Businesses with an online presence rely on their tracking tools to inform marketing decisions.  In the past and into the present, this has meant planting cookies on the devices of people who visit their website.  Cookies are small text files that allow the planter to recognize and track online behavior.  Some only last for the duration of a browsing session while others linger. 

Due to recent laws passed by the European Union and select US States, online data collection cannot be as extensive as it used to be. The General Data Protection Regulation (GDPR) in force in the EU gives users many new rights and powers.  For example, users must be given total access to their personal data and any supplementary information businesses have collected about them.  Users must be able to export or download their data on demand.  Most of this data is only valuable in aggregate, but this right lets users know what online companies assert about them.  Furthermore, users have a right to correct their data if it is inaccurate, block the processing of their data, or even have it erased in certain circumstances.  The GDPR is far reaching in its impact on how businesses collect information on customers. 

Since the GDPR took effect in 2018, the EU has issued over 800 fines across their jurisdiction, including a $877 million fine to Amazon for failure to obtain “freely given” consent.  Google also came under fire to the tune of over $56 million when they did not provide privacy notices to users.  Yet while most companies do want to follow the law, they also face a dilemma.  Data analytics is nearly useless when too many users refuse consent.  Businesses may no longer know the proportion of consenting users to total, what cohort is reflected in collected data, or if a sufficiently representative sample is present to make accurate optimizations. 

Measurement methodology must move beyond cookies if it is to survive.  Methods include forms of anonymous data collection, such as page loads, button click counts, and completed transactions.  If no unique identifier is attached, no personal data is subject to regulation.  Another method is “named” user optimization, which encourages people to willingly register for accounts on more websites. Finally, there are regression-based attribution methods that operate without cookies.  Incrementality is made possible with geo-testing.  It’s time businesses learned new ways to harness the power of data.  Just… lawfully so.