Recherche avancée

Sur d’autres sites (10293)

• 7 Benefits Segmentation Examples + How to Get Started

  26 mars 2024, par Erin

  Every copywriter knows the importance of selling a product’s benefits, not its features. So why should your marketing efforts be different ?

  Answer : they shouldn’t.

  It’s time to stop using demographic or behavioural traits to group customers and start using benefits segmentation instead.

  Benefits segmentation groups your customers based on the value they get from your product or service. In this article, we’ll cover seven real-life examples of benefits segmentation, explain why it’s so powerful and show how to get started today.

  What is benefits segmentation ?

  Benefits segmentation is a way for marketers to group their target market based on the value they get from their products or services. It is a form of customer segment marketing. Other types of market segmentation include :

  • Geographic segmentation
  • Demographic segmentation
  • Psychographic segmentation
  • Behavioural segmentation
  • Firmographic segmentation

  Customers could be the same age, from the same industry and live in the same location but want drastically different things from the same product. Some may like the design of your products, others the function, and still more the price. 

  Whatever the benefits, you can make your marketing more effective by building advertising campaigns around them.

  Why use benefits segmentation ?

  Appealing to the perceived benefits of your product is a powerful marketing strategy. Here are the advantages of you benefit segmentation can expect :

  

  More effective marketing campaigns

  Identifying different benefits segments lets you create much more targeted marketing campaigns. Rather than appeal to a broad customer base, you can create specific ads and campaigns that speak to a small part of your target audience. 

  These campaigns tend to be much more powerful. Benefits-focused messaging better resonates with your audience, making potential customers more likely to convert.

  Better customer experience 

  Customers use your products for a reason. By showing you understand their needs through benefits segmentation, you deliver a much better customer experience — in terms of messaging and how you develop new products. 

  In today’s world, experience matters. 80% of customers say a company’s experience is as important as its products and services.

  Stronger customer loyalty

  When products or services are highly targeted at potential customers, they are more likely to return. More than one-third (36%) of customers would return to a brand if they had a positive experience, even if cheaper or more convenient alternatives exist.

  Using benefits segmentation will also help you attract the right kind of people in the first place — people who will become long-term customers because your benefits align with their needs. 

  Improved products and services

  Benefits segmentation makes it easier to tailor products or services to your audiences’ wants and needs. 

  Rather than creating a product meant to appeal to everyone but doesn’t fulfil a real need, your team can create different ranges of the same product that target different benefits segments. 

  Higher conversion rates

  Personalising your pitch to individual customers is powerful. It drives performance and creates better outcomes for your target customer. Companies that grow faster drive 40 per cent more revenue from personalisation than their slower-growing counterparts.

  When sales reps understand your product’s benefits, talking to customers about them and demonstrating how the product solves particular pain points is much easier. 

  In short, benefits segmentation can lead to higher conversion rates and a better return on investment. 

  7 examples of benefits segmentation

  Let’s take a look at seven examples of real-life benefits segmentation to improve your understanding :

  Nectar

  Mattress manufacturer Nectar does a great job segmenting their product range by customer benefits. That’s a good thing, given how many different things people want from their mattress. 

  It’s not just a case of targeting back sleepers vs. side sleepers ; they focus on more specific benefits like support and cooling. 

  

  Take a look at the screenshot above. Nectar mentions the benefits of each mattress in multiple places, making it easy for customers to find the perfect mattress. If you care about value, for example, you might choose “The Nectar.” If pressure relief and cooling are important to you, you might pick the “Nectar Premier.”

  24 Hour Fitness

  A gym is a gym is a gym, right ? Not when people use it to achieve different goals, it’s not. And that’s what 24 Hour Fitness exploits when they sell memberships to their audience. 

  As you can see from its sales page, 24 Hour Fitness targets the benefits that different customers get from their products :

  

  Customers who just care about getting access to weights and treadmills for as cheap as possible can buy the Silver Membership. 

  But getting fit isn’t the only reason people go to the gym. That’s why 24 Hour Fitness targets its Gold Membership to those who want the “camaraderie” of studio classes led by “expert instructors.”

