All Blog Posts

Website analytics compliance

The EU’s GDPR and California’s CCPA both affect how your website is allowed to handle the personal data of users.

Updated December 14, 2020.

You need your website to be in compliance with the EU’s GDPR, but you’re afraid that this will result in a loss of website analytics on user behavior on your domain.

You’re in a dilemma – how can you be compliant without breaking your website’s analytics? And what kinds of website analytics data can you even get without breaking GDPR compliance?

Cookiebot consent management platform (CMP) offers plug-and-play compliance for your website through a powerful website scanner that detects and controls all cookies and trackers.

Combine Cookiebot CMP and Google Consent Mode to get valuable website analytics in full compliance with all major data privacy laws (GDPR, ePrivacy Directive, CCPA).

Quick summary

What is website analytics? Can I get compliant website analytics?

You have a website and you want to know how many users visit and what they click on. You’d also like to see conversion rates and be able to track your ad campaign’s reach.

Website analytics is the aggregated information (from key metrics to data visualizations) that give you insights into your website’s performance based on data collected from end-users by website analytics tools installed on your domain, often through the use of cookies and third-party trackers.

Website analytics tools range from free to paid versions with basic metrics to complex charts – the most popular being Google Analytics. Different website analytics tools yield different insights, so finding the right one can be important.

Website analytics data can help you understand what works and doesn’t work on your domain, so you can optimize your website, its user traction and ad campaigns, e.g. target potential customers, measure your website’s ROI (return on investment) and more.

But have you heard about the EU’s General Data Protection Regulation (GDPR)?

And that you need to be in compliance with the GDPR’s requirements for end-user privacy protection, specifically asking for and getting the explicit consent from end-users before processing any personal data in connection with the operation of your website’s analytics tools?

Regardless of where in the world your website is located, if you process data on users from inside the EU, you are required to meet the GDPR’s compliance standards – including its consent requirements.

Women sitting outside looking at laptop - Cookiebot
Website analytics based on behavioral data from the private lives and habits of users, collected by cookies and trackers, need consent to operate on your website.

But what if users say NO to cookies on your domain, leaving your website analytics tools blind and incapable of collecting any data, since you are legally obligated to respect user consent?

Does it mean you have to choose between protecting user privacy and securing data-driven website analytics for optimizing your website, its performance and marketing?

No, not if you use Cookiebot CMP as your consent management platform and combine it with Google Consent Mode on your website.

Try Cookiebot CMP to get compliant website analytics

Scan your website and get compliant website analytics without the use of cookies

Cookiebot CMP is the number one cookie solution on the Internet, offering your website fully automated compliance with all major data privacy laws in the world (GDPRCCPALGPDPOPIA).

Built around a powerful scanner that finds all cookies, trackers and trojan horses on your website, Cookiebot CMP automatically manages consent for each individual user, including secure storage and documentation, and renewal of all user consents in accordance with data law requirements.

Try free for 14 days – or forever if your website has under 50 subpages.

Scan your website for free to see what cookies and trackers are in use

Compliance without breaking website analytics

Cookiebot CMP integrates seamlessly with Google Consent Mode to offer you the best of both worlds: vital website analytics in full compliance with the EU’s GDPR.

As one of only a few consent management platforms in the world, Cookiebot CMP integrates fully and out-of-the-box with Google Consent Mode.

By combining Cookiebot CMP with Google Consent Mode on your website, you can rest assured that your website is compliant and that you will continue to get website analytics delivered.

No more analytics-breaking compliance, no more compliance-breaking website analytics!

Person holding a phone looking at Instagram Insights - Cookiebot
Get compliant website analytics with Cookiebot CMP and Google Consent Mode combined.

Cookiebot CMP controls all end-user consent and then forwards each anonymous and individual consent state to Google Consent Mode, which then controls your website analytics tools, e.g. Google Analytics, based on this consent state.

Website analytics without cookies

If users say NO to cookies and trackers, Cookiebot CMP sends this anonymous negative consent state to Google Consent Mode, which ensures that Google Analytics still collects data and operates to give you vital insights into your domain’s performance.

Cookieboot Pop Up Banner - Cookiebot
Cookiebot CMP consent banner controls cookies and integrates with Google Consent Mode to give you compliant website analytics without data loss.

Compliant website analytics include –

  • Aggregate conversion measurement for ad campaigns
  • Timestamps of visits to your domain
  • Referrer and data on how users arrive at your site
  • User agent
  • Whether current or prior page in user’s navigation includes ad-click information in the URL
  • Random number per each page load

With compliant website analytics from Cookiebot CMP and Google Consent Mode, your website is able to display contextual advertisement based on non-identifying information instead of behavioral advertisement based on personal data from end-users.

Try Cookiebot CMP free for 14 days – or forever if you have a small website.

Scan your website to see all cookies and trackers are in operation

Get started with Google Consent Mode for compliant website analytics today

Learn more about GDPR and cookie consent

Learn more about compliant website tracking

Compliant website analytics, in detail

Protect end-user privacy and receive compliant website analytics data all-in-one

Third-party trackers that harvest sensitive, private information on people when they search, browse and shop online have become a cautionary tale in the growing public awareness around data privacy and the adtech industry’s eerie surveillance of the Internet’s users.

But website analytics don’t have to be based on targeted, personalized tracking, and can instead rely on non-identifying aggregate information about number of page visits, location of users and website performance.

Women in street looking at phone - Cookiebot
Website analytics can run anonymously, and GDPR compliance doesn’t mean the end of data-driven business.

Nonetheless, growing public data privacy awareness has crystalized into concrete data laws around the world – the biggest and most influential being the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD) and South Africa’s Protection of Personal Information Act (POPIA).

Compliance with, in particular, the EU’s GDPR can often result in your website’s analytics breaking, and you losing vital data on your domain’s performance, because end-users are empowered with the right not to consent to all non-necessary cookies and trackers implemented on your website.

These include preference cookiesstatistics cookies and marketing cookies that are often responsible for the majority of website analytics tools and ad campaigns on websites.

What do data privacy laws say about website analytics and compliance?

Since website analytics data is often personal data, you most likely need a consent management platform to ensure all collection and processing is compliant.

Personal data or personal information or personally identifiable information is defined slightly differently by each major data privacy law, but in general they all include –

  • Names, email addresses, physical addresses, phone numbers,
  • IP addresses, cookies, trackers, unique IDs,
  • Search history, browser history, device information,
  • Household information, cross-device tracking,
  • Online preferences, interests, purchase history,
  • Political convictions, religious beliefs, memberships, affiliations.
Flag of European Union - Cookiebot
Your website analytics must be compliant with consent and data privacy requirements from the GDPR, LGPD, POPIA and more, depending on where in the world your end-users are located.

If your website has users from Europe, California, Brazil or South Africa, you must make sure that your website analytics tools and data collection is in compliance with the various requirements of the respective laws.

The EU’s GDPR protects personal data from individuals inside the European Union from unconsented collection and processing. Users must give their explicit, informed consent before you are allowed to activate your website analytics tools by letting cookies and trackers collect their personal data. EU users must also be told about how you collect their data, for what purposes and with whom you share it.

Learn more about the EU’s GDPR and consent

California’s CCPA empowers California residents to opt out of your website analytics and marketing practices by asking you to stop sharing and selling their personal information. You are also required to notify Californian users about your website analytics programs; what data you collect, for what purposes and with whom you share it.

Learn more about California’s CCPA and compliance

Brazil’s LGPD protects users inside the territories of Brazil from personal data collection and processing without consent. Brazilian users must be notified about your website analytics programs, how and why they collect data, who you share it with, as well as give their prior consent.

Learn more about Brazil’s LGPD and compliance

South Africa’ POPIA similarly protects end-user data inside South Africa by making consent a base requirement for any collection and processing of personal information, including for the purpose of website analytics and marketing campaigns.

Learn more about South Africa’s POPIA and compliance

How website analytics works

Cookies, personal data and compliance

Most website analytics tools work through cookies and trackers.

These cookies are categorized as third-party cookies, since they do not originate on and belong to your own website.

Website analytics cookies will activate once a user lands on your website, and then store themselves on the user’s browser and collect data on them, and these data can range from IP addresses to unique IDs that are randomly generated, but able to track, locate and identify the user upon repeated visits.

There are many different types of cookies and trackers, from the privacy-friendly session cookies that expire immediately once a user leaves your website again, to the privacy-infringing persistent cookies that collect personal data and can have lifespans close to that of human beings.

Close up of man typing on a phone - Cookiebot
Persistent statistic cookies are often used by website analytics tools to recognize users upon repeated visits.

Unique IDs and assigned trackers that are able to recall the same user is foundational for the most common metrics you get from website analytics tools.

This is how Google Analytics works, as well as myriads of other website tracking tools.

Aggregating – or combining – all this data into charts and visualizations enables you to see developments and trends emerging and to act upon them in due time.

Website analytics without using cookies

The launch of Google Consent Mode marks a turn by the adtech industry towards consent-based tracking – putting end-users at the center, while empowering website owners and operators to ensure a continued stream of website analytics and data while respecting user choices.

Turning away from third-party cookies, as Google has pledged to do by 2022, solidifies this move towards data privacy by design: end-user privacy cannot be ignored or neglected, not even in the pursuit of data-driven website analytics and marketing.

But website owners, the adtech industry and the Internet economy as a whole must also be brought into balance with the strong data privacy laws like EU’s GDPRCalifornia’s CCPABrazil’s LGPD and South Africa’s POPIA.

That’s why Google Consent Mode and Cookiebot CMP integrated is such a simple, yet powerful combination for your website – making sure that you are in full compliance without breaking your website’s analytics by giving you new possibilities for tracking without cookies.

Cookiebot CMP

Get compliant website analytics for free today

Cookiebot CMP enables compliance for our website with all major data privacy laws in the world.

Built around a powerful scanner that finds all and controls all cookies and trackers on your website, Cookiebot CMP offers automatic, plug-and-play compliance for your website, secure storage and documentation of all consent and automatic renewal.

Look for “Cookiebot CMP” as a standard tag in Google Tag Manager, a free WordPress plugin, an integration with IAB’s TCF 2.0 and IAB CCPA Framework.

Cookiebot CMP also fits seamlessly with Google Consent Mode to offer your website full data privacy compliance without the loss of website analytics.

Try Cookiebot CMP free for 14 days – or forever if you have a small website.

Scan your website to see what cookies and trackers are in use

Get started with Google Consent Mode

Learn more about compliant website tracking

Learn more about GDPR compliance

Learn more about CCPA compliance


How can I get analytics on my website?

Getting insights into your website’s performance can be done by implementing a website analytics tool on your website (e.g. Google Analytics). Website analytics tools will collect data on end-users, often through the use of cookies and trackers, and serve you aggregated information about key metrics and measurements.

Get started with Google Consent Mode and Cookiebot CMP

Is my website analytics compliant?

Do you ask for and obtain the explicit consent from end-users before tracking their personal data through the use of third-party cookies? If you don’t, then your website’s analytics is not compliant. Make sure that your consent management platform ensures full compliance on your website, including the operation of your website analytics tools.

Try Cookiebot CMP free for 14 days– or forever if you have a small website.

Can I track users without cookies?

Yes, with Google Consent Mode and Cookiebot CMP you will be able to receive valuable data, key metrics and basic measurements from your website analytics tools without using cookies. If your end-users opt out of cookies on your website, Google Consent Mode and Cookiebot CMP make sure that your website still receives vital insights into your domain’s performance. Full compliance without breaking your website analytics.

Get started with Google Consent Mode and Cookiebot CMP

Do I have to comply with the EU’s GDPR?

If your website has users from inside the EU, you are required to comply with the EU’s General Data Protection Regulation (GDPR) – regardless of where in the world you and your website is located. You are required to ask for and obtain the explicit consent from end-users before tracking any of their personal data for the use of website analytics.

Scan your website to see where in the world your website sends data to


Try Cookiebot CMP free for 14 days – or forever if you have a small website

Scan your website to see what cookies and trackers are in use

Learn more about Google Consent Mode and Cookiebot CMP

Learn more about website tracking and compliance

Learn more about GDPR compliance in the EU

Learn more about CCPA compliance in California

Learn more about LGPD compliance in Brazil

Learn more about POPIA compliance in South Africa