Understanding Privacy by Design in server-side tracking

Integrating Privacy by Design into tag management systems

  • Article
  • Technical Web Analytics
privacy by design (PbD)
Bram Ooms
Bram Ooms
Technical Web Analyst
5 min
15 Aug 2024

In the digital age, organisations increasingly rely on data to drive decision-making and improve user experiences. That’s why data protection and GDPR compliance is more critical than ever. Privacy by Design (PbD) is an essential approach for embedding data privacy into every step of your IT and business practices, especially within tag management systems for web and app tracking.

What is Privacy by Design?

Privacy by Design (PbD) is a methodology that integrates privacy into the lifecycle of IT systems and business practices. It ensures that privacy is considered at every stage, from initial design to final deployment, making privacy a default setting rather than an afterthought.

7 key principles of Privacy by Design for secure data management

  1. Proactive not reactive: Anticipate risks and prevent privacy impacts before they occur through design choices.
  2. Privacy as the default: Ensure users get the highest level of privacy protection by default.
    1. Collection limitation: Collect only the necessary data for which you have consent.This may be based on grounds such as consent, legal obligation or legitimate interest.
    2. Data minimisation: Collect only data needed for specific purposes.
    3. Data retention: Do not store data longer than necessary, based on a clear retention policy.
  3. Privacy embedded into design: Integrating privacy into digital products should be part of the conversation from the start. All decisions should be filtered through a privacy-first perspective.
  4. Positive-sum, not zero-sum: Ensure that the use of personal data creates value for everyone involved, not just for one side. Utilising personal data should result in a 'win-win' scenario, benefiting both your organisation’s goals and the individuals whose data is being processed.
  5. Security measures: Implement robust security measures to protect data during extraction, transformation, and loading.This includes encryption, access management, secure data transfer protocols, and regular security audits.
  6. Transparency: Clearly communicate to users what data is being collected and for what purpose.
  7. User-centric: Put users in control of their privacy settings.

 

Duality of tag management

Typically, tag management involves deploying and managing tags (small snippets of code) on websites and apps to collect data. These tags track user behaviour, gather analytics, and facilitate marketing efforts. With the rise of server-side tracking, tag management has expanded beyond just being a client-side script. If you want to learn more about what server-side tracking is and isn’t, make sure to read this article.

Combining client-side and server-side tracking provides the best combination of flexibility, security, and configurability. This dual tracking approach is considered best practice and allows for the most control to ensure the PbD principles are implemented. Setting up server-side tracking doesn’t outright ensure compliance. This article explains best practices overall and debunks myths of privacy on server-side tracking

Integrating Privacy by Design in tag management

When discussing ETL in the context of tag management systems, we refer to:

  • Extracting relevant data points and placing them in a data layer.
  • Transforming these data points from the source data layer to the desired format.
  • Loading data by sending it to various endpoints for utilisation.

Typically, little attention is paid to privacy when adding data to the data layer. Data is often collected through client-side selectors or event tracking, without a clear structure indicating the sensitivity, type, or intended use of the data.

The Tag Management System is the best place to integrate PbD into your ETL process, as it centralises controls and allows for full adaptation to the organisation's choices and preferences. This centralisation ensures that machine or human errors have minimal impact. Each step in the ETL process removes unnecessary data, reducing the possibility of a breach or incident in the future.

Conclusion

By integrating PbD into tag management systems through the ETL process, organisations can ensure robust data privacy and compliance. Combining client-side and server-side tracking provides flexibility, security, and control, while PbD principles embed privacy into every stage of data processing. For a deeper dive into implementing these practices, check out our detailed implementation guide on Privacy by Design in a server-side tracking setup here.

This is an article by Bram Ooms

Bram started as a Technical Web Analyst in 2019, where he focused on data implementations at clients such as Univé, DPG Media, Boels and Vodafone. Through his experiences with the impact of legislation on enabling data flow he developed an interest in data privacy, which he is now actively pursuing within Digital Power.

Bram Ooms

Technical Web Analyst

Receive data insights, use cases and behind-the-scenes peeks once a month?


Sign up for our email list and stay 'up to data':

You might also like:

Transform your web- and app data into actionable insights with server-side tracking

Server-side tracking is the process of collecting and processing data through a server rather than on the user's device. By migrating your tagging implementation to a controlled server environment, you improve data accuracy and protect user privacy. Turn your data into actionable insights and gain a full understanding of your users' interactions.

