The web sites and apps we create, both for ourselves and for our clients, need to collect user analytics for a range of reasons ranging from workflow to user experience to security.
However, user tracking can cross the line from insightful anonymised data collection to intrusive personally identifiable monitoring. GDPR, Europe’s revamp of its data protection and privacy regime, becomes enforceable on 25 May – the day before WordCamp Belfast.
The incoming ePrivacy Directive revamp also renews rules on analytics. This double overhaul creates refreshed obligations for you to inform your site users about any counting, tracking, and monitoring you carry out on your web sites and apps, to provide users with options over your counting and tracking, and to ensure that your data collection respects your visitors privacy.
In our talk, we will help you to achieve a healthy balance between data collection and privacy which respects your business, your users, and your refreshed legal obligations.
Our talk will cover:
- How to understand your audience so that you can understand their data
- Why minimal data collection and retention makes sense from an ethical perspective
- What user tracking is and is not permitted under GDPR as well as the ePrivacy Directive revamp
- How to explain your use of analytics and tracking in your privacy notices
- How to provide your visitors with an opt-out of analytics and tracking
- How to collect analytics with the greatest respect for user privacy
- How to ensure information is not personally identifiable to an individual (Deaggregation/anonymisation/pseudonymisation)
- How to determine a data retention and deletion period
- Dealing with third party tools: Google Analytics as our example
- What other forms of tracking cross ethical and legal boundaries
Speakers: Heather Burns and Marissa Goldsmith