Back to Course

Data Protection in the Marketing Department

0% Complete
0/0 Steps
Lesson Progress
0% Complete

Web analytics with consent

The analysis in conjunction with the user’s consent promises a high degree of legal certainty. However, it is important to note that consent must be obtained before the web analysis begins. Basically, it would be necessary to obtain consent even before the first website content is played out. It is not sufficient to formulate a declaration of consent and make it part of the GTC or terms of use. The GDPR also requires website operators to re-obtain such consent every six months at the latest.

At the same time, the user must be given the opportunity to revoke his or her consent at any time. If the user makes use of this option, all relevant tracking measures (which collect, process or store personal data) must be omitted.

However, deletion of previously recorded data is not necessary – unless the user explicitly requests it.

As soon as personal data is collected or processed, the GDPR grants the data subject (in the case of web analytics, the site visitor) a right of access. Upon request, the data subject must be informed which individual data was collected or disseminated and why this was done.

From the perspective of the site operator, supplementary documentation is therefore necessary. In view of the time limit on consent, this should even be combined with time stamps

Anonymised web analysis

In view of these numerous requirements, which are not so easy to fulfil in practice, the majority of website operators rely on anonymised web analysis. This means that the tracking data collected cannot be linked to the data subject.

In view of the GDPR, anonymised web analysis can be realised by means of so-called IP masking. A part of the IP address is already shortened during the collection. But beware, many analysis tools, such as Google Analytics or Matomo, must first be configured accordingly.