Solved

Google Analytics and cookies: need some clarifications.

Posted on 2015-02-20
9
153 Views
Last Modified: 2016-02-24
Hello, as you know here in Europe there's a cookie law. I'd like to avoid cookies altogether unless absolutely necessary.

So, Google Analytics was a sure source of cookies, but now with Universal Analytics I think this code will disable them completely:

ga('create', 'UA-XXXX-Y', {
  'storage': 'none',
  'clientId': '35009a79-1a05-49d7-b876-2b884d0f825b'
});

My question is: am I right? If I use Universal, the latest implementation of GA, coupled with this code, will I be ok with the cookie law without the need to ask visitors for cookie permission?

If so I will update all my customers' websites. If not I guess I'll switch to something other than GA.
0
Comment
Question by:Daniele Brunengo
  • 5
  • 4
9 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40621715
This page from ICO seems to be the best explanation: https://ico.org.uk/for-organisations/guide-to-pecr/cookies/   Note that shopping carts are based on session cookies and turning them off is not really an option.  You need to get used to telling users that you are using cookies... everyone else has.
0
 

Author Comment

by:Daniele Brunengo
ID: 40622787
Yeah, but since most sites I've been working on are static presentation sites, the only source of cookies would be Google Analytics. So if I can disable them inside it I would be ok with no need to hassle visitors.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40622838
Universal Analytics also uses cookies.  https://developers.google.com/analytics/devguides/collection/analyticsjs/advanced  My main customer uses many different kinds of tracking and they all use cookies.  As far as I can tell, the only way to not have cookies is to not use tracking.

A note...  it is actually the EU Privacy law, not cookie law.  Any method of storing identifying info including Flash cookies and local storage are covered.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:Daniele Brunengo
ID: 40622945
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40623269
The first article talks about using IP addresses for tracking.  Public IP addresses do not uniquely identify a user.  I have thirty computers here behind a single public IP address.  If you are only using the IP address, you can't tell which computer you're tracking.

In the second article, it tells you what to do to set a cookie for Google Analytics so I'm not sure why you posted that link.
0
 

Author Comment

by:Daniele Brunengo
ID: 40623278
If you go to the bottom of the page in the second article you can find this:

Disabling Cookies

By default, analytics.js uses a single cookie to persist a unique client identifier across pages. In some cases you might want to use your own storage mechanism and send data directly to Google Analytics without the use of cookies.

You can disable analytics.js from setting cookies using the following:

ga('create', 'UA-XXXX-Y', {
  'storage': 'none',
  'clientId': '35009a79-1a05-49d7-b876-2b884d0f825b'
});

When you disable cookie storage, you will have to supply your own clientId parameter except for the special case where you are using cross-domain linking parameters.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40623316
That is essentially irrelevant because you can't set a unique trackable client id for each user.  And if you could... it still falls under the EU requirement for notification because you are 'storing' and 'tracking' personally identifying information.

It's really simple.  Either you notify them or you do not track them.
0
 

Author Comment

by:Daniele Brunengo
ID: 40624396
So what's the exact difference without a trackable id? Visitor counts are wrong?
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40624449
Visitor counts and page tracking will both be wrong in cases where there is more than one computer behind a public IP address.  You are down to what you can see in the server logs which only list the IP address that requested a page, nothing else.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question