Recherche avancée

Sur d’autres sites (6777)

• CRO Testing : The 6-Steps for Maximising Conversion Rates

  10 mars 2024, par Erin

  It’s a nightmare every marketing manager faces. Traffic is soaring after you’ve launched new digital marketing campaigns, but conversions have barely moved.

  Sound familiar ?

  The good news is you’re not alone — loads of marketing managers struggle to get potential customers to purchase. The better news is that you can test dozens of strategies to turn around your site’s fortunes. 

  Conversion rate optimisation testing (CRO testing for short) is the name for this kind of experimentation — and it can send conversion rates and revenue soaring.

  In this article, we’ll explain CRO testing and how you can start doing it today using Matomo. 

  What is CRO Testing ? 

  CRO testing is optimising your site’s conversion funnel using a series of experiments designed to improve conversion rates.

  A CRO test can take several forms, but it usually involves changing one or more elements of your landing page. It looks something like this :

  1. You hypothesise what you expect to happen.
  2. You then run an A/B test using a dedicated CRO platform or tool.
  3. This tool will divide your site’s traffic, sending one segment to one variation and the other segment to another.
  4. The CRO tool will measure conversions, track statistical significance, and declare one variation the winner. 

  A CRO tool isn’t the only software you can use to gather data when running tests. There are several other valuable data sources, including :

  • A web analytics platform : to identify issues with your website
  • User surveys : to find out what your target audience thinks about your site
  • Heatmaps : to learn where users focus their attention
  • Session recordings : to discover how visitors browse your site

  Use as many of these features, tools, and methods as you can when brainstorming hypotheses and measuring results. After all, your CRO test is only as good as your data.

  On that note, we need to mention the importance of data accuracy when researching issues with your website and running CRO tests. If you trust a platform like Google Analytics that uses data sampling (where only a subset of data is analysed), then there’s a risk you make business decisions based on inaccurate reports.

  In practice, that could see you overestimate the effectiveness of a landing page, potentially wasting thousands in ad spend on poorly converting pages. 

  That’s why over a million websites rely on Matomo as their web analytics solution—it doesn’t sample data, providing 100% accurate website traffic insights you can trust to make informed decisions.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Types of CRO Testing 

  There are three core types of CRO tests :

  A/B testing

  A/B testing, or split testing, is when you test two versions of the same page against each other. Usually, the two pages have only one difference, such as a new headline or a different CTA. 

  

  In the test above, for example, we test what happens if we remove one of the affiliate links from a page. We hypothesise that conversions won’t change because these links aren’t effective.

  A/B/n testing

  A/B/n testing is when you test multiple variations of the same element on the same page. 

  Rather than just testing one headline against another, for example, you test multiple different headlines at once.

  

  In the test above in Matomo, we’re testing a website’s original header against a wider and smaller version. It turns out the wider header converts significantly better. 

  Multivariate testing

  In a multivariate CRO test, you test multiple different elements at the same time. That could mean testing combining a different headline, CTA button, and image. 

  Multivariate testing can save time because you test multiple elements at once and find the best combination of elements. But you’ll usually need a lot of traffic to find a statistically significant result.

  Why is CRO testing important ?

  Who doesn’t want more conversions, right ? Improving your conversion rate is the core benefit of running a CRO test, but there are a couple of other reasons you should do it, too :

  

  Improve conversion rates

  How well does your website convert visitors ? The average conversion rate of a typical website is 2.35%, but better-performing websites have significantly higher conversion rates. The top 25% of websites across all industries convert at a rate of 5.31% or higher.

  CRO testing is the best way to improve your site’s conversion rate by tweaking elements of your website and implementing the best results. And because it’s based on data, not your intuition, you’re likely to identify changes that move the needle. 

  Optimise the user experience

  CRO tests are also a great way to improve your site’s user experience. The process of CRO testing forces you to understand how users navigate your website using heatmaps and session recordings and fix the issues they face. 

