Loading...

Logo

Website Owners Guide: Modernize Your Prviacy Policy

Four Critical Steps To Modernize Your Privacy Policy

The USA does not have online privacy laws to protect the privacy of folks while they browse the internet. This results in data being catered and sold to third parties about website visitor browsing habits and purchases.

Collecting data from multiple sources - stores, website visits, and other sites you visit allows the larger companies with resources to compile that data into profiles about your behaviors.

The European Union (EU) has set forth the General Data Protection Regulation (GDPR) that is the gold standard for website privacy in all aspects. It covers the simple website visitor experience and also the more complex server issues of the data mechanics of enterprise websites.

How can you protect the privacy of website visitors and also discover the success to convert your target audience? Those answers are the learning objective of this article.

  1. What does it mean to track a website visitor.
  2. Compare tools that capture website visitor information.
  3. How to modernize your website privacy policy.
  4. Move forward with optimal website visitor privacy.

Is it time for a customized privacy policy strategy?

TRACKING A WEBSITE VISITOR

The most common understanding of tracking website visitors is to identify important website activity - important being related to your website objective.

For the majority of websites this is around SEO - Search Engine Optimization - is that you can build a sales funnel to ultimately convert a website visitor into a subscriber or buyer.

Tracking the website visits mean knowing how they found your site, what they did on your site and also characteristics on them personally to understand your target audience.

Every website owner wants to generate leads and insights for sales and marketing.

Visitor tracking gets much more powerful when you apply it to analytic software, such as Google Analytics. In those analytics you identify performance based on statistics such as page views, devices used to access your website, and overall traffic volume.

Is it time for a customized privacy policy strategy?

COMPARE DATA TRACKING TOOLS - ANALYTICS

Google Analytics (GA) are, perhaps, the most recognized analytics tools. There are many such tools, but GA is free so that helps induce the majority of websites to use it. Unfortunately, GA ha a terrible record on data privacy that is pretty much out in the open if you take the time to read the consent you make to use the GA product.

Matomo is a product I use for my website clients. It’s based in Germany, which means it must be compliant with GDPR.

If you have read the privacy policy news lately, you will see that the big tech firms in the USA have failed, and continue to fail, with the GDPR.

In terms of privacy, here are features in Matomo that GA does not provide:

1. Automatically anonymize Visitors IPs.
2. Include a analytics opt-out feature on your site (using a simple iframe).
3. Ability to delete old visitor logs.
4. Built in function to respect Do Not Track setting.

These are five features of Matomo offers, as a business tool, which Google Analytics does not provide your website:

  1. Hosting: your data analytics on your server.
    2.Content Interactions: analysis feature to ensure you get insights into how well your content is performing.
  2. Integration with Bing and Yahoo Search Consoles: search behaviors and crawling stats from your Bing and Yahoo consoles directly into your UI.
  3. Roll-Up Reporting: multiple websites under the one account, you can use the Roll Up feature to combine all the website's data into the same interface.
  4. Form Analytics: Forms are an important part of the conversion process and you need to ensure your customers are filling them in effortlessly. 


    
Is it time for a customized privacy policy strategy?

MODERNIZE WEBSITE PRIVACY POLICY

As a business website owner, you want to be able to understand what visitors do on your web pages so that you can build a better website to 1) enhance your organic search results and 2) to identify the behaviors of your target audience.

You also want to have analytic features to display Real Time visitor details, Ecommerce Analytics, Visitor Profile, Real Time Visitor Maps and view that info on your mobile device too.

There are two methods to accomplish quality analytics while achieving and respecting the privacy of your website visitors per GDPR website cookie notice and no website cookie notice.

Yes, in case you are wondering, cookies, a snippet of code, is connected with your browser (cache) which allows the majority of analytics software to work. For example, you can visit 10 websites and each one install a cookie.

A. Website Cookie Notice

If your analytics software is using cookies, such as Google Analytics, then you have to use this approach. According to the GDPR a cookie notice must meet the four characteristics.

  1. Freely given (the user must have a choice to not give consent and be able to opt out at any time).
  2. Informed (you need to disclose who is processing the data, what data is processed and how to opt out).
  3. Specific (consent is only valid for the specific informed purpose).
  4. Unambiguous (for example, pre-ticked boxes or similar aren’t allowed).

By those measurements, 99% of the websites in USA displaying cookie notices, at time of writing this article, are invalid. They don’t meet GDPR.

NOTE: The most distinct menthol to have a qualified cookie notice on your website is to have it function where the user, website visitor, can sign into it, choose want they want to track or not tracked, and then storing those preferences.

Those preferences are then used by the analytics software to keep certain data about the visitor while discarding other visitor data.

B. No Website Cookie Notice

Using this approach means you are not using cookies, nor is your analytics software, with each website visitor. In other words, you are not tracking personal data of your visitors..

Follow these steps with your analytics:.
1. Make sure you disabled analytics tracking cookies in your analytics..
2. Make sure IP addresses are anonymized (2 or 3 bytes) because the full IP address is considered personal data.
3. Make sure your Page URLs and Page titles should not include personal data/PII (such as the visitor’s name).
4. Make sure your Page Referrers URLs do not include personal data.
5. Make sure you are only tracking users on a single site and not tracking the same user across different websites.

If you are doing Ecommerce tracking or requiring a User ID to access parts of your website; you will likely need to ask for the user for consent when these features are used. There are some caveats to E-commerce and User ID that are too long to place in this article.

Is it time for a review of your online marketing strategy?

MOVE FORWARD WITH WEBSITE PRIVACY - GDPR

You are welcome to use the privacy policy on this website to model your own privacy policy.

The website visitor OPT OUT presented on that page is recorded in Matomo Analytics as that is the analytics provider we are using. When the user sleets that option no browsing data is collected during their visit.

The are my suggested next steps for you to modernize your privacy policy. Determine what analytics firm you want to use.

  1. If you are using a cookie based analytics, or if you are choosing a analytics service with servers in USA then be advised they are probably not in compliance with GDPR. You would do well to ask them in an email if they are in compliance.
  2. Once you know if you are using cookies, or want to use cookies - meaning you want to collect personal data from your visitors - then set up a hard cookie notice on your website that satisfies the four characteristics mentioned about in Website Cookie Notice section. Most likely you will need to add a function to your website that allows your users/visitors to sign in and manger their cookie preference.
  3. If you want to move forward without using cookies, simply find an analytics provider that allows you to make the changes discussed about in No Website Cookie Notice section. That provider will probably be located, along with its’ servers, outside the USA.
  4. One last pertinent detail to keep in mind with your website privacy policy is a recent ruling. On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the “Privacy Shield” in a U.S. Surveillance case. It ruled that personal data can't simply be transferred to the US or to another country, unless they have similar privacy standards.

I hope this article has been helpful for you.

~ Steu Mann, July, 2020