A Belated 'Happy' Birthday!
The GDPR (General Data Protection Regulation) celebrates its 3rd Birthday this year, having become regulation back on the 25th of May 2018. Although 'celebrates' is perhaps a choice word - we're not aware of any marketers having baked a cake.
In those 3 years, we've seen a number of high-profile fines issued for GDPR data breaches, though these have predominantly affected big tech, telecoms and financial organisations.
Then we have the 'snowball effect' of GDPR upon online privacy today. It's a potential minefield for marketers - different policies in different countries (even states!) and what seems like continually moving goalposts on what can or can't be tracked; how do you ensure compliance?
We recognise there is a renewed concern among hospitality and travel businesses to ensure their websites and digital marketing activities are GDPR compliant. Here's a few pointers to keep you on track.
What’s required for GDPR compliance?
We'll skip the legal jargon. In a nutshell, website owners are required to ensure they have active consent from users before recording any personal data for the individual. What's active consent? Basically, the user must take an explicit action to give their consent; it is no longer compliant to assume consent is being given by continued use of the website.
This affects a number of online tools and tracking solutions like Google Analytics, Google Ads Conversion Tracking, Facebook Conversion Tracking and others, which all tend to use Unique IDs in order to track each user, and under GDPR’s definitions this can be classed as personal data. Additionally, by default, Google Analytics will track a user’s IP address and share data with other Google products, although it is possible to disable these features.
To manage consent and ensure compliance with privacy laws, many websites have now implemented a Cookie Management tool. This displays a pop-up message to new users on the website, explaining the cookies being used on the site to track visitors, and giving them the options to consent or opt-out.
The example from the AirFrance website shown here is becoming ever-more commonplace.
Potential pitfalls & impact on measurement
While it may seem like the solution is simple, how a Cookie Management Tool is implemented on a website can have significant impact on the rates at which users opt in or out.
If the popup displayed to users is not clear, or if users can proceed to use the website without giving consent, this can have a significant impact on the ability to track visits to the website, thereby reducing our ability to determine which digital marketing activities are performing well and/or where there are opportunities to improve the experience for consumers.
In our experience, implementing a stringent Cookie Management Tool leads to a 10 – 50% drop in the levels of traffic we’re able to record via tools such as Google Analytics. In a worst-case scenario, we have seen a poorly implemented tool resulting in a 90%+ drop in traffic recorded, essentially rendering all web stats useless.
"Poorly implemented cookie management tools can result in a 90%+ drop in traffic recorded"
80 DAYS data
OUR RECOMMENDED APPROACH
First off, an important caveat. We're not lawyers and we'd recommend that your business undertake proper legal advice on the level of compliance, to ensure you're taking the right steps.
That said, if you intend to use a Cookie Management Tool on your website, we would advise that the following standards should be met:
- Cookie consent options are presented when legally applicable.
If a user to your site is in a location with no requirement to provide consent, the cookie notification need not be displayed.
- Cookies are clearly categorised.
Give users easy options to consent to certain groups of cookies whilst excluding others, rather than it being an “all or nothing” scenario. For example, we would expect that “Performance Measurement” cookies (e.g. for Google Analytics to measure the user experience on the website) would be categorised separately from ”Advertising” cookies (e.g. Facebook Tracking Pixel used to identify if a user falls into a particular target audience).
- Restrict interaction with the site until the user’s choice is understood.
Failing to do so means that if a user ignores the cookie message and interacts with the site, we cannot imply consent to cookie usage. This may impair their experience on the site if essential cookies cannot be used, and also greatly limits the ability to track users on the site.
- Ensure the option to “Accept All” cookies is prominent.
The option to manage your cookie preferences should be given as an alternative; the option to easily deny all-but-essential cookie usage should be available, but potentially with reduced prominence.
To simplify things, we've partnered with Digital Control Room, which we have found to be easy-to-implement while meeting the standards we require for setup. Through 80 DAYS, we are able to offer preferential rates with Digital Control Room for our clients.
To learn more about Digital Control Room’s cookie compliance tools and how you can implement them on your hotel or travel website, please do get in touch.