  You could simplify your form fields to make them easier to fill in, for example, or make your pages easier to navigate. In both cases, your actions will also increase conversion rates.

  Decrease acquisition costs

  Improving your conversion rate using CRO testing will usually mean a decrease in customer acquisition costs and other conversion metrics. 

  After all, if the cost of your PPC ads stays the same but you convert more traffic, then each new customer will cost less to acquire.

  How to do CRO testing in 6 steps 

  Ready to get your hands dirty ? Follow these six steps to set up your first CRO test :

  Have a clear goal

  Don’t jump straight into testing. You need to be clear about what you want to achieve ; otherwise, you risk wasting time on irrelevant experiments. 

  If you’re unsure what to focus on, look back through your web analytics data and other tools like heatmaps, form analytics, and session recordings to get a feel for some of your site’s biggest conversion roadblocks. 

  Maybe there’s a page with a much lower conversion rate, for example — or a form that most users fail to complete. 

  If it’s the former, then your goal could be to increase the conversion rate of this specific landing page by 25%, bringing it in line with your site’s average. 

  

  Make sure your new conversion goal is set up properly in your website analytics platform, too. This will ensure you’re tracking conversions accurately. 

  Set a hypothesis

  Now you’ve got a goal, it’s time to create a hypothesis. Based on your available research, a hypothesis is an assumption you make about your conversion rate optimisation test.

  A heatmap of your poorly converting landing page may show that users aren’t focusing on your CTA button because it’s hidden below the fold. 

  You could hypothesise that by placing the CTA button directly under your headline above the fold, your conversion rate should increase. 

  Whatever your goal, you can use the following template to write a hypothesis :

  If we [make this specific change], then [this specific outcome] will occur because [reason].

  Design your test elements

  Most marketing managers won’t be able to run CRO tests independently. A team of talented experts must create the assets you need for a successful experimentation. This includes designers, copywriters, and web developers. 

  Don’t just have them create one new element at a time. Accelerate the process by having your team create dozens of designs simultaneously. That way, you can run a new CRO test as soon as your current test has finished. 

  Create and launch the test

  It’s time to launch your test. Use a CRO tool to automate building your test and tracking results. 

  With Matomo’s A/B Testing feature, it’s as easy as giving your test a name, writing a hypothesis and description, and uploading the URLs of your page variants.

  

  Matomo handles everything else, giving you a detailed breakdown at the end of the test with the winning variant. 

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Analyse the results

  You can only review the results of your CRO test once it has reached statistical significance — which means the observed outcome isn’t the result of chance.

  In the same way you wouldn’t say a die is unbiased after three rolls, you need thousands of visitors to see your landing pages and take action before deciding which is better. 

  Luckily, most CRO testing platforms, including Matomo, will highlight when a test reaches statistical significance. That means you only need to look at the result to see if your hypothesis is correct. 

  Implement and repeat

  Was your test a success ? Great, you can implement the results and test a new element. 

  Yep, that’s right. There’s no time to rest on your laurels. Continuous CRO testing is necessary to squeeze every conversion possible from your website. Just like fashion trends, website effectiveness changes over time. What works today might not work tomorrow, making ongoing CRO testing beneficial and necessary.

  That’s why it’s a good idea to choose a CRO testing platform like Matomo with no data limits.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  CRO testing examples you can run today 

  There’s no shortage of CRO tests you can run. Here are some experiments to get started with :

  Change your CTA design and copy

  Calls to action (CTAs) are the best elements to optimise during your first CRO test. You can change many things about them ; even the smallest optimisation can have a huge impact. 

  Just take a look at the image below to see how diverse your CTAs could be :

  

  Changing your CTA’s copy is a great place to start, especially if you have generic instructions like “Apply Now.”

  Try a more specific instruction like “Download your free trial” or “Buy now to get 30% off.” Or test benefit-led instructions like “Reduce your ad spend today” or “Take back control of your data.”