  Finally, some people value being able to access any club, anywhere in the country. Consumers value flexibility greatly, so 24 Hour Fitness limits this perk to its top-tier membership. 

  Notion

  Notion is an all-in-one productivity and note-taking app that aims to be the only productivity tool people and teams need. Trying to be everything to all people rarely works, however, which is why Notion cleverly tweaks its offering to appeal to the desires of different customer segments :

  

  For price-conscious individuals, it provides a pared solution that doesn’t bloat the user experience with features or benefits these consumers don’t care about.

  The Plus tier is the standard offering for teams who need a way to collaborate online. Still, there are two additional tiers for businesses that target specific benefits only certain teams need. 

  For teams that benefit from a longer history or additional functionality like a bulk export, Notion offers the Business tier at almost double the price of the standard Plus tier. Finally, the Enterprise tier for businesses requires much more advanced security features. 

  Apple

  Apple is another example of a brand that designs and markets products to customers based on specific benefits.

  

  Why doesn’t Apple just make one really good laptop ? Because customers want different things from them. Some want the lightest or smallest laptop possible. Others need ones with higher processing power or larger screens.

  One product can’t possibly deliver all those benefits. So, by understanding the precise reasons people need a laptop, Apple can create and market products around the benefits that are most likely to be sold. 

  Tesla

  In the same way Apple understands that consumers need different things from their laptops, Tesla understands that consumers derive different benefits from their cars. 

  It’s why the company sells four cars (and now a truck) that cover various sizes, top speeds, price points and more. 

  

  Tesla even asks customers about the benefits they want from their car when helping them to choose a vehicle. By asking customers to pick how they will use their new vehicle, Tesla can ensure the car’s benefits match up to the consumers’ goals. 

  Dynamite Brands

  Dynamite Brands is a multi-brand, community-based business that targets remote entrepreneurs around the globe. But even this heavily niched-down business still needs to create benefit segments to serve its audience better. 

  It’s why the company has built several different brands instead of trying to serve every customer under a single banner :

  

  If you just want to meet other like-minded entrepreneurs, you can join the Dynamite Circle, for example. But DC Black might be a better choice if you care more about networking and growing your business.

  It’s the same with the two recruiting brands. Dynamite Jobs targets companies that just want access to a large talent pool. Remote First Recruiting targets businesses that benefit from a more hands-on approach to hiring where a partner does the bulk of the work.

  Garmin

  Do you want your watch to tell the time or do you want it to do more ? If you fall into the latter category, Garmin has designed dozens of watches that target various benefits.

  

  Do you want a watch that tracks your fitness without looking ugly ? Buy the Venu. 

  Want a watch designed for runners ? Buy the Forerunner. 

  Do you need a watch that can keep pace with your outdoor lifestyle ? Buy the Instinct. 

  Just like Apple, Garmin can’t possibly design a single watch that delivers all these benefits. Instead, each watch is carefully built for the target customer’s needs. Yes, it makes the target market smaller, but it makes the product more appealing to those who care about those benefits.

  How to get started with benefits segmentation

  According to Gartner, 63% of digital marketing leaders struggle with personalisation. Don’t be one of them. Here’s how you can improve your personalisation efforts using benefits segmentation. 

  Research and define benefits

  The first step to getting started with benefit segmentation is understanding all the benefits customers get from your products. 

  You probably already know some of the benefits, but don’t underestimate the importance of customer research. Hold focus groups, survey customers and read customer reviews to discover what customers love about your products. 

  Create benefit-focused customer personas

  Now you understand the benefits, it’s time to create customer personas that reflect them. Group consumers who like similar benefits and see if they have any other similarities. 

  Price-conscious consumers may be younger. Maybe people who care about performance have a certain type of job. The more you can do to flesh out what the average benefits-focused consumer looks like, the easier it will be to create campaigns. 

  Create campaigns focused on each benefit

  Now, we get to the fun part. Make the benefit-focused customer personas you created in the last step the focus of your marketing campaigns going forward. 

