eAnalytics Privacy Features
The online privacy becomes more and more important and the EU calls for stronger protection of Internet users’ personal information.
The US, though not as tough as Germany or the rest of the EU when it comes to privacy laws, is soon expected to follow suit. There is coming a lot of pressure from groups such as the Electronic Frontier Foundation in the US.
The main advantage using eAnalytics is given by the fact that the company has the complete control, which data is captured and how the data is used. Sub-contracting to third parties with relevant data protection law problems will not occur.
The capturing and storing of IP addresses is a pivotal point in the discussion, with legislation varying from country to country. In theory, an IP address could be used to tie a visitor back to a physical address, and therefore to an individual, with or without the user’s consent.
Germany boasting the strictest guidelines regarding IP address collection. There are four main restrictions for companies which they have to adhere if they collecting this level of personal data:
- Users have to consent to their data being collected.
- The company has to allow users the right to object or verify their information.
- The company has to delete the information of a certain user at his/her request.
- IP address information is saved for a limited period of time only.
eAnalytics is under further development by a German company – Integrated Analytics GmbH – with the proviso that the strictest German privacy rules have been represented.
eAnalytics provides features that enable companies to match their web analysis concept to their data privacy protection concept.
Five aspects should be taken into account:
eAnalytics is an in-house solution. Therefore no data has to be stored on 3rd Party servers. Especially when confidential data should be added to the reports, this might be a huge advantage. Visitors will be less concerned on the whereabouts of the tracks they leave on your web sites and you are less dependent on the security concepts of a web analytics service provider.
IP Address Handling
The eAnalytics Tag offers the opportunity to log the IP address in the web server or not
The default value is = anonymous
Unlike other solutions eAnalytics – if the parameter is set “NO IP”, the IP address is not stored at any time in the process.
If IP Mask Module (provided by "Der Sächsische Datenschutzbeauftragte") is enabled in the apache web server the IP address configuration is masked.
The following chart gives an overview of eAnalytics IP Handling:
The masked IP address has no effect to the accuracy of the visitors’ allocation to a geographical region. Is the storing of the IP addresses completely turned off, a geographical mapping is not possible anymore.
As typical for an OPT OUT cookie – if a visitor deletes the cookie, it has to be set again.
Another way to prevent a web site from tracking visitors is a browser setting in most of the recent browser versions (Firefox 4, IE 9, Safari 5.1). If this setting is set to “Do Not Track”, it transmits the Do Not Track HTTP header and that is why the apache web server does not log the request.
Currently (in the first eAnalytics version) person related data that are requested to be deleted have to be removed manually from the database tables.
Integrated Analytics provides optimized SQL’s if necessary.
In one of the next versions it should be possible to delete such information more supported, i.e. tool-based.
As cookies are being critically discussed when it comes to data privacy protection – the eAnalytics Tag – hence the whole solution – does not rely on cookies to reconstruct visitor sessions. Even though they are a possible solution for this essential process, a session id could be provided by your web server technology.
Cookies (persistent) are however required in order to identify returning visitors. The following parameters provide all configurations that are possible for the used cookies:
= ‘full’; which lets the tag generate a session cookie and a persistent cookie
= ‘temp’; which would only generate a session cookie
= ‘off’; which would prevent from setting a cookie.
Defines the lifetime of a session cookie – default 2 hours
Defines the lifetime of a persistent cookie – default one year
All of these parameters can be modified for your individual settings and request.