  Changing the colour of your CTAs can also yield more conversions. Bright colours are always a good bet. Just make sure your button stands out from the rest of your page. 

  Move the CTA button placement

  The placement of your CTA can be just as important as its copy or colour. If it’s down at the bottom of your page, there’s a good chance most of your visitors will miss it. 

  Try moving it above the fold to see if that makes a difference. Then, test multiple CTA buttons as opposed to just one. 

  Heatmaps and session recordings can identify whether this test is worthwhile. If users rarely focus on your CTA or just don’t scroll far enough to find it, then it’s a good bet you could see an uptick in conversions by moving it. 

  Try different headlines

  Your website’s headlines are another great place to start CRO testing. These are usually the first (and sometimes only) things visitors read, so optimising them as much as possible makes sense. 

  There are entire books written about creating persuasive headlines, but start with one of the following tactics :

  • Include a benefit
    • “Achieve radiant skin—discover the secret !”
  • Add numbers
    • “3 foolproof methods for saving money on your next vacation”
  • Using negative words instead of positive ones
    • “Avoid these 7 mistakes to unlock your potential for personal growth”
  • Shortening or lengthening your headline
    • Shortened : “Crush your fitness goals : Expert tips for success”
    • Lengthened : “Embark on your fitness journey : Learn from experts with proven tips to crush your wellness goals”

  Add more trust signals

  Adding trust signals to your website, such as brand logos, customer reviews, and security badges, can increase your conversion rate.

  We use it at Matomo by adding the logos of well-known clients like the United Nations and Amnesty International underneath our CTAs.

  

  It’s incredibly effective, too. Research by Edelman finds that trust is among the top three most important buying decision factors, above brand likeability.

  Start CRO testing with Matomo

  CRO testing is a data-backed method to improve your site’s conversion rate, making it more user-friendly and decreasing customer acquisition costs. Even a small improvement will be worth the cost of the tools and your time. 

  Fortunately, there’s no need to allocate hundreds of dollars monthly for multiple specialised testing tools. With Matomo, you get a comprehensive platform offering web analytics, user behaviour insights, and CRO testing – all conveniently bundled into one solution. Matomo’s pricing starts from just $19 per month, making it accessible to businesses of all sizes.

  Plus, rest assured knowing that you are GDPR compliant and the data provided is 100% accurate, ethically empowering you to make informed decisions with confidence.

  Take the first step on your CRO testing journey by trying Matomo free for 21 days ; no credit card required.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now

  

• A Guide to Ethical Web Analytics in 2024

  17 juin 2024, par Erin

  User data is more valuable and sought after than ever. 

  Ninety-four percent of respondents in Cisco’s Data Privacy Benchmark Study said their customers wouldn’t buy from them if their data weren’t protected, with 95% saying privacy was a business imperative. 

  Unfortunately, the data collection practices of most businesses are far from acceptable and often put their customers’ privacy at risk. 

  But it doesn’t have to be this way. You can ethically collect valuable and insightful customer data—you just need the right tools.

  In this article, we show you what an ethical web analytics solution can look like, why Google Analytics is a problem and how you can collect data without risking your customers’ privacy.

  What is ethical web analytics ?

  Ethical web analytics put user privacy first. These platforms prioritise privacy and transparency by only collecting necessary data, avoiding implicit user identification and openly communicating data practices and tracking methods. 

  Ethical tools adhere to data protection laws like GDPR as standard (meaning businesses using these tools never have to worry about fines or disruptions). In other words, ethical web analytics refrain from exploiting and profiting from user behaviour and data. 

  Unfortunately, most traditional data solutions collect as much data as possible without users’ knowledge or consent.

  Why does digital privacy matter ?

  Digital privacy matters because companies have repeatedly proven they will collect and use data for financial gain. It also presents security risks. Unsecured user data can lead to identity theft, cyberattacks and harassment. 

