If using Google Analytics in the EU is not GDPR compliant, what should I do? Kostas Giannoukaris - VP of Search Consultancy - looks at how Huble has approached the issue of using Google Analytics in the EU and the potential alternatives to GA.
Since Google Analytics (GA) was launched in 2005, it has arguably become the most widely used web analytics tool in the world. It’s free and it’s an exceptionally useful analytics tool, so that’s adoption is not that surprising.
However, in 2020 the Austrian DPA ruled that its use was in breach of EU regulations surrounding GDPR compliance. This was followed by similar rulings and statements of agreement from the DPAs of the Netherlands, Norway, and France, all within 2022.
There are now court cases pending in several other countries across Europe on the same topic.
In principle, it’s not the tool that is the issue, it’s how the data it collects is transmitted and stored that is the problem.
GA transmits and stores European citizen data on its servers in the USA. Even then, this is not a problem in itself.
However, Google has not put proper legal safeguards in place to block United States government agencies from receiving access to that data upon request.
For further reference, these are some of the articles and websites that describe the situation in more detail:
While you can make the use of Google Analytics GDPR compliant via a proxy server, which would allow for the data to be pseudonymised before being sent to the Google Analytics servers, this is neither easy nor inexpensive, as shown in this guide from CNIL.
For this reason, at Huble, we decided that we should identify and test alternative pieces of software with a long-term view in case Google doesn't make the required changes to its structure to ensure all data is GDPR compliant.
Firstly, Google Analytics is a very powerful tool that is so widely used around the world that a plethora of other tools (e.g. HubSpot) have developed some form of integration with it.
We fully expected that it would not be easy to find another web analytics tool that would be as easily integrated with all of the other software that we use.
Secondly, Google Analytics is constantly improving, offering a wide range of data analytics tables and graphs, and reporting functionality.
Additionally, there is plenty of online documentation that explains how GA users can use the tool effectively and improve the way they track their website or app traffic and use.
There is no other tool that combines such a huge range of functionality with such an extensive amount of support documentation from both the creators and the user community.
Thirdly, Google Analytics in its basic and most widely used form is free of charge, while a fee is only charged if one is using GA360 or the proxy server setup mentioned above.
The vast majority of web analytics alternatives available are paid for. That does not mean that they are expensive but compared to free, anything is more expensive.
Finally, we needed to ensure that the solution we would present is truly GDPR compliant which means that we would not just take the solution’s claim to be GDPR compliant at face value.
Before testing the tools, we ensured that they were GDPR-compliant and that they enabled their users to be GDPR-compliant.
Our selection roadmap
Based on the above information, we knew that anything we would be looking to present as a potential tool to adopt would potentially be inferior to Google Analytics in multiple ways.
Therefore, we would have to compromise whether that would be on the price, functionality, support material or a combination of these.
With that in mind, our selection roadmap was the following:
Identify tools that claim to be, or people have characterised as, GDPR-compliant Google Analytics alternatives.
Confirm GDPR compliance accuracy.
Shortlist the top 3 options and proceed for a live trial.
Investigate ease of use, data quality, and reporting functionality.
Uninstall all trial tracking codes as well as the Google Analytics tracking code from our website and redeploy the tracking code for our selected solution.
Google Analytics alternatives research
We investigated approximately 40 tools that people have characterised as GDPR-compliant Google Analytics alternatives. Next, we removed any that were too expensive.
Others were too new and had no support documentation. A few others were too simple in terms of the data that they provided for our needs.
Others provided and focused on functionality that was not necessary for a GA alternative such as heatmaps.
Our final shortlist before the implementation of our trials was the three solutions featured here:
Matomo: One of the most popular options. Matomo is paid for, even with the most basic plan but has a very affordable price.
PiwikPRO: Another very popular option. PiwikPRO comes with a free plan for websites that receive less than 500,000 monthly visitors.
Fair Analytics: Fair Analytics comes at a lower cost than Matomo and offers cookie-less tracking as well. It features a great variety of analytics tools and reports including website heatmaps, however, it requires developer support for event tracking setup.
Ultimately, the only tools we trialled were Matomo and PiwikPRO as we weren’t satisfied with the available documentation and certifications that claimed that Fair Analytics was truly GDPR compliant at the time we conducted this research.
Our trials of Matomo and PiwikPRO lasted for over two months and saw us implement both tools in parallel on our website.
Since they are both based on the same original tool, their tracking codes would clash with each other, so we had to figure out how to make them both work at the same time.
We found documentation on how to achieve that on PiwikPRO’s website which awarded a point of confidence to PiwikPRO from us.
While digging through the functionality of both these solutions, it became obvious that PiwikPRO had a much more flexible and customisable reporting dashboard functionality.
In addition, while sufficient, the way Matomo showed its data was much more superficial. This meant we weren’t able to drill down to the detail that we sometimes needed as there was no layering or filtering functionality for the data presented.
Finally, PiwikPRO offers integration with other tools including Google Ads even though some of the functionality only comes with the paid-for version which we have not tried yet. Matomo, on the other hand, offers no such integrations.
You have probably figured out from the above that the winner from our trial period was PiwikPRO and since Saturday 17th January 2023 we are no longer using Matomo or Google Analytics on our website. This is until Google makes the required updates to be sufficiently GDPR compliant.
Furthermore, for the moment we don’t even need to pay for the basic PiwikPRO licence that we are using since our website receives less than 500,000 visitors per month.
However, we are considering investing in the paid-for version to use the Google Ads and Facebook Ads integrations.
Did we stop providing Google Analytics support?
No, we did not. We will keep supporting our clients that want to continue using Google Analytics and we will keep up to date with all the latest updates on Google Analytics 4 and its functionality.
It is almost certain that Google will ultimately resolve its privacy issues with the EU legislation and at that point, we will most likely start re-using Google Analytics in parallel with PiwikPRO.
Until then, we will have to keep up to speed with any developments and remain knowledgeable about how Google Analytics works and how to deploy and use the platform successfully even if we are not going to be using it for our website - we will look to re-deploy Google Analytics as soon as we are comfortable it’s GPDR complaint.
We want to make it clear that this article should in no way be considered legal advice. We would strongly recommend that if you are worried about your GDPR compliance and how it is related to your web traffic tracking, you should seek legal advice from legal professionals.
If you are looking for a Google Analytics alternative, we hope that our journey has given you some insights, but we would also advise that you conduct further research and try as many tools as you can before you make your choice. The solution that we ended up selecting might not be the best for you.
You also need to understand that deploying any of the tools mentioned here does not automatically make your web analytics GDPR-compliant.
The actual deployment of tracking plays a significant role in your GDPR compliance, so we would again recommend that you seek legal advice from legal professionals.
Lastly, for enterprise website development, it is important to consider GDPR compliance from the start of the project.