  Don’t try to appeal to everyone. Just make your campaigns appeal to these people.

  Go deeper with segmentation analytics

  The quality of your benefit segmentation strategy hinges on the quality of your data. That’s why using a an accurate web analytics solution like Matomo to track how each segment behaves online using segmentation analytics is important.

  

  This data can make your marketing campaigns more targeted and effective.

  Benefits segmentation in practice

  Let’s say you have an e-commerce website selling a wide range of household items, and you want to create a benefit segment for “Tech Enthusiasts” who are interested in the latest gadgets and cutting-edge technology. You want to track and analyse their behaviour separately to tailor marketing campaigns or website content specifically for this group.

  1. Identify characteristics : Determine key characteristics or behaviours that define the “Tech Enthusiasts” segment. 

  This might include frequent visits to product pages of the latest tech products, site searches that contain different tech product names, engaging with tech-specific content in emails or spending more time on technology-related blog posts.

  One quick and surefire way to identify characteristics of a segment is to look historically at specific tech product purchases in your Matomo and work your way backwards to find out what steps a “Tech Enthusiast” takes before making a purchase. For instance, you might look at User Flows to discover this.

  

  2. Create segments in Matomo : Using Matomo’s segmentation features, you can create a segment that includes users exhibiting these characteristics. For instance :

  • • Segment by page visits : Create a segment that includes users who visited tech product pages or spent time on tech blogs.

  

  • • Segment by event tracking : If you’ve set up event tracking for specific actions (like clicking on “New Tech” category buttons), create a segment based on these events.
    • Combine conditions : Combine various conditions (e.g., pages visited, time spent, specific actions taken) to create a comprehensive segment that accurately represents “Tech Enthusiasts.”

  3. Track and analyse : Apply this segment to your analytics data in Matomo to track and analyse the behaviour of this group separately. Monitor metrics like their conversion rates, time spent on site or specific products they engage with.
  4. Tailor marketing : Use the insights from analysing this segment to tailor marketing strategies. This could involve creating targeted campaigns or customising website content to cater specifically to these users.

  Remember, the key is to define criteria that accurately represent the segment you want to target, use Matomo’s segmentation tools to isolate this group, and effectively derive actionable insights to cater to their preferences or needs.

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Track your segmentation efforts 

  Benefits segmentation is a fantastic way to improve your marketing. It can help you deliver a better customer experience, improve your product offering and help your sales reps close more deals. 

  Segmenting your audience with an analytics platform lets you go even deeper. But doing so in a privacy-sensitive way can be difficult. 

  That’s why over 1 million websites choose Matomo as their web analytics solution. Matomo provides exceptional segmentation capabilities while remaining 100% accurate and compliant with global privacy laws.

  Find out how Matomo’s insights can level up your marketing efforts with our 21-day free trial, no credit card required.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now

  

• Data Privacy Issues to Be Aware of and How to Overcome Them

  9 mai 2024, par Erin

  Data privacy issues are a significant concern for users globally.

  Around 76% of US consumers report that they would not buy from a company they do not trust with their data. In the European Union, a 2021 study found that around 53% of EU internet users refused to let companies access their data for advertising purposes.

  These findings send a clear message : if companies want to build consumer trust, they must honour users’ data privacy concerns. The best way to do this is by adopting transparent, ethical data collection practices — which also supports the simultaneous goal of maintaining compliance with regional data privacy acts.

  So what exactly is data privacy ?

  

  Data privacy refers to the protections that govern how personal data is collected and used, especially with respect to an individual’s control over when, where and what information they share with others.

  Data privacy also refers to the extent to which organisations and governments go to protect the personal data that they collect. Different parts of the world have different data privacy acts. These regulations outline the measures organisations must take to safeguard the data they collect from their consumers and residents. They also outline the rights of data subjects, such as the right to opt out of a data collection strategy and correct false data. 

  As more organisations rely on personal data to provide services, people have become increasingly concerned about data privacy, particularly the level of control they have over their data and what organisations and governments do with their data.

  Why should organisations take data privacy issues seriously ?

