There are a number of risks that come when collecting consumer data via site tags, in order to collect marketing information and/or personalise a user’s experience. Not only does compromised data present numerous risks to the user themselves, it can also ruin your brand, making you vulnerable to lawsuits and scrutiny from organisations like the Consumer Protection Agency.
There are massive companies that have been rocked by brand-damaging scandals. While these and other tech giants do indeed suffer from such scandals, they also have the big pockets necessary to mitigate their losses, fix data leakage problems quickly, and perform the branding damage control necessary to alleviate user concerns rapidly. They’re also meticulous about keeping up on all compliance necessary to protect themselves and users!
This infographic from DataTrue gives you an idea or two on how risky it can be when companies collecting consumer data are doing so without proper measures in securing the confidential information.
Let’s talk about the issues covered in the infographic in deeper details.
GDPR Offers Data Protection for EU Visitors to Sites
The infographic indicates relief for European visitors to all global websites, via the General Data Protection Regulation (GDPR) made effective in May 2018. The regulation affects all websites who cater to (Ie., allow traffic from) European visitors.
Unless a webmaster plans to purposely block all European traffic from their site, they must comply with GDPR standards. This, or risk losing all trust from consumers relating to their brand.
What Does This Mean for Webmasters?
It means you need to know what tracking tags are present on your site and alter or eliminate those that don’t meet GDPR compliance. In general the tags currently used by the vast majority of beginner to advanced webmaster collect the following user info:
- IP Address
- Browser used to access site
- Cookie data
- Links and ads that were served and viewed
- Products the user spent time viewing
- Time spent on each page and site overall
GDPR Tag Compliance Standards
If you can meet the following, you’re not going to get into trouble:
- Is the user clearly (boldly) being informed of what data is being collected?
- How is the data being used (Ie., to serve appropriate ads, or for sale to other agencies)?
- Who has access to the data (Ie., only the company asking for the data should have access, unless explicitly stated to the user).
- Who is the data being shared with (again, unless the user is informed of all sources, or told they’re information will be shared with multiple sources, it’s against GDPR).
- Can the data be deleted? (If the user wishes to have their data destroyed upon completion of a transaction or deletion of a cookie, you must comply to be GDPR compliant).
Many modern site owners rely on Google and Bing Webmaster tools, in which case it would be rare to be out of compliance with GDPR standards. In fact, the Google Analytics tag is the most commonly used tag on all websites found on the web.
That is, IF you don’t allow that data to be shared with third parties, also known as “piggyback tags” and direct tags that you’ve knowingly or even unknowingly allowed onto your site:
Direct tags connect site users with a single source. Google Analytics is a great example of a direct tag. Other direct tags could be associated with other types of analytics and marketing tools such as KissMetrics installed via plugins or code that help you track data, serve relevant information and offers to visitors, or partnerships with marketing companies that ask customers for data. Using direct tags from reputable companies shouldn’t get you into trouble with GDPR.
Piggyback tags can be a big problem. Particularly if they’re unknowingly attached to direct tags without yours or the third party’s knowledge. They can also be legitimate. It all depends. Piggyback tags route data through multiple sources, putting the responsibility of data security on all sources. They’re risky without top-notch security, and are most associated with hacking-related activities. A good example of a risky piggyback tag would be one attached to a shopping cart where personal data such as credit card information is entered — the risk here should be obvious.
The Lowdown on Tag Security and GDPR
The facts and figures shown in the graphic show that most sites have a large mixture of both direct and piggyback tags attached to their site. Without proper tag management — identification, analysis, and elimination (if necessary) — your site might not just be non-compliant with GDPR, but also subject to severe legal problems.
Not to mention the moral implications due to the fact that you could be causing undue harassment to your users, but also causing them serious financial issues resulting from fraudulent activity because of their data being leaked to untrustworthy, unscrupulous sources.