News

Digital Analytics in transition: Privacy, tooling and future trends

09 October 2023

In today’s digital analytics landscape, analysts are navigating a dynamic and challenging terrain. Despite these formidable challenges, the role of analysts has never been more critical. We must rise to the occasion, providing strategic recommendations to our businesses and executing these recommendations with precision. In this interview with Marie Fenner and Louis-Marie Guérif (Piano), we delve into the crucial developments shaping the digital analytics field and explore the steps necessary to ensure data privacy assurance, common errors to avoid, and the future direction of analytics tools.

Marie Fenner is the Global SVP for Analytics, and Louis-Marie Guérif is the Group DPO & Sustainability Manager at Piano (the sponsor of the 2023 DDMA Digital Analytics Summit on October 12th).

There is a lot happening within the digital analytics field. What are some significant developments that are currently playing a pivotal role in shaping this field?

‘Never have we faced such turbulence in the analytics market as we do now with the triple whammy effect – strict data privacy enforcement, sunset of Universal Analytics and sunset of third-party cookies. We, as analysts, must find a way of protecting our brands from any enforcement action and financial fines, embark on a major migration to GA4 or alternative tools and find reliable ways to attribute the success of our marketing campaigns.

Also, there’s a lot happening at NOYB. They have started making official complaints about the companies who are not following the GDPR guidelines on their mobile apps tracking. Although the new framework to transfer data between the EU and the US has been announced, there is a great deal of uncertainty as NOYB plans their legal action against this new framework (expect Schrems III!).

Finally, despite ‘crying wolf twice’, Google will deprecate third-party cookies next year.

Daunting though it may sound, analysts’ position should be elevated to take on these challenges, make the right recommendations to the business, and execute these recommendations.’

When examining data privacy, what steps must we take to ensure its assurance? Which factors come into play, and over which ones we’re able to exert influence?

‘When considering data privacy, it’s essential to take specific steps to ensure its assurance. Several factors come into play, and we have the ability to influence some of them.

To begin with, I think we should be focusing more on Privacy by Design principles. Data protection is fundamentally a risk-based approach. It’s good that companies are increasingly conducting Data Protection Assessments or Audits to evaluate the reliability of the chosen Analytics solutions in relation to their risk acceptance criteria.

Transparency is another key aspect. Being forthright about how data will be used, where it will be stored, and how end-users’ rights will be upheld is very important. Additionally, committing to a well-defined and purpose-limited Data Processing Agreement is a key step in ensuring data privacy.

In summary, safeguarding data privacy involves a multifaceted approach that includes risk assessment, transparent practices, and clear contractual commitments. It’s imperative for organizations to proactively address these aspects to protect sensitive information and build trust with their stakeholders.’

What are the common errors made when striving to prioritize privacy? Is there something that everyone should refrain from doing immediately?

‘When it comes to prioritizing privacy, it’s crucial to be aware of some common misconceptions and pitfalls that organizations often encounter. Avoiding these errors is essential for ensuring that your privacy efforts are effective and compliant with regulations. Some key points to keep in mind:

  1. Misunderstanding PII vs. Personal Data: One common mistake is assuming that Personally Identifiable Information (PII) is equivalent to the definition of Personal Data within the GDPR. While there is overlap, PII and GDPR-defined Personal Data may not always align perfectly. It’s important to understand the nuanced differences to ensure accurate compliance.
  2. Confusing pseudonymization with anonymization: pseudonymization is not the same as anonymization. Pseudonymization involves replacing or masking identifying information but still allows for potential re-identification in some cases. Anonymization, on the other hand, makes it practically impossible to identify individuals from the data. Recognizing this distinction is vital for safeguarding privacy effectively.
  3. Not Relying Solely on the DPF List: It isn’t guaranteed that a provider in the Data Processing Framework (DPF) always complies with international data transfer requirements under the GDPR. It’s important to remember that there are countries outside the EU (apart from the USA), and that data transfer compliance involves more than just the provider’s location. Always conduct a thorough assessment to ensure compliance.

Also, just because a provider is listed in the DPF list doesn’t automatically make them GDPR compliant. Data transfer is just one aspect of GDPR compliance. You must consider various other factors, including data processing, security measures, and consent management, to ensure comprehensive compliance.’

Concerning performance, what are the current limitations of analytics tools, and where do you envision the field heading in the future?

‘Legacy tools ‘trained’ us to live by their rules – flawed data quality, fixed data models, a limited number of dimensions and metrics, biased attribution models, and the chronic lack of direct dialogue between the software vendor and the customers. The move to the ‘event-based model’ is a great idea but not at the expense of visit and user-based analysis.

The sunsetting of Universal Analytics and privacy compliance is triggering new thinking – what if I can start afresh, instead of continuing to patch things up? Many companies have made a brave move to move away from Google Analytics here in Europe and have never looked back. The digital maturity has led many companies to build their own data pipeline and data products to improve their digital efficiencies. But this is not for the faint-hearted and requires a substantial investment both in technical infrastructure and human capital. We expect this trend to continue.

AI will have a fundamental effect on our industry. More and more companies will embed AI in their customer journey, and they will expect the same in analytics tools. It will go beyond machine-learning-based anomaly and prediction and into NLP-based analysis. Watch this space.’