  Organisations should take data privacy seriously because consumer trust depends on it and because they have a legal obligation to do so. Doing so also helps organisations prevent threat actors from illegally accessing consumer data. Strong data privacy helps you : 

  Comply with data protection acts

  Organisations that fail to comply with regional data protection acts could face severe penalties. For example, consider the General Data Protection Regulation (GDPR), which is the primary data protection action for the European Union. The penalty system for GDPR fines consists of two tiers :

  • Less severe infringements — Which can lead to fines of up to €10 million (or 2% of an organisation’s worldwide annual revenue from the last financial year) per infringement.
  • More severe infringements — This can lead to fines of up to €20 million (or 4% of an organisation’s worldwide annual revenue from the last financial year) per infringement.

  The monetary value of these penalties is significant, so it is in the best interest of all organisations to be GDPR compliant. Other data protection acts have similar penalty systems to the GDPR. In Brazil, organisations non-compliant with the Lei Geral de Proteção de Dados Pessoais (LGPD) could be fined up to 50 million reals (USD 10 million) or 2% of their worldwide annual revenue from the last financial year.

  Improve brand reputation

  Research shows that 81% of consumers feel that how an organisation treats their data reflects how they treat them as a consumer. This means a strong correlation exists between how people perceive an organisation’s data collection practices and their other business activities.

  

  Data breaches can have a significant impact on an organisation, especially their reputation and level of consumer trust. In 2022, hackers stole customer data from the Australian private health insurance company, Medibank, and released the data onto the dark web. Optus was also affected by a cyberattack, which compromised the information of current and former customers. Following these events, a study by Nature revealed that 83 percent of Australians were concerned about the security of their data, particularly in the hands of their service providers.

  Protect consumer data

  Protecting consumer data is essential to preventing data breaches. Unfortunately, cybersecurity attacks are becoming increasingly sophisticated. In 2023 alone, organisations like T-Mobile and Sony have been compromised and their data stolen.

  One way to protect consumer data is to retain 100% data ownership. This means that no external parties can see your data. You can achieve this with the web analytics platform, Matomo. With Matomo, you can store your own data on-premises (your own servers) or in the Cloud. Under both arrangements, you retain full ownership of your data.

  Try Matomo for Free

  Get the web insights you need, while respecting user privacy.

  Start for free

  No credit card required

  What are the most pressing data privacy issues that organisations are facing today ?

  Today’s most pressing data privacy challenges organisations face are complying with new data protection acts, maintaining consumer trust, and choosing the right web analytics platform. Here is a detailed breakdown of what these challenges mean for businesses.

  Complying with new and emerging data protection laws

  Ever since the European Union introduced the GDPR in 2018, other regions have enacted similar data protection acts. In the United States, California (CCPA), Virginia (VCDPA) and Colorado have their own state-level data protection acts. Meanwhile, Brazil and China have the General Data Protection Law (LGPD) and the Personal Information Protection Law (PIPL), respectively.

  For global organisations, complying with multiple data protection acts can be tough, as each act interprets the GDPR model differently. They each have their own provisions, terminology (or different interpretations of the same terminology), and penalties.

  A web analytics platform like Matomo can help your organisation comply with the GDPR and similar data protection acts. It has a range of privacy-friendly features including data anonymisation, IP anonymisation, and first-party cookies by default. You can also create and publish custom opt-out forms and let visitors view your collected data.

  

  Today’s most pressing data privacy challenges organisations face are complying with new data protection acts, maintaining consumer trust, and choosing the right web analytics platform. Here is a detailed breakdown of what these challenges mean for businesses.

  Complying with new and emerging data protection laws

  Ever since the European Union introduced the GDPR in 2018, other regions have enacted similar data protection acts. In the United States, California (CCPA), Virginia (VCDPA) and Colorado have their own state-level data protection acts. Meanwhile, Brazil and China have the General Data Protection Law (LGPD) and the Personal Information Protection Law (PIPL), respectively.

  For global organisations, complying with multiple data protection acts can be tough, as each act interprets the GDPR model differently. They each have their own provisions, terminology (or different interpretations of the same terminology), and penalties.

