GDPR compliant tracking
For marketing to function properly, user-tracking is essential. Again, the GDPR has some changes ready which we will explain in more detail in this chapter.
With the inception of the GDPR, one thing is clear: If you use a tracking pixel (Google Analytics, Facebook, etc.), this is your sole responsibility. This also applies if you, for example, include this pixel in the backoffice of Digistore24, on the order form, or order confirmation page.
Regarding this use of the Facebook Pixel, the person who is using the pixel is responsible for its use. You can read about this here, on the last page. Consequently, the person responsible must also ensure that it complies with all GDPR requirements.
Unlike with Facebook, tracking with Google Analytics is considered to be less of a problem. This is because Google Analytics evaluates pseudonymized data in its default settings, therefore making it impossible to draw conclusions from the personal data.
Requirements for GDPR compliant tracking with tracking pixels
Requirements for GDPR compliant tracking with tracking pixels:
- 1You must indicate your data protection policy at every step of the tracking. We already discussed how to write legally-compliant wording in lesson 3.
- 2You also have to give the user the possibility to opt out on every page (website, landing page, order form, etc.) on which you integrate pixels. This is the minimum requirement for normal tracking with the Facebook pixel.
- 3If you would also like to have permission to record the email address from Facebook (so called custom audiences), then an opt-out is no longer enough. For this, you need an additional opt-in, in other words a legal consent, beforehand. This means that tracking may only begin when your website visitor actively agrees that his or her data may be used for this purpose.
- 4For your own protection, be careful to clearly and transparently inform data subjects about the data processing, in this case through tools such as Facebook. You can certainly justify this well by, for example, telling the customer that you only want to show them relevant websites.
- 5Contact the makers of the respective tool for information on how best to obtain consent.
- 6Be sure to collect as little data as possible at all times. If possible, only use tools that work anonymously.
Is affiliate tracking still possible under the GDPR?
If you use affiliate links on your website, the IP address is transmitted to Digistore24 with each click. For this reason, you should mention this in your data protect policy. We have created a template text for this. You can find it via this link: https://www.digistore24.com/en/home/extern/cms/page/frontend/legal/privacy#14-sample-texts-for-vendors-and-affiliates
Downloads / Learning materials
Checklist Google Analytics GDPR compliant
Switch quickly and easily to all lessons of the course.