Getting Analytics Right

January 28th, 2021

Many website owners reach for Google Analytics to provide insights on their website visitors. It’s in-depth, easy to set up, recommended by lots of people and free. What’s not to like?

Google Analytics provides in-depth analysis of visitor behaviour by setting a cookie on the user’s computer. This tracks a user across the site, allowing Google to build a picture of the user’s journey, dwell times and much more.

There are perfectly legitimate reasons to want this level of detail, but there are two issues with cookie-based analytics.


Firstly, to comply with GDPR/PECR, users have to actively consent to analytics cookies before they are set. That’s because analytics cookies aren’t considered ‘essential’ – something that’s widely misunderstood.

Many sites skirt around this issue with cookie bars that either:

  1. Consider scrolling/closing as acceptance of cookies

  2. State that ‘by continuing to use this site, you accept these cookies’

Unfortunately, neither of these options are considered to be valid consent.

In practice, complying means that when a user first visits a site, their journey won’t be tracked unless they actively opt-in. That could mean a lot of missing data.

Browsers and ad-blockers

Missing data might sound bad, but it’s already happening.

Users often install ad-blockers in browsers which block services like Google Analytics. Some browsers are starting to block third-party cookies, too.

For instance, Firefox blocks Google Analytics by default, and Safari is starting to move in that direction. Safari still lets Google Analytics load but it’s not inconceivable that it could move to block this in future.

Whatever happens in browser land, ad-blocker use means analytics data is often incomplete. Though that doesn’t necessarily make it unrepresentative.

The compliance headache

Complying with GDPR/PECR cookie legislation can be technically difficult, but there are tools to help. Iubenda and Cookiebot are popular, and there are many others.

If a site’s only non-essential cookie is for analytics, and they don’t need the full power of Google Analytics, there might be better options. Over the past few years, companies like Fathom (affiliate link) and Simple Analytics have developed great privacy-focused analytics products.

There are some decent self-hosted open source options like Umami, too.

For some sites, replacing Google Analytics with one of these services might remove the need for a cookie banner altogether.

The dashboards are simpler and focus on the most useful stats, such as:

Some offer goals and custom domains, too. As these tools don’t set cookies, they’re also likely to capture more of a site’s traffic.

For lots of site owners, this gives the perfect balance of privacy and high-level analytics with GDPR/PECR/CCPA cookie compliance thrown in.

Privacy is a hot topic

At a broader level, users are becoming more privacy-conscious. This is true both in terms of knowing that sites track them but also how that data is (mis)used.

Awareness is set increase: browsers highlighting trackers and Apple’s introduction of iOS app privacy labels are clear examples of this. There are also new tools like The Markup’s Blacklight which help users to understand what’s happening.

Bearing all of this in mind, there’s never been a better time for website owners to gain visitor trust by respecting their privacy. Handling analytics correctly is a great way to do that.