  A web analytics platform like Matomo can help your organisation comply with the GDPR and similar data protection acts. It has a range of privacy-friendly features including data anonymisation, IP anonymisation, and first-party cookies by default. You can also create and publish custom opt-out forms and let visitors view your collected data.

  Try Matomo for Free

  Get the web insights you need, while respecting user privacy.

  Start for free

  No credit card required

  Maintaining consumer trust

  Building (and maintaining) consumer trust is a major hurdle for organisations. Stories about data breaches and data scandals — notably the Cambridge Analytical scandal — instil fear into the public’s hearts. After a while, people wonder, “Which company is next ?”

  One way to build and maintain trust is to be transparent about your data collection practices. Be open and honest about what data you collect (and why), where you store the data (and for how long), how you protect the data and whether you share data with third parties. 

  You should also prepare and publish your cyber incident response plan. Outline the steps you will take to contain, assess and manage a data breach.

  Choosing the right web analytics platform

  Organisations use web analytics to track and monitor web traffic, manage advertising campaigns and identify potential revenue streams. The most widely used web analytics platform is Google Analytics ; however, many users have raised concerns about privacy issues. 

  When searching for a Google Analytics alternative, consider a web analytics platform that takes data privacy seriously. Features like cookieless tracking, data anonymisation and IP anonymisation will let you track user activity without collecting personal data. Custom opt-out forms will let your web visitors enforce their data subject rights.

  What data protection acts exist right now ?

  

  As time goes on and more countries introduce their own data privacy laws, it becomes harder for organisations to adapt. Understanding the basics of each act can help streamline compliance. Here is what you need to know about the latest data protection acts.

  General Data Protection Regulation (GDPR)

  The GDPR is a data protection act created by the European Parliament and Council of the European Union. It comprises 11 chapters covering the general provisions, principles, data subject rights, penalties and other relevant information.

  The GDPR established a framework for organisations and governments to follow regarding the collection, processing, storing, transferring and deletion of personal data. Since coming into effect on 25 May 2018, other countries have used the GDPR as a model to enact similar data protection acts.

  General Data Protection Law (LGPD)

  The LGPD is Brazil’s main data protection act. The Federal Republic of Brazil signed the act on August 14, 2018, and it officially commenced on August 16, 2020. The act aimed to unify the 40 Brazilian laws that previously governed the country’s approach to processing personal data.

  Like the GDPR, the LGPD serves as a legal framework to regulate the collection and usage of personal data. It also outlines the duties of the national data protection authority, the Autoridade Nacional de Proteção de Dados (ANPD), which is responsible for enforcing the LGPD.

  Privacy Amendment (Notifiable Data Breaches) for the Privacy Act 1988

  Established by the Australian House of Representatives, the Privacy Act 1988 outlines how organisations and governments must manage personal data. The federal government has amended the Privacy Act 1988 twice — once in 2000, and again in 2014 — and is committing to a significant overhaul.

  The new proposals will make it easier for individuals to opt out of data collection, organisations will have to destroy collected data after a reasonable period, and small businesses will no longer be exempt from the Privacy Act.

  United States

  

  The United States does not have a federally mandated data protection act. Instead, each state has been gradually introducing its data protection acts, with the first being California, followed by Virginia and Colorado. Over a dozen other states are following suit, too.

  • California — The then-Governor of California Jerry Brown signed the California Consumer Privacy Act (CCPA) into law on June 28, 2018. The act applies to organisations with gross annual revenue of more than USD 25 million, and that buy or sell products and services to 100,000 or more households or consumers.
  • Virginia — The Virginia Consumer Data Protection Act (VCDPA) took effect on January 1, 2023. It applies to organisations that process (or control) the personal data of 100,000 or more consumers in a financial year. It also applies to organisations that process (or control) the personal data of 25,000 or more consumers and gain more than 50% of gross revenue by selling that data.
  • Colorado — Colorado Governor Jared Polis signed the Colorado Privacy Act (ColoPA) into law in July 2021. The act applies to organisations that process (or control) the personal data of 100,000 or more Colorado residents annually. It also applies to organisations that earn revenue from the sale of personal data of at least 25,000 Colorado residents.

