Jump to content

Cre8asiteforums

Discussing Web Design & Marketing Since 1998
Closing May 25. Investment Opportunity.

glyn

2000 Posts and More Club
  • Content count

    3,153
  • Joined

  • Last visited

  • Days Won

    155

glyn last won the day on May 6

glyn had the most liked content!

Community Reputation

608 Excellent

About glyn

  • Rank
    Hall of Fame

Contact Methods

Recent Profile Visitors

62,013 profile views
  1. My take is that as long as you are anonymizing ip using the variable google provides via gtm you are fine.
  2. Just to say that I am sure with all those visits you have a newsletter? Have you done your GDPR consent for those emails you have, if not then that is what I woudl focus on because those lists are valuable and you risk losing them after 25 may if you don't have consent registered against those contacts. The rest is all longer term testing, but I did want to flag that for you if you had not done it yet. We are currently doing that for about 100K emails! G
  3. I have been looking at an annual tool called cookiebot, it's on Google's GDPR page and basically makes it possible to provide the "don't track anything" until consent is given. There you document the cookie type by scanning your website and then categorize the cookie type. You can then set the categories of cookie to either load or be something that unloads when the user states their intent. In this way you can unload all the functional cookies and then decide to unload statistical cookies, and implement the GTM anonymize cookie function, and then with marketing cookies (tracking pixels and google display remarketing) you can then set those to unload if the user decides to do so. The tool makes a record of the user choice and then stores this so the next time they visit it will remember their preferences. You also get a log of all the requests that you can download and store offline. The question, and hence asked, was whether or not Marketing Cookies could be unloaded with the action of browsing through the website as being an implicit consent by the person that these are fired. These are where the problems are because of the fact that Facebook and Google can triangulate the session to either a FB profile or Gmail account, where that information, even a website visit, can be added to the persons data profile. Businesses have the status of Data Controller but Google or Facebook essentially bundle in your tracking pixel with the ability for that information to be resold to other parties via their advertising platforms. If it were possible for you as Data Controller to be able to set the level of sharing that you profile data could go through: for example you only allow your own marketing messages to be shown to people that are part of the dataset you collect, the whole display remarketing platform would fall apart. All those lookalike and affinity audience types would disappear or be reduced sinificantly. As it happens I have to bundle marketing all together so the difference between me wanting to share message with people that have visited my website about my products cannot be detatched from selling your data profile to the world. I could have misunderstood this but what might happen is that Google will make tools available so that it can also be held responsible for making the mechanism to permit deletion. However the fact that Google and Facebook are considered only processors makes this whole thing more difficult for obligations to be put on them because the onus is on the business to control the data. Glyn.
  4. Egol. Yes there is i think nothing wrong with you doing that, but I fear that you are obligated to remove tracking under gdpr. What happens if there is web error and your site gets accessed by someone has not seen that message, and you have just aggregated their data to googles processing centre? And you did not ask!
  5. This is why I think GDPR is a bit s*** for agencies. The business is the data controller. IE a company. Person comes to the website and we want to say "When you come here we may track you for marketing purposes, and use this to serve ads to you. These ads will be only from us, and concerned with our products" What we have to say: "When you come to come here Google will track you for marketing purposes. They will serve you ads and resell your information profile to other parties and you will get no money from this. What we would like to do is show you stuff about our products and services that you might have missed when visiting our website, but unfortunately Google groups all the stuff together so actually your data profile might be used by one of our competitors to sell your stuff" How has it been possible for a business to be given the title of Data Controller but that it does not have the ability to negate Google from reselling that information gathered for marketing purposes to other parties. It's very clever indeed! G.
  6. Added for comedy value. Glyn Musica (@glynmusica) Tweeted: https://twitter.com/glynmusica/status/990932181806612481?s=17
