John, Joe and James. Was there a wave before? I can’t recall. I know John Lovett perfected the idea in 2007 but I’m also almost certain someone preceded him in the idea. It made sense at the time with so many consolidations in the market. Anybody remember NetGenesis or ClickTracks?

Forrester Wave Web Analytics

I haven’t rooted for a specific tool ever since we set-up Mind Your Analytics and Mind Your Privacy as we are vendor independent: we take no commission on the sale of any digital analytics tool. There has always been a rather awkward feeling about sitting between the clients we recommend tools to and the vendors. Not a healthy situation in my opinion or as one vendor puts it:

Even outside of formal partnership programs, certain vendors have also been known to compensate consultancies for passing on leads that result in a sale. Where that is the case, a conflict of interest inevitably arises.” Source: http://www.bullishdata.com/2014/05/22/choose-digital-analytics-vendor/

So we can proclaim Adobe is the winner, Google is missing, wonder why AT Internet made the cut and not Webtrekk, or even why IBM is so high but at the end of the day, the important thing is to actually do something with the data, Putting Your Data to Work, Mind Your Group’s tag line.

I had heard whiffs of the fact that the latest Forrester wave mentioned something about privacy but to be honest, I thought it would hone in more on the “deletion” aspect of our beloved digital data collection as that’s the ultimate Privacy by Design trick question.

My favorite hash tag on Twitter is not #measure, it’s morphed into #EUdataP, #datenschutz, #Privacy over the past 2 years as Privacy is something I got worried about a couple of years back. No surprises here.

The report states “Differentiation is mostly found in the vendor tools’ ability to recognize individual visitors and associate them with previously unrecognized interactions trails

definitivaAnd I totally agree with that: it’s not about web or digital analytics per se, it’s about a larger ecosystem of data that feeds into one another to make better decisions: a data ecosystem of intertwining tools through which data is flowing. Data for which your company is responsible.

A data ecosystem where you’ll focus on the acquisition part, on the attribution part, on the conversion part and where, in the end, the customer should sit centrally, as depicted in Mind Your Group’s bow-tie framework for your digital data ecosystem.

Analytics has become a commodity and should be viewed within a bigger picture, certainly not as the only source of data that might be reveling the “Truth”.

I’ve sit through plenty of meetings through the years where I’ve had to defend the analytics data against SEO, campaigns, internal data… somehow it never matches up yet faith in the data remains one of the most important aspects for the business: if you don’t trust it…

So thank you GA for the commoditization that started in 2005 and is now at:

Google Analytics

And we are all in our analytics industry moving from bucketed segmented “anonymous” interactions towards recognizable individual interactions.

While there have been enough discussions through the years about moving from logs to tags and their related cookies, we today live in a world of multiple tracking methodologies in our omni-channel multi-device world. These technologies are not as easy to detect as the ones used for compliance with the current EU Cookie Directive.

And this is both wonderful as well as scary, like anything in life. As an analyst, this also means that data can be rewritten if at some point in time through the customer journey a user is recognized by for example opening up an email on their mobile phone.

Long live the era of data stitching, good luck with trusting the data!

It has become a balancing act where, hopefully, we get closer to actually influencing companies’ bottom lineThe report continues by stating “enterprise users have demanded, on one hand, greater support for multichannel tracking, reporting, and data management; balancing, on the other hand, increasingly strict requirements for data privacy and portability.

As I always say, no company ever went bankrupted because they suck at web analytics. Privacy on the other hand has already claimed it’s first victims.

What does “stricter requirements for data privacy and portability” mean? 

For starters, for the vendors, it means that their Privacy policies, Terms of Use and Terms and Conditions should be written in a way business users can actually understand.

As I’ve spent time doing this lately, I can confirm it’s evolving positively, even though some contradictory terms reside within some tools. So please, clean up and make sure you’ve got the correct safeguards to secure the data you are entrusted with. I found the most intelligible one being Adobe’s, which can be found here: http://www.adobe.com/legal/terms/enterprise-licensing.html.

Many vendors also go through seals like the TUV in Germany or use SafeHarbor to explain international data transfers. Personally I don’t think it’s enough as time and time again, I’ve found a huge gap in knowledge. Basically the questions asked are actually not in line with reality. But who cares, as long as you can tick the box, right? Until the next data breach…

Vendors also took time to write Terms and Conditions: rules under which you can use the tools. Personally, I think that if you write them, you should actually also make sure they are respected. Or else, why write them?

Quick reminder:

  • Google: “You will not (and will not allow any third party to) use the Service to track, collect or upload any data that personally identifies an individual (e.g., a name, email address or billing information), or other data which can be reasonably linked to such information by Google”;
  • Adobe: “Customer must not use the On-demand Services to collect, process, or store any Sensitive Personal Data[1] of its employees, customers, partners, site visitors, or any third party. Customer must not transmit, disclose or make available Sensitive Personal Data to Adobe or third-party providers”.
  • IBM: “Certain IBM Software Offerings may provide IBM clients the ability to collect personal information, via cookies and other technologies, from their end-users. IBM clients should seek their own legal advice about any laws applicable to their collection of such information, so that IBM clients can be sure that they are complying with those laws, including providing any required notices and obtaining any required consents”, from http://www-01.ibm.com/software/info/product-privacy/index.html

IBM continues by stating “IBM established this Privacy Statement to clarify IBM’s role as a processor where IBM processes services data on behalf of IBM clients through IBM’s Software Offerings.”

The same can’t be said for Google as we’ve repeatedly remarked over the past 2 years: http://www.mindyourprivacy.com/blog/english-us-role-playing-which-one-are-you-google-analytics-controller-or-processor/

For data users, this should mean also some basic homework. I’ve repeatedly talked about it all over the world. Yet, in case you hadn’t cached it, this is your to do list related to Privacy for Digital analytics:

1. Know your Information Structure (Cloud, SaaS)

2. Cloud inventory Privacy Impact Assessment (PIA)

  • Providers (& sub-contractor)
  • Location:
  1. Cloud services HQ
  2. Servers:
  • Applicable law?
  • Physical location: earthquakes?

3. Any incidents to report like data breaches?

       4.In-house control access (risk analysis)
       5. Terms and Conditions
  • Information Security Measures
  • Related to Privacy

3. Know your data structure: data inventory (cloud, SaaS)

  • Do you know which data can be found where exactly?
  • Have you reviewed your information security measures?
  • What happens in case of breach?

4. Authorization required?

  • Approval International Data Transfer (IDT)
  • SafeHarbor
  • Binding Corporate Rules
  • User Consent: opt-in, opt-out…

Your data is only as secure as your weakest link. How can we help?

Data is the New Oil, Privacy is the New Green: bit.ly/privacygreen

DataBreach Weallink


[1] “Sensitive Personal Data” is given the meaning under relevant privacy or data protection laws relating to this term or any similar term (such as “sensitive personal information”) used in the laws, or where no such laws apply, means financial information (including financial account information), sexual preferences, medical or health information, and personal information of children protected under any child protection laws (such as the personal information defined under the US Children’s Online Privacy Protection Act).