  Because the US regulations are a patchwork of differing legal acts, compliance can be a complicated endeavour for organisations operating across multiple jurisdictions. 

  How can organisations comply with data protection acts ?

  One way to ensure compliance is to keep up with the latest data protection acts. But that is a very time-consuming task.

  Over 16 US states are in the process of signing new acts. And countries like China, Turkey and Australia are about to overhaul — in a big way — their own data privacy protection acts. 

  Knowledge is power. But you also have a business to run, right ? 

  That’s where Matomo comes in.

  Streamline data privacy compliance with Matomo

  Although data privacy is a major concern for individuals and companies operating in multiple parts of the world — as they must comply with new, conflicting data protection laws — it is possible to overcome the biggest data privacy issues.

  Matomo enables your visitors to take back control of their data. You can choose where you store your data on-premises and in the Cloud (EU-based). You can use various features, retain 100% data ownership, protect visitor privacy and ensure compliance.

  Try the 21-day free trial of Matomo today, start your free analytics trial. No credit card required.

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now

  

• Google Analytics 4 and GDPR : Everything You Need to Know

  17 mai 2022, par Erin

  Four years have passed since the European General Data Protection Regulation (GDPR, also known as DSGVO in German, and RGPD in French) took effect.

  That’s ample time to get compliant, especially for an organisation as big and innovative as Google. Or is it ? 

  If you are wondering how GDPR affects Google Analytics 4 and what the compliance status is at present, here’s the lowdown. 

  Is Google Analytics 4 GDPR Compliant ?

  No. As of mid-2022, Google Analytics 4 (GA4) isn’t fully GDPR compliant. Despite adding extra privacy-focused features, GA4 still has murky status with the European regulators. After the invalidation of the Privacy Shield framework in 2020, Google is yet to regulate EU-US data protection. At present, the company doesn’t sufficiently protect EU citizens’ and residents’ data against US surveillance laws. This is a direct breach of GDPR.

  Google Analytics and GDPR : a Complex Relationship 

  European regulators have scrutinised Google since GDPR came into effect in 2018.

  While the company took steps to prepare for GDPR provisions, it didn’t fully comply with important regulations around user data storage, transfer and security.

  The relationship between Google and EU regulators got more heated after the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield — a leeway Google used for EU-US data transfers. After 2020, GDPR litigation against Google followed. 

  This post summarises the main milestones in this story and explains the consequences for Google Analytics users. 

  

  2018 : Google Analytics Meets GDPR 

  In 2018, the EU adopted the General Data Protection Regulation (GDPR) — a set of privacy and data security laws, covering all member states. Every business interacting with EU citizens and/or residents had to comply.

  GDPR harmonised data protection laws across member states and put down extra provisions for what constitutes sensitive personal information (or PII). Broadly, PII includes any data about the person’s :

  • Racial or ethnic origin 
  • Employment status 
  • Religious or political beliefs
  • State of health 
  • Genetic or biometric data 
  • Financial records (such as payment method data)
  • Address and phone numbers 

  Businesses were barred from collecting this information without explicit consent (and even with it in some cases). If collected, such sensitive information is also subject to strict requirements on how it should be stored, secured, transferred and used. 

  7 Main GDPR Principles Explained 

  Article 5 of the GDPR lays out seven main GDPR principles for personal data and privacy protection : 

  • Lawfulness, fairness and transparency — data must be obtained legally, collected with consent and in adherence to laws. 
  • Purpose limitation — all personal information must be collected for specified, explicit and legal purposes. 
  • Data minimisation — companies must collect only necessary and adequate data, aligned with the stated purpose. 
  • Accuracy — data accuracy must be ensured at all times. Companies must have mechanisms to erase or correct inaccurate data without delays. 
  • Storage limitation — data must be stored only for as long as the stated purpose suggests. Though there’s no upper time limit on data storage. 
  • Integrity and confidentiality (security) — companies must take measures to ensure secure data storage and prevent unlawful or unauthorised access to it. 
  • Accountability — companies must be able to demonstrate adherence to the above principles. 

