1. Privacy & Consent – Major revision
Getting a website’s privacy and consent right is difficult. Apart from the myriad of privacy decisions required to be complaint for laws such as GDPR, there are still plenty of grey areas as to what the fundamentals mean. For example if no cookies are set, can a website send data without a visitor’s consent?
For Verified Data the answer to that question is “it depends”. Strictly speaking the default answer is no: No consent = no tracking. However, there can be exceptions if such hits are necessary to help make a website usable e.g. by enabling basic functions such as blocking robots.
Our new Privacy & Consent Compliance report has been completely revamped to take into account this complexity. For example, a common mistake by website owners is to think of privacy only in terms of Google Analytics. It’s the obvious visitor tracker of course, but privacy law is tool agnostic. Hence when checking for compliance, Verified Data looks at ALL the data hits.
Here is what the new report looks like:
Hits sent without consent
As the info text at the top of this report explains, this section is special. Normally all Google Analytics hits are blocked when an audit is running, however for this section, any trackers found need to be allowed to fire (an set their cookies). So to limit any hit inflation, a smaller sample of pages are used. The table then lists all the potential trackers if found sending data.
*Remember* this is without any visitor consent, so it ignores any Consent Override setting you have set.
Audit tests
With the hit table established, the audit tests do their stuff. You can configure how strict the test should be i.e. “No Hits” from Google Analytics allowed without explicit consent, or more lenient “Hits Allowed” if your compliance framework allows GA to send data if configured benignly.
In addition you can configure the tests scope. That is to only review Google Analytics trackers, or to include others. For other trackers, there is also a whitelist option in the audit settings.
Defaults
The Privacy & Consent report is enabled by default with the strict setting = No Hits and scope = GA + other trackers. For some geographic regions privacy law may not so advanced (though it will come!). If that applies to you, you can of course disable this section from the audit (as you can with all sections – except the Core Principles section).
2. API update – Coming soon!
Just a quick note to say thank you to our beta users who have provided valuable feedback. The API allows you to full out all report test values and settings – allowing you to effectively rebuild your own IU or embed our results into your own reporting system. ETA is February 2021.
Ensure you follow our company page on LinkedIn to catch the announcement (I am not a fan of email announcements!).
As always, we love to hear your feedback on this new release! Please add your comment or contact us directly at hello ‘@’ verified-data.com