You’ve heard about cookie restrictions which have spurred regulations like ePrivacy in EUR, and other regulations around customer data usage and consent such as GDPR and CCPA. If you want a refresher, you can have a look at our quick Data Governance Crash Course.
These regulations are great for the user but can be difficult for companies to implement. From our experience, when you update your site to account for these regulations using a consent management platform (like Evidon, OneTrust, or TrustArc), the amount of site traffic reported drops due to fewer users opting into analytics tracking. I’m here to tell you that you can track this “hidden” traffic while still being compliant to any regulation; however, it’s important to understand the limitations since it’s very different from the reporting that you are used to with Google Analytics.
What Are Cookies?
A cookie is a small storage file that saves specific information about a user depending on what the cookie is looking for and set up to store within the browser. An example of a cookie is when you go onto a site and select the “remember me” box when you log in so that when you log in again your information is already filling in the login boxes. That “remember me” function is done through a cookie that has your login data and then uses the information to autofill the login form. Sites use cookies for functional things (like “remember me” logins or preferences), but mostly for marketing/advertising purposes. You see examples of this when you are on a site and search for an item and then start seeing ads for that product on other sites. If you need more information about cookies and why they are important for tracking, please check out this article. Recently, modern browser providers like Apple and Mozilla have added their own Privacy features that affect how cookies are used which in turn, affect some GA metrics and data. See more details in this article around Apple’s ITP and Mozilla’s ETP and how it affects analytics. You can also watch one of our webinars about how the browser cookie restrictions can impact your eCommerce.
Are Cookies Bad?
Cookies get a bad reputation, but they aren’t intended to be malicious. Like I said above, some are used for functional purposes that end up helping the user. However, some larger companies have accumulated user data sets associated with cookies mostly without the user even realizing they were collecting data on them. Therefore, these companies have a trove of information about individual users (like location, purchase history, and device type) which is why cookie regulations require notifying users about data usage practices and then allowing the user to decide what data to share. The regulations also stipulate stricter guidelines and punishments for any misuse of data and liability for data breaches.
Process for Google Analytics
Now that we understand what cookies are, we can dig deeper into how they are used within Google Analytics and then, finally, how to exclude them from use with Google Analytics.
Regular Google Analytics Tracking
Typically Google Analytics tracks a user when they land on your site and that’s when a cookie is retrieved or created. Whenever a user interacts with the page (depending on the tagging set up on the site), all the engagement and cookie data is sent to Google for processing. Then the data is processed and available for viewing in Google Analytics reporting.
Cookieless/Anonymous Google Analytics Tracking
Google relies on cookies to tie sessions and user information (like user demographics, UTM parameters, attribution, and purchase funnel) together. Without cookies, you can see this data, but it can’t be bucketed in the same way that we are used to seeing, in essence, everything is on the “hit-level”. This means that you can see that an action was taken (pageview, event, or purchase), but have no idea who took that action, where they came from, or any of their previous actions in that session or previous sessions.
On the base level, to follow the user’s request to not be tracked via cookies, we have to change up how we implement Google Analytics. The main component that links user browsing behavior is the clientID and a cookie is used to store and carry forward that clientID from page to page. Therefore, we’re going to prevent GA from storing that clientID in a cookie. We can do that by using a script within a tag management system (like Google Tag Manager) that generates a new and random clientID on every page unload. This effectively renders the user completely anonymous (as they have requested), but still allows us to see the interactions on the site.
Differences In Data Collection and Setup
- Set up a separate cookie-less/anonymous Google Analytics Property for data collection.
- Less confusing to users
- Doesn’t clog up data
- If regulations change, you can quickly remove the property
- Implement special tagging within your TMS with a distinct set of tags, triggers, and variables to fire when consent is not given for page views and custom events.
- Specify settings on the anonymous GA tracker to disable:
- Cookie storage
- Anonymize IP
- Ad features
- Delay the sending of the anonymous pageview until the page unloads to avoid duplicate page view hits when/if a user does change their consent.
- Disable the following in the GA Property Settings:
- Advertising Reporting Features
- Remarketing
- Demographic and Interest Reports
- Users Metric in Reporting
- User-ID feature
- Make sure that you are not collecting any user type data in your custom dimensions (like member ID, guest ID, user ID, etc.) since Custom Dimensions will still be sent with each event/pageview.
- Do not connect any other integrations to the property like (ex: AdSense, Salesforce, etc).
Reporting in Google Analytics
The biggest and most important difference in the data is that for the anonymous GA Property, only hit-level data, like total page views and total events, are accurately reported. Meaning metrics that are based on session-level or user-level data (like bounce rate, session duration, time on page, entrances, or exits) are all inaccurate. However, all normal metrics still populate so users and session metrics are still shown, but they are not accurate. Our recommendation is to create a separate dashboard specifically for the Cookieless/Anonymous GA tracking that only shows hit-level metrics since those are the only accurate metrics. Additionally, this means that any conversion metrics or goals cannot be set up.
You can still segment based on hostnames and pass custom dimensions to help identify the source of the hit, but it will be sent with EACH hit event/pageview so the scope of these can only be hit-level. Please also be sure to check the custom dimensions that you are passing and be sure that you aren’t collecting any individual IDs or information that could be tied back to the user.
Also, UTM parameters still work, but only on the first page that they land on and are not tied to any subsequent pages. This means that you can see what campaigns/medium/sources were the most popular in driving traffic but cannot see if they drove any specific engagement or conversions.
Conclusion
As long as you know and understand the limitations of setting up cookieless/anonymous tracking in Google Analytics, this allows you to have some insight into this “hidden” traffic. You’re able to still see what actions are taken by users, what purchases they make, and/or what pages they view the most. It’s not the robust amount of data that we are used to seeing but we can still get a lot of insight into these anonymous user’s behavior and eventually even see the percentage of users that are anonymous vs consented.