  7. Added I don't think anonymizing IP will be enough to remove obligations of gdpr, is that what you were suggesting @iamlost I don't think you were. I found this test which will be useful for us (not related) https://www.conversionworks.co.uk/blog/2017/05/19/anonymize-ip-geo-impact-test/ What I am concerned aboutnis the idea that I am required to get explicit consent for marketing cookies and not consent through ongoing usage (implied/unambiguos consent) does anyone have any learned links about this which is not a bloody lawyer pre-sell? Here are some more links. https://www.theguardian.com/technology/2018/apr/19/facebook-moves-15bn-users-out-of-reach-of-new-european-privacy-law. And it was the wsj not guardian earl (my memory) https://www.wsj.com/articles/how-europes-new-privacy-rules-favor-google-and-facebook-1524536324
  8. I don't think anonymizing IP will be enough to remove obligations of gdpr, is that what you were suggesting @iamlost I don't think you were. I found this test which will be useful for us (not related) https://www.conversionworks.co.uk/blog/2017/05/19/anonymize-ip-geo-impact-test/ What I am concerned aboutnis the idea that I am required to get explicit consent for marketing cookies and not consent through ongoing usage (implied/unambiguos consent) does anyone have any learned links about this which is not a bloody lawyer pre-sell? Here are some more links. https://www.theguardian.com/technology/2018/apr/19/facebook-moves-15bn-users-out-of-reach-of-new-european-privacy-law. And it was the wsj not guardian earl (my memory) https://www.wsj.com/articles/how-europes-new-privacy-rules-favor-google-and-facebook-1524536324
  9. @bobbb - here is one of the things. Google doesn't give IP information in Google Analytics, much as most of the world's AdWords managers would surely like to audit the sessions that are of less than a few seconds length on keyword terms that are very focused to pages that are very relevant, but instead it uses security as a barrier for providing this. However, they still collect this information and apparently this is used for GPS style services. The IP address is considered a piece of personal information under GDPR. So what you can do, if you are using GTM is provide an extra field which will annonymize the last octet of the IP address, this will reduce some of the accuracy of geo based campaigns, but make the IP issue with Google products okay from a GDPR perspective. Where does the Digital Marketing agency sit in this equation? For example, I rely on a host of platforms to provide elements of my services, as a data controller is it now a requirement for all my Clients to detail all of the services to which they subscribe and which may be in possession of information that has been provided by visitors to it's branded properties? Is this where the role of Joint-Controller comes in. Where the marketing company provides a function that makes it joint owner of the data? I'd be really interested to know about this as I am not keen on providing potential competitors with a complete recipe book on what makes our services so unique. Back to the detail: There is still however a grey area of understanding about standard cookie length expiry and how this is linked to the data retension policy you set within Google Analytics. For example the cookie length on Google Analytics seems to be 2 years but the data retension policy seems to sit within that. IE person comes to the website Google sets a cookie, which tracks stats and marketing, and if that marketing cookie has been allowed then the event activity will be stored in your Google Analytics dataset for whatever you set it to. Does that sound right? All the display remarketing cookies stuff is quite complicated but I don't think it is anything like the kind of shi*storm that old email lists, contact forms and well worded privacy policies that fall foul of guidelines that are written in such an institutional and long-drawn our process, I am thinking what happens when the loca restaurant sends out their menu and there is guy on the mailing list that knows about GDPR and decides to exercise his right to access his data and to request proof of this authorization to have been sent the communication from the restaurant. I was reading a piece in the Guardian the other day (it was sent to me) that actually made the case for the GDPR actually benefitiing the very companies that already had access to huge amounts of personal information. Wouldn't that be an irony of stupidic proportions. Glyn.
  10. I have been reading a lot of information in these days about GDPR which I'm all for in many ways as a privacy person. From what I've read the following seems to be a good summary of what Google Expects from you (to continue to use their services) acquire legally valid consent from end users for the use of cookies or other local storage (where legally required) acquire legally valid consent for the processing of personal data for ads personalization of ads or remarketing services; keep records of consent given by end users; provide end users with clear instructions for the withdrawal of consent; and identify and disclose details of all third-parties involved in the processing of the personal data of end users, in an easily accessible and visible way On the above list I would do the following: On site cookie notice which stops all tracking unless the user clicks "I'm happy to be tracked" (it has to be positive opt-in) No idea - see below. For newsletters many of the major newsletter providers are making it possible for you to implement a parallel