Mark Gledhill

By Mark G

SEO, Social Media, Strategy, PPC

A marketing agency owner’s take on privacy changes in 2022: what are they & what can we do?

The diminishing ability to track users has been causing a fair few headaches for digital marketers. In the face of these privacy changes our Director, Mark, takes a look at how we might move forward with reporting...

A marketing agency owner’s take on privacy changes in 2022: what are they & what can we do?

Over the past few years the ability to track users on your website, social media, the emails you send, and the third party websites they visit has been steadily eroding.

It’s becoming increasingly difficult for marketers to track users

This is due to privacy legislation brought in by national governments and economic bodies, alongside more voluntary changes from corporations like Apple. Whilst Apple’s actions on privacy in iOS appear more customer focused than those taken by their big tech rivals, some might say that the fact that they affect Facebook and other rivals’ ability to track conversions through their apps and websites on iOS doesn’t hurt.

These changes have been prompted by growing concerns about how technology companies use our data, and whilst in some cases the implementation of the legislation has been rather blunt edged, the impulses behind it are certainly valid.

Possibly the most impactful changes to UK and EU businesses have been caused by the GDPR cookie directives, meaning that tracking and analytics cookies cannot be set on a website unless users give their explicit consent. So if users ignore the consent pop up at the bottom of the screen (or indeed choose to actively decline unnecessary cookies), Google Analytics cookies cannot be set and the tracking code cannot be fired. These users are invisible to GA, meaning they don’t contribute to visitor numbers, conversions, sales analytics, channel attribution and so on. Essentially, if you’re implementing cookie consent properly then your Google Analytics is under reporting everything.

What can marketers do about under-reporting in Google Analytics?

Well, we can’t recover this data - that is the whole point of the legislation. However, there are small things we can do right now to help us estimate how much data we’re missing out on, and use this to scale up metrics to give some kind of educated approximation as to what the real figures might be.

Take a look at so-called ‘GDPR compliant’ analytics tools - and bridge the gap

These are increasingly springing up. There aren’t that many of them yet because the cookie consent laws don’t affect the US (although some states are starting to bring in similar legislation). Until things affect Americans, many tech companies don’t really take note.

One such tool is called Plausible. Plausible doesn’t use cookies or track any personally identifiable user information, and so claims to fall within GDPR legislation (disclaimer - have your own legal/GDPR experts check this out to confirm it fits with your own company policies). Because it doesn’t use cookies to track users’ journeys through a website or store any information that could identify a user, the amount of information it provides is drastically reduced when compared with GA. However, it does track visitor numbers, referral sources and can track conversion numbers through their API.

We’ve been using Plausible on the Extreme website for a few months and have found that visitor numbers reported in Plausible are more than double that reported by GA. That’s a lot of data lost! Cookiebot (our Cookie consent framework) only reports a relatively small number of people actively declining cookies, so the majority of missing data is from people simply ignoring the consent form.

The percentage difference between the Plausible and GA visitor numbers gives us a multiplier that we can use across other metrics (conversions, channel referrals etc) to give a broad estimation of what the true numbers could be. Clearly this is purely an estimation and should be treated as such, but it is likely to be significantly more accurate than the untreated GA data.

Because so much of the missing data is from people ignoring the consent form, some businesses choose to put the consent form right across the top of the website so that the site can’t be used without the user making a choice. Then, rather than making it a single click to accept or decline individual cookie types, the user is given the option to accept cookies or ‘manage choices’. The second option sounds like hard work, so more people simply ‘accept’. This approach will often improve the quality of your analytics, but at the expense of your website's user experience and is arguably against the spirit of the GDPR.

In addition to these first party analytics restrictions, some browsers are blocking third party cookies by default, whatever the user chooses on your consent form. These are the cookies set by advertising tech companies like Facebook, Google and other programmatic platforms that allow them to track you across the internet and show you targeted advertising based on previous behaviour, and also credit back conversions from your advertising on these platforms.

More recently iOS 14.5 and iOS 15 (the operating system on Apple devices) have introduced additional privacy features. Apps now ask the user if they are happy for the app to track their activity across other websites. Unsurprisingly, the vast majority of people click ‘no’. Some reports show acceptance rates as low as 5% (and to be honest, the question is “did most of that 5% click ‘yes’ by mistake?”!)

This means that practically all clicks from social media apps on iOS 15 are moved into the ‘Direct’ bucket in GA, and their attribution is not properly assigned. And that is assuming the user then manually accepts cookies on the site - if they don’t, they’re not tracked at all.

Similarly, the open rate metric from your email campaigns is now impacted on Apple Mail on iOS too. Counter intuitively, it’s likely your open rate for iOS will actually increase because Apple is now prefetching and caching the tracking pixel even for users who don’t physically open the email, even though no identifiable information will be tracked.

All this adds up to a lot of missing or potentially incorrect data.

So what can we do to help bridge the gap? Modelling estimates by combining GA with a GDPR compliant tool as described above is one possible method.

Focus on real, confirmed data - rather than simply client side tracking

For an ecommerce site, your sales reports in Shopify and Magento contain genuine, accurate data for all sales, unlike GA’s client side tracking which excludes anyone who hasn’t accepted tracking cookies. Similarly, your CRM contains all genuine form enquiries, unlike GA’s client side conversion report.

This first party data is more important than ever. Using server side tracking we can push this data directly into GA, Segment (or any other reporting or data warehouse tool) rather than relying on cookie based client side tracking. This makes conversion numbers accurate in your reporting tool, but unfortunately doesn’t necessarily help with attribution. Similarly Facebook has a server side API that allows us to push some conversion information back to facebook.

Server side tracking is a key tool in our analytics arsenal going forward. It’s harder to set up and maintain than simple client side tracking and so comes at a cost, but toolsets need to change.

Going forward: a more holistic view of reporting, combining first party with analytics data?

Marketing needs to be closer to the boardroom than ever as individual channel attribution becomes more and more difficult. First party data owned by all aspects of the business should be seen alongside the analytics data we do still have from digital activity.

One possible collateral benefit from all this is the enforced breaking of the reliance on direct ROI as the key metric from individual campaigns. At any given time a significant proportion of your potential customers are not looking to buy right now, but all campaigns serve to keep your brand front of mind for when they are ready to purchase - this type of awareness has always been an essential part of the buying journey.

I’m not a fan of the term ‘zero party data’ because, well, it’s ridiculous, but it has come to mean data that your customers willingly share with you, usually in return for something. Perhaps a discount code for your store or a useful download in exchange for their email address, birthday or other preferences. On an ecommerce site, behavioural tools like Klaviyo can pull together purchase history with volunteered ‘zero party’ data to provide powerful, automated marketing.

Google is also looking for ways to use machine learning to fill in gaps where it can. The newest version of GA, called GA4, continues to develop in this area.

But the truth is, the ability to track individuals’ behaviour online in the very personal way we’ve been used to for so long is diminishing. Connecting directly with your customers and allowing them to feel comfortable sharing some of their personal information with you is more important than ever. Keep an eye out on our blog over the coming months for more information on the changing landscape of digital tracking and analytics.

Could team Extreme help to solve your tracking troubles?

Drop us a line

Post by


Technical Director

Mark spent his twenties working in record shops around the country, gradually learning more sophisticated ways to disparage customers’ music choices. Having switched to web design and development in the late nineties, Mark founded Extreme in 2002 with co-director Antony. Knows stuff about a range of things. Knows less about other things.

Stay up to date

Insights & Industry News

If you want more expert viewpoints, industry insights and general marketing know-how from Team Extreme, get signed up.