  Google claimed to have taken steps to make all of their products GDPR compliant ahead of the deadline. But in practice, this wasn’t always the case.

  In March 2018, a group of publishers admonished Google for not providing them with enough tools for GDPR compliance :

  “[Y]ou refuse to provide publishers with any specific information about how you will collect, share and use the data. Placing the full burden of obtaining new consent on the publisher is untenable without providing the publisher with the specific information needed to provide sufficient transparency or to obtain the requisite specific, granular and informed consent under the GDPR.”

  The proposed Google Analytics GDPR consent form was hard to implement and lacked customisation options. In fact, Google “makes unilateral decisions” on how the collected data is stored and used. 

  Users had no way to learn about or control all intended uses of people’s data — which made compliance with the second clause impossible. 

  Unsurprisingly, Google was among the first companies to face a GDPR lawsuit (together with Facebook). 

  By 2019, French data regulator CNIL, successfully argued that Google wasn’t sufficiently disclosing its data collection across products — and hence in breach of GDPR. After a failed appeal, Google had to pay a €50 million fine and promise to do better. 

  2019 : Google Analytics 4 Announcement 

  Throughout 2019, Google rightfully attempted to resolve some of its GDPR shortcomings across all products, Google Universal Analytics (UA) included. 

  They added a more visible consent mechanism for online tracking and provided extra compliance tips for users to follow. In the background, Google also made tech changes to its data processing mechanism to get on the good side of regulations.

  Though Google addressed some of the issues, they missed others. A 2019 independent investigation found that Google real-time-bidding (RTB) ad auctions still used EU citizens’ and residents’ data without consent, thanks to a loophole called “Push Pages”. But they managed to quickly patch this up before the allegations had made it to court. 

  In November 2019, Google released a beta version of the new product version — Google Analytics 4, due to replace Universal Analytics. 

  GA4 came with a set of new privacy-focused features for ticking GDPR boxes such as :

  • Data deletion mechanism. Users can now request to surgically extract certain data from the Analytics servers via a new interface. 
  • Shorter data retention period. You can now shorten the default retention period to 2 months by default (instead of 14 months) or add a custom limit.  
  • IP Anonymisation. GA4 doesn’t log or store IP addresses by default. 

  Google Analytics also updated its data processing terms and made changes to its privacy policy. 

  Though Google made some progress, Google Analytics 4 still has many limitations — and isn’t GDPR compliant. 

  2020 : Privacy Shield Invalidation Ruling 

  As part of the 2018 GDPR preparations, Google named its Irish entity (Google Ireland Limited) as the “data controller” legally responsible for EEA and Swiss users’ information. 

  The company announcement says : 

  

  Initially, Google assumed that this legal change would help them ensure GDPR compliance as “legally speaking” a European entity was set in charge of European data. 

  Practically, however, EEA consumers’ data was still primarily transferred and processed in the US — where most Google data centres are located. Until 2020, such cross-border data transfers were considered legal thanks to the Privacy Shield framework. 

  But in July 2020, The EU Court of Justice ruled that this framework doesn’t provide adequate data protection to digitally transmitted data against US surveillance laws. Hence, companies like Google can no longer use it. The Swiss Federal Data Protection and Information Commissioner (FDPIC) reached the same conclusion in September 2020. 

  The invalidation of the Privacy Shield framework put Google in a tough position.

   Article 14. f of the GDPR explicitly states : 

  “The controller (the company) that intends to carry out a transfer of personal data to a recipient (Analytics solution) in a third country or an international organisation must provide its users with information on the place of processing and storage of its data”.

  Invalidation of the Privacy Shield framework prohibited Google from moving data to the US. At the same time, GDPR provisions mandated that they must disclose proper data location. 