  Big tech companies like Google and Meta are often to blame for all this. These companies collect millions of user data points — like age, gender, income, political beliefs and location. Worse still, they share this information with interested third parties.

  After public outrage over data breaches and other privacy scandals, consumers are taking active steps to disallow tracking where possible. IAPP’s Privacy and Consumer Trust Report finds that 68% of consumers across 19 countries are somewhat or very concerned about their digital privacy. 

  There’s no way around it : companies of all sizes and shapes need to consider how they handle and protect customers’ private information. 

  Why should you use an ethical web analytics tool ?

  When companies use ethical web analytics tools they can build customer trust, boost their brand reputation, improve data security practices and future proof their website tracking solution. 

  Boost brand reputation

  The fallout from a data privacy scandal can be severe. 

  Just look at what happened to Facebook during the Cambridge Analytica data scandal. The eponymous consulting firm harvested 50 million Facebook profiles and used that information to target people with political messages. Due to the instant public backlash, Facebook’s stock tanked, and use of the “delete Facebook” hashtag increased by 423% in the following days.

  That’s because consumers care about data privacy, according to Deloitte’s Connected Consumer Study :

  • Almost 90 percent agree they should be able to view and delete data companies collect 
  • 77 percent want the government to introduce stricter regulations
  • Half feel the benefits they get from online services outweigh data privacy concerns.

  If you can prove you buck the trend by collecting data using ethical methods, it can boost your brand’s reputation. 

  Build trust with customers

  At the same time, collecting data in an ethical way can help you build customer trust. You’ll go a long way to changing consumer perceptions, too. Almost half of consumers don’t like sharing data, and 57% believe companies sell their data. 

  This additional trust should generate a positive ROI for your business. According to Cisco’s Data Privacy Benchmark Study, the average company gains $180 for every $100 they invest in privacy. 

  Improve data security

  According to IBM’s Cost of a Data Breach report, the average cost of a data breach is nearly $4.5 million. This kind of scenario becomes much less likely when you use an ethical tool that collects less data overall and anonymises the data you do collect. 

  Futureproof your web analytics solution

  The obvious risk of not complying with privacy regulations is a fine — which can be up to €20 million, or 4% of worldwide annual revenue in the case of GDPR.

  It’s not just fines and penalties you risk if you fail to comply with privacy regulations like GDPR. For some companies, especially larger ones, the biggest risk of non-compliance with privacy regulations is the potential sudden need to abandon Google Analytics and switch to an ethical alternative.

  If Data Protection Authorities ban Google Analytics again, as has happened in Austria, France, and other countries, businesses will be forced to drop everything and make an immediate transition to a compliant web analytics solution.

  When an organisation’s entire marketing operation relies on data, migrating to a new solution can be incredibly painful and time-consuming. So, the sooner you switch to an ethical tool, the less of a headache the process will be. 

  The problem with Google Analytics

  Google Analytics (GA) is the most popular analytics platform in the world, but it’s a world away from being an ethical tool. Here’s why :

  You don’t have data ownership

  Google Analytics is attractive to businesses of all sizes because of its price. Everyone loves getting something for free, but there’s still a cost — your and your customers’ data.

  That’s because Google combines the data you collect with information from the millions of other websites it tracks to inform its advertising efforts. It may also use your data to train large language models like Gemini. 

  It has a rocky history with GDPR laws

  Google and EU regulators haven’t always got along. For example, the German Data Protection Authority is investigating 200,000 pending cases against websites using GA. The platform has also been banned and added back to the EU-US Data Privacy Framework several times over the past few years. 

  You can use GA to collect data about EU customers right now, but there’s no guarantee you’ll be able to do so in the future. 

  It requires a specific setup to remain compliant

  While you can currently use GA in a GDPR-compliant way — owing to its inclusion in the EU-US Data Privacy Framework — you have to set it up in a very specific way. That’s because the platform’s compliance depends on what data you collect, how you inform users and the level of consent you acquire. You’ll still need to include an extensive privacy policy on your website. 

