The spectre of GDPR
The GDPR demands a lot from digital platform providers. We are required to obtain consent, grant the right of access, fulfill the right of erasure when requested by the data subject and keep a procedure directory. We have to comply with defined deadlines and check continuously whether our internal processes are still correct. Anyone who violates the requirements of the GDPR must expect heavy fines. That leads to pressure and uncertainty.
And even though I very much welcome the data sovereignty of the individual, one must honestly admit that the GDPR is often also just ultra annoying. Apart from providers also customers suffer everyday under the measures for the data protection of personal data by constantly being forced to click on something and being asked to agree to or sign individual regulations.
Data economy according to GDPR
But anyone who simply thinks the GDPR is stupid is doing it an injustice. Because this regulation also gives us reason to think, reason to correct. For example, Article 5 requires us to collect data only when we really need it. Data minimization is the magic word.
In my observation, far too little attention is paid to data minimization around user analytics. Yes, we need information about HOW our users use our offerings. But should we really also collect information about WHO our users are? I don't think so. It even appears to be the other way around. We actually have a wonderful way to save data on our hands.
Analytics is important
No question: analytics data is important. After all, providers want to tailor their services to users' needs. To achieve this, they must understand the behavior of the people who use the services and know what devices the visitors use. Because at the end of the day, the goal is to earn money with the website, app, or service. And that only works if the quality is high. The quality is only high if the users feel comfortable. Users feel comfortable when the offered services fit their requirements. We require this data to adapt our offerings to our user's expectations. Well, they understand the context.
The crucial question is: Do we also need personal data to meet the needs of providers as described? Or have we simply become accustomed to receiving personal data along with valuable information?
Who actually needs personal data?
In my theory: we as website and app providers don't need personal data. But providers like Google do.
And this leads to two questions: why does Google require personal data, and why should we provide it?
Google's business model is essentially based on person-related advertising. Every Internet user should be offered exactly those products that are most likely to be purchased by that person. This is because Google earns money from every purchase that is made via an advertisement. To really deliver the appropriate ads to each person, Google requires a lot of information. And this information must be assigned to individuals: location, age, income, marital status, and so on. Because only if you know whether you are dealing with a father or a businessman are you able to decide whether offering cars or putters as a result for the search term “golf” is appropriate.
The data that Google collects in the database comes from the personal profiles, mail accounts and YouTube accounts that are linked to the respective owners. These data sets also contain search behavior and behavior on apps and websites. The source for this are the analytics tools that Google provides free of charge: Google Analytics and Google Firebase. These tools are free because the actual product is the personal information on their users and not the service they provide.
Analytics without personal reference
If you are as annoyed by this system as we are, then we have good news for you because technically, there is no reason why clicks should be associated with people. To optimize a service, it is quite enough to know HOW people use it. It is not crucial WHO uses it.
Anonymized tracking works by technically cutting the connection between the signal and the user. Hashing and salting are proven methods for this purpose. How we at TelemetryDeck preserve the anonymity of the app users, you can read here.
Since we now have identified the problem and described the solution, is everyone happy now? There is one catch to the whole thing. Because TelemetryDeck requires you to pay if you send us more than the allowed, free signals. Why is that? Well, we don't sell the data collected in our customers' apps to advertising networks. We don't make money from the data. We just have trouble with it because we take the signals, manage the data, and deliver it in seconds when our customers pull up a chart. That's time-consuming and can't all be done as a hobby after work.