  But Google Analytics (like many other products) had no a mechanism for : 

  • Guaranteeing intra-EU data storage 
  • Selecting a designated regional storage location 
  • Informing users about data storage location or data transfers outside of the EU 

  And these factors made Google Analytics in direct breach of GDPR — a territory, where they remain as of 2022.

  2020-2022 : Google GDPR Breaches and Fines 

  The 2020 ruling opened Google to GDPR lawsuits from country-specific data regulators.

  Google Analytics in particular was under a heavy cease-fire. 

  • Sweden first fined Google for violating GDPR for no not fulfilling its obligations to request data delisting in 2020. 
  • France rejected Google Analytics 4 IP address anonymisation function as a sufficient measure for protecting cross-border data transfers. Even with it, US intelligence services can still access user IPs and other PII. France declared Google Analytics illegal and pressed a €150 million fine. 
  • Austria also found Google Analytics GDPR non-compliant and proclaimed the service as “illegal”. The authority now seeks a fine too. 

  The Dutch Data Protection Authority and  Norwegian Data Protection Authority also found Google Analytics guilty of a GDPR breach and seek to limit Google Analytics usage. 

  New privacy controls in Google Analytics 4 do not resolve the underlying issue — unregulated, non-consensual EU-US data transfer. 

  Google Analytics GDPR non-compliance effectively opens any website tracking or analysing European visitors to legal persecution.

  In fact, this is already happening. noyb, a European privacy-focused NGO, has already filed over 100 lawsuits against European websites using Google Analytics.

  2022 : Privacy Shield 2.0. Negotiations

  Google isn’t the only US company affected by the Privacy Shield framework invalidation. The ruling puts thousands of digital companies at risk of non-compliance.

  To settle the matter, US and EU authorities started “peace talks” in spring 2022.

  European Commission President Ursula von der Leyen said that they are working with the Biden administration on the new agreement that will “enable predictable and trustworthy data flows between the EU and US, safeguarding the privacy and civil liberties.” 

  However, it’s just the beginning of a lengthy negotiation process. The matter is far from being settled and contentious issues remain as we discussed on Twitter (come say hi !).

  

  For one, the US isn’t eager to modify its surveillance laws and is mostly willing to make them “proportional” to those in place in the EU. These modifications may still not satisfy CJEU — which has the power to block the agreement vetting or invalidate it once again. 

  While these matters are getting hashed out, Google Analytics users, collecting data about EU citizens and/or residents, remain on slippery grounds. As long as they use GA4, they can be subject to GDPR-related lawsuits. 

  To Sum It Up 

  • Google Analytics 4 and Google Universal Analytics are not GDPR compliant because of Privacy Shield invalidation in 2020. 
  • French and Austrian data watchdogs named Google Analytics operations “illegal”. Swedish, Dutch and Norwegian authorities also claim it’s in breach of GDPR. 
  • Any website using GA for collecting data about European citizens and/or residents can be taken to court for GDPR violations (which is already happening). 
  • Privacy Shield 2.0 Framework discussions to regulate EU-US data transfers have only begun and may take years. Even if accepted, the new framework(s) may once again be invalidated by local data regulators as has already happened in the past. 

  Time to Get a GDPR Compliant Google Analytics Alternative 

  Retaining 100% data ownership is the optimal path to GDPR compliance.

  By selecting a transparent web analytics solution that offers 100% data ownership, you can rest assured that no “behind the scenes” data collection, processing or transfers take place. 

  Unlike Google Analytics 4, Matomo offers all of the features you need to be GDPR compliant : 

  • Full data anonymisation 
  • Single-purpose data usage 
  • Easy consent and an opt-out mechanism 
  • First-party cookies usage by default 
  • Simple access to collect data 
  • Fast data removals 
  • EU-based data storage for Matomo Cloud (or storage in the country of your choice with Matomo On-Premise)

  Learn about your audiences in a privacy-centred way and protect your business against unnecessary legal exposure. 

  Start your 21-day free trial (no credit card required) to see how fully GDPR-compliant website analytics works ! 

  21 day free trial. No credit card required.

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I hereby accept the terms and conditions and the data processing agreeement (DPA).

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  

  » Start improving your websites now