  What does ethical web analytics look like ?

  An ethical web analytics solution should put user privacy first, ensure compliance with regulations like GDPR, give businesses 100% control of the data they collect and be completely transparent about data collection and storage practices. 

  

  100% data ownership

  You don’t fully control customer data when you use Google Analytics. The search giant uses your data for its own advertising purposes and may also use it to train large language models like Gemini. 

  When you choose an ethical web analytics alternative like Matomo, you can ensure you completely own your data.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Respects user privacy

  It’s possible to track and measure user behaviour without collecting personally identifiable information (PII). Just look at the ethical web analytics tools we’ve reviewed below. 

  These platforms respect user privacy and conform to strict privacy regulations like GDPR, CCPA and HIPAA by incorporating some or all of the following features :

  • Opt-out mechanisms to let users refuse tracking
  • IP addresses anonymisation and other data anonymisation techniques
  • DoNotTrack options
  • Shorter expiration dates for tracking cookies

  In Matomo’s case, it’s all of the above. Better still, you can check our privacy credentials yourself. Our software’s source code is open source on GitHub and accessible to anyone at any time. 

  Compliant with government regulations

  While Google’s history with data regulations is tumultuous, an ethical web analytics platform should follow even the strictest privacy laws, including GDPR, HIPAA, CCPA, LGPD and PECR.

  But why stop there ? Matomo has been approved by the French Data Protection Authority (CNIL) as one of the few web analytics tools that French sites can use to collect data without tracking consent. So you don’t need an annoying consent banner popping up on your website anymore. 

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Complete transparency 

  Ethical web analytics tools will be upfront about their data collection practices, whether that’s in the U.S., EU, or on your own private servers. Look for a solution that refrains from collecting personally identifiable information, shows where data is stored, and lets you alter tracking methods to increase privacy even further. 

  Some solutions, like Matomo, will increase transparency further by providing open source software. Anyone can find our source code on GitHub to see exactly how our platform tracks and stores user data. This means our code is regularly examined and reviewed by a community of developers, making it more secure, too.

  Ethical web analytics solutions

  There are several options for an ethical web analytics tool. We list three of the best providers below. 

  Matomo

  Matomo is an open source web analytics tool and privacy-focused Google Analytics alternative used by over one million sites globally. 

  

  Matomo is fully compliant with prominent global privacy regulations like GDPR, CCPA and HIPAA, meaning you never have to worry about collecting consent when tracking user behaviour. 

  The data you collect is completely accurate since Matomo doesn’t use data sampling and is 100% yours. We don’t share data with third parties but can prove it. Our product source code is publicly available on GitHub. As a community-led project, you can download and install it yourself for free. 

  With Matomo, you get a full range of web analytics capabilities and behavioural analytics. That includes your standard metrics (think visitors, traffic sources, bounce rates, etc.), advanced features to analyse user behaviour like A/B Testing, Form Analytics, Heatmaps and Session Recordings. 

  Migrating to Matomo is easy. You can even import historical Google Analytics data to generate meaningful insights immediately. 

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Fathom

  Fathom Analytics is a lightweight privacy-focused analytics solution that launched in 2018. It aims to be an easy-to-use Google Analytics alternative that doesn’t compromise privacy. 

  

  Like Matomo, Fathom complies with all major privacy regulations, including GDPR and CCPA. It also provides 100% accurate, unsampled reports and doesn’t share your data with third parties. 

  While Fathom provides fairly comprehensive analytics reports, it doesn’t have some of Matomo’s more advanced features. That includes e-commerce tracking, heatmaps, session recordings, and more. 

  Plausible

  Plausible Analytics is another open source Google Analytics alternative that was built and hosted in the EU. 

  

  Launched in 2019, Plausible is a newer player in the privacy-focused analytics market. Still, its ultra-lightweight script makes it an attractive option for organisations that prioritise speed over everything else. 

