Follow

Is Google Analytics illegal?

Yes, said Austrian, French and Italian Data Protection Authorities and today the Danish DPA agreed! 🇩🇰

Exciting times to be a European, privacy-first web analytics project 🇪🇺

@plausible
Don't tell my employer: I've been told to migrante the website from Google Analytics to Google Analytics 4. 😮‍💨

@loke
Don't even listen: I've raised the point, but has no answer directly from legal. Only middle layers b between me and then told me "it's fine".
I'm not even sure how they can don't care. GA4 is able to identify sessions, not users, as far as I've seen, but still data are in USA. Not sure.
@plausible

@plausible curious about your thoughts on my views about consent and analytics.

In addition to being opt-in, I think analytics packages should have all types of data-collection disabled by default so admins can selectively enable only what they need. Data should be treated as a liability, and people should collect as little as possible.

I really dislike how people use GA and GA-based services to find new insights; it makes everyone optimize their software the same way. Nobody asks how they can make their software less addictive.

@Seirdy @plausible I do think that if the initial collection is *very* limited it doesn't run afoul of the issues that should require consent.

@Chronotope @plausible Assuming data is a liability, how limited should data collection be to not require consent?

I think temporary storage (a week or less) of access logs combined with low-entropy binary information (dark mode, is viewport narrower than what I test with, etc) is reasonable for a small operation. This holds if the data collection is clearly documented in a privacy policy, is Tor-friendly, and obeys signals like GPC. These access logs should exclude high-entropy headers like client hints.

Larger operations should store even less since they have the means to correlate information from many sources. ipscrub comes to mind.

The only long-term storage that should happen without consent is of bot traffic.

POSSE note from https://seirdy.one/notes/2022/09/24/limited-tracking-consent/

@Seirdy
Well, what else do you need an analytics tool for than to find new insights..?
@plausible

@maze Compare the two scenarios:

Scenario A: “We received a piece of user feedback to change this design to avoid errors; their suggestion was well received by other users. Let’s collect some telemetry from that component to see is these issues are representative of the larger population; based on that, we’ll know whether it warrants a re-design of that component.”

Scenario B: “Telemetry says users never use this feature; we can remove it.”

In Scenario B, telemetry prompted a decision; in Scenario A, telemetry helped understand a real specific problem. Telemetry should be used to clarify an existing insight rather than make discoveries on its own. Metrics should not be collected lightly; they should be collected with intention (and, of course, prior informed consent).

POSSE note from https://seirdy.one/notes/2022/09/26/intentional-telemetry/

@plausible @jasminee I was able to send this info to someone at work as we’re trying to make a case to remove it entirely (we have removed on some systems already)

@plausible @jasminee and one system I manage never had it to begin with — but there’s still a policy for using it in places that we need to undo

@robigan @plausible

It would be good if Google Tag Manager could also be declared illegal in EU member states.

@boud
What does it do exactly? I blacklisted it with #NoScript. Is that going to help?
@robigan @plausible

@grob @robigan @plausible

I don't know what Google Tag Manager does, but the name sounds bad, so I've long since blacklisted it in #uMatrix . In my experience it's something that can be blocked without being "forced" to allow it for functionality reasons.

@boud
Yeah, it didn't seem to break anything for me either. I'll keep it blacklisted along with everything else googly which doesn't break websites. Apparently it is used for tracking, specifically managing different tracking beacons like pixels without much coding for the webmaster (en.m.wikipedia.org/wiki/List_o)

#Google #GoogleTagManager #tracking #privacy
@robigan @plausible

@grob @boud @plausible Afaik it's a tracking system that goes hand in hand with google analytics but performs other stuff too iirc

@plausible Here's a question for your legal counsel: How are Plausible (and others like Fathom) affected by this decision?

@plausible sadly I can't due to my DNS adblocking :) when I'm not on my phone i'll take a look, thanks.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.