The backstory
Internet giants like Google, and Facebook (that now owns Instagram and seemingly everything) are finally put in the spotlight for their unethical privacy practices. This, the EU law’s GDPR, and many other events have sparked a movement. People want online privacy, or, at the very least, to be told they’re being tracked.
At Manoverboard, we agree; it’s the least we can do. We build websites that people visit on their personal and work devices, so we need to inform them that their personal data or actions are being tracked or collected.
It’s the law.
No matter what is collected, each country has a different set of laws and regulations, and it’s real. Real fines, and real consequences for businesses and nonprofits of any size.
The thing about the web is that anybody can visit your website, no matter what country they’re in. Your country of origin’s regulations may not be enough.
What we recommend.
Step 1: If you don’t need the data, don’t collect it.
Have you ever collected data before? If you do, how often do you look at the data your site is collecting every minute of every day? You may not need to collect any data at all. Your visitors will love you for it—no annoying cookie notification bars!
We understand that some scenarios require data collection, so we have a few other recommendations.
Step 2: Don’t set cookies if you don’t have to.
You can completely cut out the complicated laws and requirements by using alternative methods to collect the data you need. Not all data collection tools (like Google Analytics, FaceBook Pixels, etc.) are created equal.
We recommend trying out something that doesn’t require tracking cookies (at Manoverboard, we use Fathom). The drawback, though, is that these tools don’t collect nearly as much data since they aren’t as invasive.
Step 3: If you need to collect as much data as possible, hire the (legal) experts.
Try running a shorter campaign rather than thinking of it as a permanent feature. How long do you need to collect data for? How long is long enough to get the data you need to inform your next steps?
During the tracking and collection phase(s), the visitors need to be informed. They need to know what the website is tracking and collecting, and what you are doing with it, in plain language. This can be displayed in your privacy policy (which should be written by a legal advisor).
Depending on what your legal advisor concludes, there may be more steps involved. GDPR compliance, a cookie opt-in/opt-out pop, or the privacy policy with a clear link.
At Manoverboard, we can implement the solution, but we can’t advise how to best protect your business from privacy laws.