  Like Matomo and Fathom, Plausible is GDPR and CCPA-compliant by design. Nor is there any cap on the amount of data you collect or any debate over whether the data is accurate (Plausible doesn’t use data sampling) or who owns the data (you do). 

  Matomo makes it easy to migrate to an ethical web analytics alternative

  There’s no reason to put your users’ privacy at risk, especially when there are so many benefits to choosing an ethical tool. Whether you want to avoid fines, build trust with your customers, or simply know you’re doing the right thing, choosing a privacy-focused, ethical solution like Matomo is taking a massive step in the right direction. 

  Making the switch is easy, too. Matomo is one of the few options that lets you import historical Google Analytics data, so starting from scratch is unnecessary. 

  Get started today by trying Matomo for free for 21-days. No credit card required. 

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now

  

• Google Analytics 4 and GDPR : Everything You Need to Know

  17 mai 2022, par Erin

  Four years have passed since the European General Data Protection Regulation (GDPR, also known as DSGVO in German, and RGPD in French) took effect.

  That’s ample time to get compliant, especially for an organisation as big and innovative as Google. Or is it ? 

  If you are wondering how GDPR affects Google Analytics 4 and what the compliance status is at present, here’s the lowdown. 

  Is Google Analytics 4 GDPR Compliant ?

  No. As of mid-2022, Google Analytics 4 (GA4) isn’t fully GDPR compliant. Despite adding extra privacy-focused features, GA4 still has murky status with the European regulators. After the invalidation of the Privacy Shield framework in 2020, Google is yet to regulate EU-US data protection. At present, the company doesn’t sufficiently protect EU citizens’ and residents’ data against US surveillance laws. This is a direct breach of GDPR.

  Google Analytics and GDPR : a Complex Relationship 

  European regulators have scrutinised Google since GDPR came into effect in 2018.

  While the company took steps to prepare for GDPR provisions, it didn’t fully comply with important regulations around user data storage, transfer and security.

  The relationship between Google and EU regulators got more heated after the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield — a leeway Google used for EU-US data transfers. After 2020, GDPR litigation against Google followed. 

  This post summarises the main milestones in this story and explains the consequences for Google Analytics users. 

  

  2018 : Google Analytics Meets GDPR 

  In 2018, the EU adopted the General Data Protection Regulation (GDPR) — a set of privacy and data security laws, covering all member states. Every business interacting with EU citizens and/or residents had to comply.

  GDPR harmonised data protection laws across member states and put down extra provisions for what constitutes sensitive personal information (or PII). Broadly, PII includes any data about the person’s :

  • Racial or ethnic origin 
  • Employment status 
  • Religious or political beliefs
  • State of health 
  • Genetic or biometric data 
  • Financial records (such as payment method data)
  • Address and phone numbers 

  Businesses were barred from collecting this information without explicit consent (and even with it in some cases). If collected, such sensitive information is also subject to strict requirements on how it should be stored, secured, transferred and used. 

  7 Main GDPR Principles Explained 

  Article 5 of the GDPR lays out seven main GDPR principles for personal data and privacy protection : 

  • Lawfulness, fairness and transparency — data must be obtained legally, collected with consent and in adherence to laws. 
  • Purpose limitation — all personal information must be collected for specified, explicit and legal purposes. 
  • Data minimisation — companies must collect only necessary and adequate data, aligned with the stated purpose. 
  • Accuracy — data accuracy must be ensured at all times. Companies must have mechanisms to erase or correct inaccurate data without delays. 
  • Storage limitation — data must be stored only for as long as the stated purpose suggests. Though there’s no upper time limit on data storage. 
  • Integrity and confidentiality (security) — companies must take measures to ensure secure data storage and prevent unlawful or unauthorised access to it. 
  • Accountability — companies must be able to demonstrate adherence to the above principles. 

  Google claimed to have taken steps to make all of their products GDPR compliant ahead of the deadline. But in practice, this wasn’t always the case.

  In March 2018, a group of publishers admonished Google for not providing them with enough tools for GDPR compliance :

  “[Y]ou refuse to provide publishers with any specific information about how you will collect, share and use the data. Placing the full burden of obtaining new consent on the publisher is untenable without providing the publisher with the specific information needed to provide sufficient transparency or to obtain the requisite specific, granular and informed consent under the GDPR.”

  The proposed Google Analytics GDPR consent form was hard to implement and lacked customisation options. In fact, Google “makes unilateral decisions” on how the collected data is stored and used. 

  Users had no way to learn about or control all intended uses of people’s data — which made compliance with the second clause impossible. 

  Unsurprisingly, Google was among the first companies to face a GDPR lawsuit (together with Facebook). 

  By 2019, French data regulator CNIL, successfully argued that Google wasn’t sufficiently disclosing its data collection across products — and hence in breach of GDPR. After a failed appeal, Google had to pay a €50 million fine and promise to do better. 

  2019 : Google Analytics 4 Announcement 

  Throughout 2019, Google rightfully attempted to resolve some of its GDPR shortcomings across all products, Google Universal Analytics (UA) included. 

  They added a more visible consent mechanism for online tracking and provided extra compliance tips for users to follow. In the background, Google also made tech changes to its data processing mechanism to get on the good side of regulations.

  Though Google addressed some of the issues, they missed others. A 2019 independent investigation found that Google real-time-bidding (RTB) ad auctions still used EU citizens’ and residents’ data without consent, thanks to a loophole called “Push Pages”. But they managed to quickly patch this up before the allegations had made it to court. 

  In November 2019, Google released a beta version of the new product version — Google Analytics 4, due to replace Universal Analytics. 

  GA4 came with a set of new privacy-focused features for ticking GDPR boxes such as :

  • Data deletion mechanism. Users can now request to surgically extract certain data from the Analytics servers via a new interface. 
  • Shorter data retention period. You can now shorten the default retention period to 2 months by default (instead of 14 months) or add a custom limit.  
  • IP Anonymisation. GA4 doesn’t log or store IP addresses by default. 

  Google Analytics also updated its data processing terms and made changes to its privacy policy. 

  Though Google made some progress, Google Analytics 4 still has many limitations — and isn’t GDPR compliant. 

  2020 : Privacy Shield Invalidation Ruling 

  As part of the 2018 GDPR preparations, Google named its Irish entity (Google Ireland Limited) as the “data controller” legally responsible for EEA and Swiss users’ information. 

  The company announcement says : 

  

  Initially, Google assumed that this legal change would help them ensure GDPR compliance as “legally speaking” a European entity was set in charge of European data. 

  Practically, however, EEA consumers’ data was still primarily transferred and processed in the US — where most Google data centres are located. Until 2020, such cross-border data transfers were considered legal thanks to the Privacy Shield framework. 

  But in July 2020, The EU Court of Justice ruled that this framework doesn’t provide adequate data protection to digitally transmitted data against US surveillance laws. Hence, companies like Google can no longer use it. The Swiss Federal Data Protection and Information Commissioner (FDPIC) reached the same conclusion in September 2020. 

  The invalidation of the Privacy Shield framework put Google in a tough position.

   Article 14. f of the GDPR explicitly states : 

  “The controller (the company) that intends to carry out a transfer of personal data to a recipient (Analytics solution) in a third country or an international organisation must provide its users with information on the place of processing and storage of its data”.

  Invalidation of the Privacy Shield framework prohibited Google from moving data to the US. At the same time, GDPR provisions mandated that they must disclose proper data location. 

  But Google Analytics (like many other products) had no a mechanism for : 

  • Guaranteeing intra-EU data storage 
  • Selecting a designated regional storage location 
  • Informing users about data storage location or data transfers outside of the EU 

  And these factors made Google Analytics in direct breach of GDPR — a territory, where they remain as of 2022.

