Posted by: Aurélie Pols | Posted on: junio 19th, 2013 | 0 Comments
Ref: Change Detection
And as Maria was in Zaragoza, we had some discussions over email through the night and the next day.
To be honest, with the advent of Universal Analytics and the questions I heard Brian Clifton ask about retroactivity of measurement at eMetrics London some months ago, I was kind of expecting this. Moving from session centric to user centric does make for some very interesting questions.
However, before “bouh-ing” the lights out of Google and calling them horrible Big Brothers and what not, some thoughts.
Ok so basically was does this mean?
Personally Identifiable Information (PII), a very legal term, gets replaced by personal information, not so much a recognized legal term.
Note that the distinction between PII & non-PII is increasingly becoming a very, very thin line, with the entire debate about deanonymization, data scrubbing and limited data sets.
Getting back to the subject at hand, you’ll note that the Terms of Service did **not** change, clearly keeping the PII reference.
Hence, this is about waving liability towards users of Google Analytics.
If you’re a digital analyst reading this, it means you and the work you’re doing for your company. You are responsible.
And if you’re a consultant well you might want to start thinking about how much responsibility you want to take for your tagging documents.
As a side note, this is for the free tool Google Analytics used by a lot of businesses, worldwide and in Europe! See infographic below.
Is Google going to ask them to spend their 150k € elsewhere????
“Clancy Childs, the product manager for Google Analytics, was keen to stress at the launch that the tool will not be allowed to collect any personally identifiable information; usernames and customer IDs can be used, but if you use it to collect private data, such as email or home addresses, then you will have your data deleted. But whether that will satisfy the European bureaucrats is unclear.”
And I won’t even get started on Google Analytics Premium data in Big Query coming soon! By Clancy Childs: http://analytics.blogspot.com.es/2013/05/io-announcement-google-analytics.html
Comes in PRISM, the NSA and a bunch of other scary acronyms we’ve all been reading about over the past couple of weeks.
However Google protects itself from government requests, and let’s give them the benefit of doubt as fitting in a democracy, fact remains that the more Google Analytics collects, the worst it becomes for all actors involved: website visitors as they might be subject to privacy loss, digital analysts as we would have more work and well Google bien évidemment!
Whether the financial &/or direct access argument holds or not, we should ask ourselves whether we care. And what we actually care about. With we, being:
- Citizens, who use Google’s services (search engine, gmail, etc.) and wish to protect their privacy as they increasingly request data protection;
- Analysts, who pledged to protect their visitor’s data & just want to get their job done while feeling good about themselves;
- Google, who pledges to not do evil and focuses on “organizing the worlds’ information”, while of course making sure their shareholders remain happy with their investments.
As much as it saddens me to read about how little taxes tech giants, “la bande de GAFA”, pardon my French, pay for their (European) operations, one has to recognize that if such tax schemes are possible, it’s our own European fault.
Indeed, as long as schemes like the “double Irish with a Dutch tax sandwich”, are allowed, you can’t blame corporations for taking advantage of them.
Europe’s lack of alignment when it comes to taxes, amongst so many other things, avoids the creation of a Nash equilibrium. Hence tech companies take the route recommended to them by tax specialists firms who basically do their job, in the best interest of their clients and shareholders.
Let’s move on.
In the light of all this, sit Digital Analysts, because they like to ask good questions and like to have the right tools to allow their audience to make informed decisions. Who ever their audience might be: colleagues within their company, citizens in search for insightful information to make better decisions in life or even politicians in search of the next needed legislation.
Digital analysts are active all over the world: in the US, certainly but also Europe, as recently demonstrated by Measurebowling, as well as Asia, Middle East or even Africa. Indeed, someone from South Africa subscribed to the Web Analyst’s Code of Ethics Pledge set-up by the Digital Analytics Association (DAA)!
And while one has to admit that the DAA is more of a US centric organization, one has to applaud their initiative for even setting up such a pledge back in the early days when privacy was still considered as something you basically had to get over.
Yet, for as much as I understand the preferred US way of dealing with Privacy would be through self-regulation, I for one, as a Google (Analytics) enthusiast would welcome a next step.
Don’t get me wrong: I love Google and fully recognize their social contribution and couldn’t care less about how much taxes they pay as it pales in comparison to their social contribution and the way they changed so many things. An Android even watches over my household, together with Vishnu and a little angel!
However, when you change 2 little words like that… you basically recognize the privacy game is evolving. Please allow me to list what bothers me:
- The notion of “Personal information” is very vague and it’s not clear what you do with collected PII: is it deleted? Is it kept?
- Question 1: what is the probability of Google shutting down GA if we collect PII? Answer: unknown;
- Question 2: has Google ever shut down a website because it knows it collects PII? Answer: most of my Google Analytics contacts recognize the issue yet no one seems to be responsible… so to my knowledge, it never happened;
- Question 3: what would be the cost if it happened? Retagging, loss of data, etc.
Now, one could of course argue that it might have happened but was never publicized, which would make sense. Yet, in all my conversations with Google Analytics product managers, Privacy seemed like a far, far away land that wasn’t within the realm of their responsibilities and decided by MoutainView. Yes, I love Peter Fleisher’s blog as well, mainly when he compares privacy to the Spanish inquisition and book burning!
Don’t do evil, huh? So why not prove it in our ever increasing skeptical world? Some suggestions:
- Public disclosure of the number of GA accounts deleted per country, per month &/or public disclosure of the number of warnings send to GA customers/clients;
- Private disclosure of severity of these warnings/deletions (e.g. unencrypted passwords or just emails & telephone numbers) and scale (e.g. number of unique visitors effected);
- Easy means to report Privacy concerns related to GA by users (e.g. email@example.com or firstname.lastname@example.org, which currently do not work). A Google Trusted store feedback system might be one way to solve this;
- Adding PII to the setup checklist process: http://www.google.com/analytics/learn/setupchecklist.html
Now I do understand that a company becomes liable once they say they are going to do something and there’s a gap between the promise and the delivery. Hence, the easy strategy is usually to do nothing, nada!
The problem of course with Privacy is that if you say/write you’ll do something, you actually have to stick by it, as certain multinationals pushed by their Corporate Responsibility streak painfully & recently found out.