record to a contact that includes information about their consent. For example if you have 30K email addresses from old mailing lists and send a newsletter to those contacts after 25 May in EU and that contact asks to be shown proof that they said they wanted to receive that information, it seems indefensible for a company to say "we got it in the past!". No. Now you will have to demonstrate that there was an explicit request to receive that information no matter how old it was. This means that I need to reach out to all my past contacts and get them to re-grant permission and this permission is then stored in the mailing list database alongside their normal contact record. This one here is possible to implement and fix, but this is where the pain is going to be, especially for those companies that have subscribers that might have a grudge to bear. On another tack let's consider this: your sales team go to a conference and meet people and get their contact details. They come back to the office and while that contact is just between the sales person and the person they met all fine. But if that sales person then adds the person to a newsletter (for example a sales leads newsletter) that's where the sh** could get ugly. Because if that person gets a newsletter from your company and then asks your company to prove that they gave their consent to receive it, the sales persons word will not be enough to legalize the consent. However, what could happen is that sales person comes back to the office on the first time and then sends an email to the person inviting them to sign up for a newsletter, where that consent gets recorded. This again is pretty straightforward once you've audited your third-party providers and found out how they will handle requests for information to be deleted. This can then be declared in the privacy policy. Pretty straightforward, just write it nice and clear. I have read a lot of information but it is not clear to me how point 2 should work. First of all it looks as though the consent should be conditional so a site popup for tracking would include any of the following questions/answers, and on that basis determine which cookies to unload. - Yes, I grant my consent to be tracked while visiting this website for the purposes of improving this website (statistical cookies) - Yes, I grant my consent to be tracked in such a way as to allow <company name> to propose special promotions that I may not have been made aware of during this website visit. (advertising cookies) - No, I wish to revoke all consent for the tracking of my visit while on this website. (do not track). It says that Google will be providing instruments to help users delete any information that has been gathered by themselves and associated in some way with a Google profile. I am guessing that, for example, if someone wanted to delete all the stuff that Google had tracked on them that they would provide a way for a user to do this. Have these instruments been launched yet? Is there a way that a user that wanted to delete all the information stores on them would actually go through the process to do this? In Google Analytics you can set a Data Retention period for the information that Google stores on users as they browse your website and then they aggregate around the information record they have for that user. What I have not seen anywhere clearly explained is how that relationship between the website owner (that installs audience re-marketing) and Google is communicated with the user on the front end. For example in the past we made wonderful privacy policies because they really did want you to take steps and be informed about things, in plain English. They were literally award-winning. Now we have some gaps in the privacy policy because maybe we explain the three choices above and then elaborate them to provide links to tools online. For example, "Yes I grant my consent to be tracked" might end up with a piece in the privacy policy to say that these third-party cookies are stored by X ENTITIES for X PERIOD OF TIME, and then provide a link where this information can be requested and audited. As it is all open to interpretation is there anything in what I have written that you think is wrong? Do you think that the check-box and conditional unloading of tracking cookies is something that will be required? Are there any technical instruments to help with this? - How are you supposed to record that consent has been given to be tracked when you have no personal information for them? If a user does not have a user account on your website where their consent to be tracked has been recorded, where should you store the consent they have given you for the visit they are making now? Thank for any insights you can provide. Glyn
  11. I get my local fixed always by twittering the gmb account. Can take a couple of weeks but they always nail it.
  12. 5.5 hours of gym per week that includes 10k of running plus Italian food. 18 years of diet but still 100kg!
  13. Unfortunately the boat of care for consumers left around about the time of the launch of AdWords.
  14. I ignore all this stuff so much. Nice that people are having recoveries, in the end google will affiliate you and you are still dead, but even then if you are a producer, not in FMCG sectors, you might survive!
×