ago to open up a tap room. Yeah, I funded that and finally got to reap the rewards and I did a little brewery tour and learned all about the brewing process. We got to sample and try loads of beers, yeah, it was really, really fascinating. I’m a really big fan of beer and I didn’t know anything about it. I know you’ve dabbled in the brewing world Dara, but like I’ve never even considered it. But it’s fascinating, it’s this weird combination of mad scientist chemist, and art creativity. It’s a really interesting approach. I learned a lot of stuff and yeah, have a deeper appreciation for beer now I think.

[00:29:04] Dara: I can’t believe you said all that and didn’t mention the name of them. Let me guess, let’s see if I’m a good guesser. Is it by any chance the Abyss brewery?

[00:29:13] Daniel: It is, how did you guess? Is that the one that I happen to live right near?

[00:29:16] Dara: It might be, yeah, it might be. You were so excited, you didn’t even mention their name.

[00:29:21] Daniel: I’ll give them a little plug and of course I’ll put a link in the show notes. They deliver nationally and they do local delivery as well.

[00:29:28] Dara: And it is really good.

[00:29:29] Daniel: How about you Dara, what have you been up to? Can I guess, can I say that this is going to be, you’ve just come back from holiday and you’ve done nothing but holiday stuff.

[00:29:35] Dara: Yeah you make it sound really boring now. It’s the only interesting thing I’ve done all year.

[00:29:41] Daniel: Tell us about the holiday, what did you do?

[00:29:42] Dara: Well before I tell you about the holiday in case anyone thinks I’m some master beer brewer. I’m not, what you were hinting at is when I briefly brewed, did some home brew, using a kit and it only made very small scale. I don’t know what did it make, like something like 5 pints or 10 pints, something like that. I did dabble, it was really fun and it is something I’d like to pick back up again. But what I’d want to do is get some slightly bigger equipment because it’s a lot of work, a lot of patience required to end up with a very small amount of beer. So if I’m going to do it again, I’m going to do it at a slightly larger scale. So just to clarify, in case anybody thinks I’ve got some big side hustle going on where I’m brewing large quantities of beer, that’s definitely, definitely not happening.

[00:30:24] Dara: But my holiday was really good. So I was in Italy, we were there for about 10 days. And we started off just outside Rome, we were at a wedding, friends were getting married. They live in Rome, but they got married in a really nice venue in the hills outside of Rome. So we were there for a few days and then we went on to Venice, and then we were in Lake Como at the end for a few days. So a lot of variety, we packed a lot in, and it felt nice and long, you know those kinda holidays when you get to the end, you think it’s been really good, but I’m actually kind of glad to be getting home and getting back to normal. So yeah, it’s really good, feel recharged and glad to be back.

[00:31:00] Dara: Okay, I know where to find you, but where can our listeners find you or connect with you or find out more about you if they want?

[00:31:06] Daniel: So it’s the Abyss brewery in Lewes, no it’s danalytics.co.uk and LinkedIn and I never plug it, but I do have it, I have Twitter as well.

[00:31:14] Dara: You have a Twitter.

[00:31:15] Daniel: I have a Twitter. I tweet occasionally, I have been known to, not often.

[00:31:19] Dara: Well, I also have a Twitter, but I really don’t use it very often at all. So don’t try and find me on there. Probably LinkedIn is the best place. Not that I use that a huge amount, I’m not a social media kind of guy, believe it or not, but you can find me on LinkedIn and connect with me if you want. Okay that’s it from us for this week, to hear more from Dan and myself on GA4 and all of the things analytics, all of our previous episodes as always are available on our archive, which you can find on our website, measurelab.co.uk/podcast, or you can just use whatever app you’re listening to this now on to find our previous episodes or go back and re-listen to your favourite ones if you want.

[00:31:53] Daniel: And if you want to suggest a topic for us to dive into or someone we should be speaking to, even if that is yourself, there’s a Google Form linked in the show notes, or if you can’t be bothered with that stuff, there’s an email address podcast@measurelab.co.uk that gets through to the two of us.

[00:32:08] Dara: Our theme music is from Confidential, you can find a link to their music in our show notes. I’ve been Dara joined by Dan, so on behalf of both of us, thanks for listening and see you next.

Written by

Daniel is the innovation and training lead at Measurelab - he is an analytics trainer, co-host of The Measure Pod analytics podcast, and overall fanatic. He loves getting stuck into all things GA4, and most recently with exploring app analytics via Firebase by building his own Android apps.

Subscribe to our newsletter: