GDPR-Compliant Analytics: Piano Academy Live Roundtable

During last year's Piano Academy Live event in Paris, Piano DPO Louis-Marie Guérif sat down with industry leaders from Bird&Bird and Converteo to discuss the data privacy outlook for 2023 and beyond. They explained how businesses can protect themselves and boost their brand image by working with GDPR-compliant analytics. 

Key Takeaways:

The European Data Protection Authorities are tightening their controls on companies and fines are set to significantly increase in 2023. The GDPR is being more heavily enforced than ever, and the CNIL and EU Data Protection Authorities are taking a much harder line. Penalties and spot checks are continuing to rise, with an increase of over €100 million in fines levied in 2022 alone.

Players across the market have had to adjust their digital strategies to stay ahead of the regulations. Since the CNIL’s 2021 directive requiring opt-in consent for the use of non-essential cookies, it is now mandatory to display a cookie consent banner when a user arrives on a website. As a result, companies have had to spend considerable time and resources A/B testing the design and wording of cookie banners to optimize consent rates.

Businesses are looking for alternative ways to collect complete data sets without the need to display a cookie consent banner. Due to high drop-off rates when website visitors hit a cookie banner, companies continue to look for tools that allow them to gather both consented and non-consented data for the entirety of their visits. Certain select analytics providers have been granted the CNIL’s cookie consent exemption, which allows them to do this.

End users and industry players are far more aware of Big Tech’s illicit data collection practices and expect companies to demonstrate a privacy-first approach. The collection of non-compliant data is an increasingly sensitive topic for end users and partners across the digital media industry – with nearly 15,000 GDPR breach notifications last year.

Businesses need to stop using Google Analytics as soon as possible to mitigate the risk of financial and brand damage from a GDPR fine. In the face of a legal sanction for a GDPR breach, they could face damage to their brand reputation as well as the considerable costs and challenge of extracting GA. Companies need to rapidly implement a new tool to avoid disrupting their data flows, changing dashboards and retraining internal users. Failure to comply with regulations can result in a fine of 2-4% of their global turnover.

The only viable way forward is for players in the digital market to adopt an ethical, privacy-by-design approach. By choosing a GDPR-compliant analytics provider, brands can reassure their online audience and industry partners that they remain committed to protecting data privacy and consumer rights.

Piano Analytics collects data from the entirety of visits for both consented and non-consented users. If a user doesn’t provide their consent, Piano’s hybrid measurement only collects the data that is strictly necessary to identify the user, so it remains GDPR compliant. 

Watch the full recording to learn more about Piano Analytics’ ethical, privacy-by-design and CNIL-exempted data collection.