Moz Q&A is closed.
After more than 13 years, and tens of thousands of questions, Moz Q&A closed on 12th December 2024. Whilst we’re not completely removing the content - many posts will still be possible to view - we have locked both new posts and new replies. More details here.
If website users don't accept GDPR cookie consent, does that prevent GA-GTM from tracking pageviews and any traffic from that user that would cause significant traffic decreases?
-
I've been doing a lot research on GDPR impact and implementation with GTM-GA for clients, but it's been 12 months since GDPR has gone live I haven't found anything on how GA traffic has been impacted if users don't accept cookie consent. However, I'm personally seeing GA accounts taking huge losses in traffic since implementing GDPR cookie solutions (because GTM/GA tags aren't firing until cookies are accepted).
Is it common for websites to see significant decreases in traffic due to too many users not accepting cookie consent? Are there alternative solutions to avoid traffic loss like that and still maintain GDPR compliance?
It seems to me that the industry underestimated how many people won't accept cookie consent. Most of the documentation and articles around GDPR's start (May 2018) didn't foresee or cover that aspect properly, everything seems to be technically focused with the assumption that if implemented properly most people would accept cookie consent, but I'm personally not seeing that trend and it's destroying GA data (lost traffic, minimal source attribution, inaccurate behavior data, etc).
Thanks.
-
This is a common and over-zealous implementation of GDPR tracking compliance. Lots of people have lost lots of data, by going slightly overboard in a similar way. Basically you have taken GDPR compliance too far!
GDPR is supposed to protect the user's data, but in terms of - is there a 1 or a 0 in a box in an SQL database for whether an anonymous user visited your site or not (traffic data, not belonging to the user) - it's actually fine to track that (in most instances) without consent. Why? Because the data cannot be used to identify the user, ergo it's your website data and not the user's user data
There used to be a GA hack which Google patched, which forced GA to render IP addresses - but even before it was patched, they banned people (who were using the exploit) from GA for breaking ToS. That kind of data (PII / PID), unless you have specifically set something up through event tracking that records sensitive stuff - just shouldn't even be in Google Analytics at all (and if you do have data like that in your GA, you may be breaking Google's ToS depending upon deployment)
If the data which you will be storing (data controller rules apply) or sending to a 3rd party to store (in which case you are only the data processor and they are the data controller) does not contain PID (personally identifiable data - e.g: email addresses, physical addresses, first and last names, phone numbers etc) - then it's not really covered by GDPR. If you can say that these users have an interest in your business and show that a portion of them transact regularly, you're even less at risk of breaking GDPR compliance
If you're worried about cookie stuff:
"Note: gtag.js and analytics.js do not require setting cookies to transmit data to Google Analytics."
It's possible with some advanced features switched on like re-marketing related stuff, this might change. But by default at least, it seems as if Google themselves are saying that the transmission of data and the deploying of any cookies are not related to each other, and that without cookies the later scripts can send data to GA just fine without cookies
If you are not tracking basic, page-view level data which is not the user's data (which is not PII / PID), then you are over-applying GDPR. The reason there aren't loads of people moaning about this problem, is that it's only a problem for the minority of people who have accidentally over-applied GDPR compliance. As such it's not a problem for others, so there's no outcry
There'**s lots more info here: **https://www.blastam.com/blog/gdpr-need-consent-for-google-analytics-tracking
"This direction is quite clear. If you have enabled Advertising features in Google Analytics, then you need consent from the EU citizen first. Google defines ‘Advertising features’ as:
- Remarketing with Google Analytics.
- Google Display Network Impression Reporting.
- Google Analytics Demographics and Interest Reporting.
- Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers.
-"
If you aren't using most, many or any of the advanced advertising features, your implementation is likely to be way too aggressive. Even if you are using those advanced features, you only need consent for those elements and specifically where they apply and transmit data. A broad-brush ban on transmitting all GA data is thoroughly overkill
Think about proposing a more granular, more detailed approach. Yes it will likely need some custom dev time to get it right and it could be costly, but the benefit is not throwing away all your future data for absolutely no reason at all
Don't forget that, as the data 'storer' (controller), a lot of the burden is actually on Google's side
**Read more here: **https://privacy.google.com/businesses/compliance/#!?modal_active=none
Hope this helps
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Blocking Standard pages with Robots.txt (t&c's, shipping policy, pricing & privacy policies etc)
Hi I've just had best practice site migration completed for my old e-commerce store into a Shopify environment and I see in GSC that it's reporting my standard pages as blocked by robots.txt, such as these below examples. Surely I don't want these blocked ? is that likely due to my migrators or s defaults setting with Shopify does anyone know? : t&c's shipping policy pricing policy privacy policy etc So in summary: Shall I unblock these? What caused it Shopify default settings or more likely my migration team? All Best Dan
Reporting & Analytics | | Dan-Lawrence0 -
I have had a huge increase in direct traffic to our website but not sure why this suddenly happened? (no promos during this time period)
I have had a huge increase in direct traffic to our website but not sure why this suddenly happened? (no promos during this time period), traffic up 200%+ according to Google Analytics
Reporting & Analytics | | Julia_a1a1 -
Migrated website but Google Analytics still displays old URL's and none new?!
I migrated a website from a .aspx to a .php and hence had to 301 all the old urls to the new php ones. It's been months after and I'm not seeing any of the php pages showing results but I'm still getting results from the old .aspx pages. Has any one had any experience with this issue or knows what to do? Many thanks,
Reporting & Analytics | | CoGri0 -
Organic Traffic From...Mountain View, CA?
I've noticed something a little odd in my organic search traffic lately. Looking at several websites that target the Minneapolis area, I'm seeing some organic searches come in (typically using head keywords - no geo-modifier) from Mountain View, CA. There's no way we are truly ranking well on these terms in California, so it certainly feels like Google sniffing around. I was worried that perhaps they were checking into penalizing us or something, but we've actually seen upticks in search traffic lately. This traffic is not showing up in Google Analytics, just Adobe SiteCatalyst. In the past, spikes from random locations were probably some sort of crawler, like the preview bot, but these are coming in as searches with (for now) keyword data. Has anyone else seen anything like this?
Reporting & Analytics | | SarahLK0 -
Tracking pdf downloads
hello, I have a site with 100's of pdf's for download and I would like to track how many people are downloading these, does anyone have a simple solution for this? Is there anyway I can do this in Google Analytics using one piece of code, thanks...
Reporting & Analytics | | Socialdude0 -
Exclude Traffic from India
i would like to exclude all traffic coming from India using Advanced Segment in Google Analytics. How do i go about it ? Will it be applied to future traffic also ?
Reporting & Analytics | | seoug_20050 -
Abnormal Spike in Traffic- Ddos or what?
We've noticed a 100% increase in our traffic over the last three days. However, the page views have not increased proportionately. The traffic sources seemed to be dispersed naturally. Could this be a Ddos in the making or some other type of attack as it seems unlikely that we suddenly started receiving thousands of extra visitors. Its a leading news website with a consistent heavy traffic daily which just doubled over the last three days. What should we be looking at?
Reporting & Analytics | | RishadShaikh590 -
Will having a subdomain cause referral traffic from the domain name?
Hi! One of our clients has a site with the store on a subdomain: store.example.com. When we've set up goals for order confirmation pages, we often see most of the sources attributed to example.com. Is this because of the subdomain issue? How would we correct it so that we would see as the referring source for the goal the site that sent to the root domain originally, and not the site that sent to the subdomain? Thanks!
Reporting & Analytics | | debi_zyx0