How to implement Privacy by Design in server-side tracking
A step-by-step guide
- Article
- Technical Web Analytics
In our previous blog, we explored the significance of Privacy by Design (PbD) in server-side tracking to ensure compliance with data protection regulations such as GDPR. Now, we’ll dive deeper into a practical, step-by-step guide to help you implement these essential privacy practices. This ensures data privacy and security at every stage of the ETL process in tag management systems.
Read our previous blog about the significance of PbD here.
Example case “Organisation XYZ”
Organisation XYZ wants to combine data client-side and server-side tracking for their data collection, but wants to make sure their approach is privacy-centric. They have created a data inventory and linked applicable grounds. They now want to run the ETL process based on PbD to show what steps need to be taken. In this example, we choose to process IP addresses of users.
Step 1: Extracting user data with Privacy by Design principles
In the extract step, data is collected into the data layer from various sources, such as development, websites, applications, or stored data. User consent (or other legal grounds) determines what makes it into the data layer and what does not get processed.
Example: Organisation XYZ
XYZ uses IP addresses for several purposes: fulfilling legal obligations for registering consent, obtaining consent for marketing and analytics, and pursuing legitimate interests for fraud detection. Because XYZ always needs the IP address available regardless of consent, it is never completely removed from the data layer.
If you also wish to have an easy way to view your data layer, have a look at our Tagbird chromium extension for your browser. You can learn more about our free extension in this article.
Step 2: Transforming data securely to protect user privacy
In the transform step, you process and organise the data extracted into a usable format. At the beginning of this stage, the data layer contains only the data points that passed through the initial filter. By making your data layer's data points purpose-specific, you make it transparent which data points can be loaded for different purposes. Additionally, depending on the granularity needs, you can obfuscate data points to make them less sensitive if the use case allows.
Example: Organisation XYZ
XYZ wants to split the purposes for personal data and make this clear in the data layer:
- Legal obligation: Create the data point “client_ip_address_legal_obligation”.
- Analytics and marketing: Populate “client_ ip_address_marketing” or “client_ip_address_analytics” only if users have given specific consent.
- Fraud detection: Create “client_ip_address_fraud” with only the first two digit pairs to remove unnecessary specific IP information.
The PbD pageview is ideally sent to the server-side solution, where there are more options to limit what data is transmitted server-to-server.
Step 3: Loading data responsibly in server-side tracking
In the load step, you move the transformed data to perform the purpose it was processed for. Whether you send data client-side or server-side, each load point should be configured with the correct purpose-specific data point to provide the correct dimension. Ensure that the endpoint storing the data can meet the retention period criteria of the data inventory.
Example: Organisation XYZ
XYZ configures each endpoint connector or tag with the specific data point, and consent preferences determine whether the data is loaded to the endpoint:
- Legal obligation: Send “client_ip_address_legal_obligation” to their consent registration server with a 13-month data retention period.
- Marketing and analytics: Send “client_ip_address_marketing” or “client_ip_address_analytics” to a server-side tag management system if the user has consented.
- Fraud detection (not pictured): Send “client_ip_address_fraud_obfuscated” server-side, where it is further obfuscated and translated to a country code, then sent to a fraud data lake with a 3-month retention period.
Conclusion
Implementing Privacy by Design (PbD) in tag management systems through the ETL process ensures robust data privacy and compliance. By integrating PbD principles into each step of the data lifecycle, organizations can create a privacy-centric approach that benefits both the organization and the individuals whose data is being processed. For a general overview of the importance of PbD in server-side tracking, read our introductory blog here.
This is an article by Bram Ooms
Bram started as a Technical Web Analyst in 2019, where he focused on data implementations at clients such as Univé, DPG Media, Boels and Vodafone. Through his experiences with the impact of legislation on enabling data flow he developed an interest in data privacy, which he is now actively pursuing within Digital Power.
Receive data insights, use cases and behind-the-scenes peeks once a month?
Sign up for our email list and stay 'up to data':