  2020-2022 : Google GDPR Breaches and Fines 

  The 2020 ruling opened Google to GDPR lawsuits from country-specific data regulators.

  Google Analytics in particular was under a heavy cease-fire. 

  • Sweden first fined Google for violating GDPR for no not fulfilling its obligations to request data delisting in 2020. 
  • France rejected Google Analytics 4 IP address anonymisation function as a sufficient measure for protecting cross-border data transfers. Even with it, US intelligence services can still access user IPs and other PII. France declared Google Analytics illegal and pressed a €150 million fine. 
  • Austria also found Google Analytics GDPR non-compliant and proclaimed the service as “illegal”. The authority now seeks a fine too. 

  The Dutch Data Protection Authority and  Norwegian Data Protection Authority also found Google Analytics guilty of a GDPR breach and seek to limit Google Analytics usage. 

  New privacy controls in Google Analytics 4 do not resolve the underlying issue — unregulated, non-consensual EU-US data transfer. 

  Google Analytics GDPR non-compliance effectively opens any website tracking or analysing European visitors to legal persecution.

  In fact, this is already happening. noyb, a European privacy-focused NGO, has already filed over 100 lawsuits against European websites using Google Analytics.

  2022 : Privacy Shield 2.0. Negotiations

  Google isn’t the only US company affected by the Privacy Shield framework invalidation. The ruling puts thousands of digital companies at risk of non-compliance.

  To settle the matter, US and EU authorities started “peace talks” in spring 2022.

  European Commission President Ursula von der Leyen said that they are working with the Biden administration on the new agreement that will “enable predictable and trustworthy data flows between the EU and US, safeguarding the privacy and civil liberties.” 

  However, it’s just the beginning of a lengthy negotiation process. The matter is far from being settled and contentious issues remain as we discussed on Twitter (come say hi !).

  

  For one, the US isn’t eager to modify its surveillance laws and is mostly willing to make them “proportional” to those in place in the EU. These modifications may still not satisfy CJEU — which has the power to block the agreement vetting or invalidate it once again. 

  While these matters are getting hashed out, Google Analytics users, collecting data about EU citizens and/or residents, remain on slippery grounds. As long as they use GA4, they can be subject to GDPR-related lawsuits. 

  To Sum It Up 

  • Google Analytics 4 and Google Universal Analytics are not GDPR compliant because of Privacy Shield invalidation in 2020. 
  • French and Austrian data watchdogs named Google Analytics operations “illegal”. Swedish, Dutch and Norwegian authorities also claim it’s in breach of GDPR. 
  • Any website using GA for collecting data about European citizens and/or residents can be taken to court for GDPR violations (which is already happening). 
  • Privacy Shield 2.0 Framework discussions to regulate EU-US data transfers have only begun and may take years. Even if accepted, the new framework(s) may once again be invalidated by local data regulators as has already happened in the past. 

  Time to Get a GDPR Compliant Google Analytics Alternative 

  Retaining 100% data ownership is the optimal path to GDPR compliance.

  By selecting a transparent web analytics solution that offers 100% data ownership, you can rest assured that no “behind the scenes” data collection, processing or transfers take place. 

  Unlike Google Analytics 4, Matomo offers all of the features you need to be GDPR compliant : 

  • Full data anonymisation 
  • Single-purpose data usage 
  • Easy consent and an opt-out mechanism 
  • First-party cookies usage by default 
  • Simple access to collect data 
  • Fast data removals 
  • EU-based data storage for Matomo Cloud (or storage in the country of your choice with Matomo On-Premise)

  Learn about your audiences in a privacy-centred way and protect your business against unnecessary legal exposure. 

  Start your 21-day free trial (no credit card required) to see how fully GDPR-compliant website analytics works ! 

  21 day free trial. No credit card required.

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I hereby accept the terms and conditions and the data processing agreeement (DPA).

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  

  » Start improving your websites now