Has the GDPR & e-privacy directive destroyed your Google Analytics data?

I have been searching on this topic for a couple of weeks but with slim results. It seems that the general consensus is that GDPR and e-privacy directive has not affected the Google Analytics data in any significant way. This is probably due to the fact that 95% or so of all companies do the cookie approval banner not accordingly to the law (see screenshots below). So I thought to write this article to shed some light on the topic and maybe start a discussion.

The implications

So what happens if you would loose a large part of you Google Analytics data? Can you still draw conclusions based on the remaining data? How is segmentation affected? How is sampling affected? Are your dashboards still accurate? What about traffic attribution?

As you can see there are several important questions on the table. If you want to be data driven your data has to be clean and reliable. Bad data leads to bad decisions. In todays environment where segmentation plays a key role your data has to be crisp. Companies spend tons of money to keep data clean and accurate. So if you comply with the new EU-law you might see a drop in your GA-data. What do you do when that happens?

Actions

One way to seek the answers is to analyze if the remaining traffic is mirroring the lost traffic. You have to map out your most important user paths and compare before and after. The tricky part is to do this with segmentation. Depending how big your segments are you might be all right (read here about GA sampling) but if they are small they might show you the wrong numbers. Another more extreme action is to take all analytics data in-house, use your own analytical tool - not cloud based.

The right and wrong way to do a cookie banner

Below I give some examples of the correct and wrong way to do a cookie banner.

The right way to do cookie approval banner

Not necessary cookies always need cookie approval. Necessary cookies are defined as the cookies that need to be set for the service to function. Interpreting this last sentence is today done very creatively according to my sources.

The wrong way

No decline button. If there is a one click accept button then you need a one-click decline button. The buttons should also have the same size and color.

Who approves the cookies?

Honestly speaking, when you surf a website and get the choice to either accept or reject all cookies what do you choose? On which sites do you approve the cookies? Based on my own pattern I approve the cookies out of laziness, but mostly choose not to approve them if that option is there. For sites that I want to have a relationship with I usually approve them. This must make data much less accurate hence harder working on improvements/KPI′s - you will have some blindspots.

So what do you think? Feel free to leave comments below.