Are You Tracking Your Website Users?

Written By Caroline carver

 

It is common for organisations to utilise many tracking technologies on their websites to monitor performance, identify user experience issues and market to individuals.

Pixels, cookies and other similar tracking technologies regularly collect personal information from website users. This can include:

  • Network information (such as IP address) and geolocation data

  • Pages visited, content viewed, session duration

  • Account information

  • Transaction data such as items viewed and cart additions

In many cases the products used result in a disclosure to a third party for their own purposes e.g. if you utilise GA4 (Google Analytics) this includes a disclosure to Google for their own purposes. It is therefore important to understand the relationship that exists with the third party to ensure that any disclosure is correctly identified and communicated to individuals.

The legislative requirements for providing notice and seeking consent for tracking technologies vary. In New Zealand, you only need to provide notice in the form of a privacy statement detailing what information will be collected, how it will be used and who it will be shared with.

In contrast in Australia there is a requirement to provide notice about the collection. However, in addition where the information collected is used for marketing purposes (very common) then organisations must provide a way for website users to opt-out of receiving targeted online ads using tracking technologies. The OIAC has provided guidance about the use of tracking pixels and the related privacy obligations. 

The requirements for Europe, UK and USA are even more stringent in most cases and require consents for anything that is not strictly necessary.

Many of the third parties involved in website tracking such as Facebook, Google, TikTok etc require as part of their T&C’s that the organisation provides a copy of their privacy statement to the website users, to meet their legal obligations about providing notice of indirect collection. Most also require the organisations to only collect and provide information to them where they have appropriate consents.

The common method for obtaining and evidencing the consents is through the use of a cookie banner that seeks consent and then uses these consents to determine which technologies can be utilised. However not all banner technologies are equal. Many allow the provision of consents but then don’t honour them downstream.  A lot of the banner technologies also don’t enable subsequent ability to revoke consent, which is also a requirement. A common industry leading technology used for the provision of cookie banners is OneTrust.

If you want to know more about the privacy implications of tracking technologies, consent management and how OneTrust can help, get in touch with us.

Caroline carver
Previous

Put Yourself in The Individual’s Shoes
Next

Employee Browsing: Curiosity Isn’t Always Harmless