Read more

The impact of server-side tracking on privacy

In the digital age, where data privacy has become a forefront concern, server-side tracking stands out as a crucial tool for organisations aiming to gather user insights responsibly. Despite its potential, numerous myths surround its use and compliance with regulations. This article dispels these myths, offering a nuanced view of server-side tracking, its compliance with privacy laws, and the role of consent in its execution.

Read more
third-party-cookies - image of a cookie

Third-party cookies: should I stay, or should I go?

In recent months there has been a lot to do about third-party cookies and their not-so-imminent-anymore end-of-life in the Google Chrome browser. Is this then much to do about nothing or should you brace yourself for a paradigm-changing shift? In this article we will lift the veil over this important topic. Also, we’ll share 7 hands-on tips to prepare yourself for what’s coming.

Read more
what is not server-side tracking

What is not server-side tracking?

Server-side tracking is becoming a hot topic among agencies, marketeers and analysts. A lot of information is available on the subject, but it is not always accurate. Server-side tracking has often been sold as a miracle solution against data loss, GDPR and other unethical challenges.

Read more
Eneco header

Eneco becomes the owner of their web data streams using server-side tracking

Eneco has been working with us for years for the (client-side) tracking of their online traffic. When server-side tracking emerged at the end of 2022, it was a logical step for them to ask us to think about the business value of this tracking method. They wanted to compare their existing Google Analytics implementation with a tagging server on Microsoft Azure.

Read more

How can you tell if your GTM tagging server works?

There are reasons abound for deploying a tagging server on your website. This blog will not be about why it makes sense (or why perhaps in your case it doesn’t) to use server-side tagging. Instead we will jump forward in time and ask ourselves another pertinent question: ‘how can you tell if your tagging server is doing what it is supposed to?’

Read more

Measure ecommerce events in GA4 and Universal Analytics with only the updated datalayer pushes

With our variable in the Google Tag Manager Community Template Gallery it is easy to start using all the new ecommerce analytics capabilities that Google Analytics 4 offers while fully supporting the 'old' enhanced ecommerce of Universal Analytics. Find out how the variable works.

Read more
unive blog

Integration web and app data contributes to a 360-degree customer view

Univé is a Dutch insurance company that offers insurance, financial products, and services to both consumers and businesses. The company is focused on providing high-quality service and helping customers make responsible financial decisions. Since 2014, we have been working closely with Univé.

Read more

Switching from Universal Analytics to Google Analytics 4 (GA4)

On 14 October 2020, Google launched the new version of Analytics: Google Analytics 4 (GA4). Soon after the launch, it became clear that a number of important functionalities from Universal Analytics (GA3) were missing, and therefore the time to switch seemed far away. Fortunately, we see that the development team on the side of Google has not been idle. Some nice features have since been introduced within GA4 that have narrowed the gap between GA3 and GA4. This article answers the questions that are increasingly being asked about GA4.

Read more

How do I set up Google Tag Manager?

A tag management system such as Google Tag Manager (GTM) enables you to measure visitor behaviour on your website. You can also implement marketing pixels (such as Google Ads and Facebook) and cookie banners via this platform. This article gives you tips to keep in mind when setting up GTM. This allows you to collect reliable and usable data, and you will be less dependent on your web developers.

Read more

The impact of ITP on analytics and the user experience​

Intelligent Tracking Prevention (ITP) was launched by Apple in 2017 in an effort to restore "the balance the balance between privacy and the need for on-device data storage". With Intelligent Tracking Prevention, Apple aims to reduce cross-site tracking (following users across websites) by limiting the use of cookies. Find out what this means for you.

Read more
web analytics quality

How good Is your web analytics implementation?

How confident is your company in its web analytics data? In this article, we’ll first explain why web analytics tools can never provide 100% accurate data and why that’s not necessarily a bad thing. Then, we’ll dive into the practical side of things: how reliable are most web analytics implementations?

Read more

What is Tagbird, what do you use it for, and what can you do with it?

Tagbird is a Chrome extension developed by Digital Power. You can download it from the Chrome Web Store and add it to your browser. It is a debug/visualisation tool that provides a simple and clear insight into, among other things, the data layer, tag management events and analytics requests of a website. So you can quickly and easily test your entire analytics implementation with Tagbird.

Read more