Website Privacy Issues

Here are some thoughts on privacy and changes that are coming within the next year that will hopefully make things safer and easier for all website owners and users.

Privacy Exhaustion

Privacy issues have been gaining a lot of attention for years since GDPR (2018) and CCPA (2020) came into effect and caused a lot of changes to how companies deal with customer data.

It’s to be expected that with all the leaks, talk of privacy, issues with privacy, and all the technical challenges of following GDPR/CCPA, website owners and maintainers can get a bit tired of it all.

We’re all tired of clicking cookie consent buttons, and how many of us have actually read the terms of service, privacy policy, or cookie policy?

There’s a lot to remember, a lot to do, and a lot of jargon.

Like many things, it all starts with considering something simple; Why do we need this information and what do we do with it?

Why do we need all this data?

Do we need to see the minutia of what website visitors are doing on our site? Does it have to be identifiable information? Matomo for example is privacy-first analytics and doesn’t save IP addresses or other personal info.

The main information website owners need is:

  • How many visitors during a given period?
  • Where did they come from? (Sources for traffic, links from other sites, campaigns etc).
  • What did they do on the site? (Which pages did they visit and for how long?)
  • Did they take any further action? (Conversions)

All of those questions can be answered without knowing your customer’s IP address and browsing history.

Re-think forms and analytics. The main point is to track how many leads and customers you are getting through your website and actual revenue. Think about how much time you will save when you are not bogged down in the details.

Cookies and Tracking

With every tool you embed in your site, there are often ‘third-party cookies’ that come along with the actual content.

For example, when you embed a YouTube video on your site, YouTube also sends cookies to track your users so they can get statistical data and offer those users other videos with similar topics and probably squirrel that data away for their own nefarious purposes. When embedding you can also enable ‘enhanced’ privacy which serves the video from youtube-nocookies.com (which by the way still saves tracking cookies in the browser). This gives the illusion of being more privacy orientated, while still circumventing actual privacy.

Google Chrome is already phasing out third-party cookies. At the end of this year, they won’t load. There are already warnings on pages that try to load them. You can already test your site in Chrome to test how your site works and make a plan before 2025. Firefox and Safari are way ahead of them already and block third-party by default.

Cookie Banners

There are many cookie consent banners out there that you can install for WordPress. Many of them show a consent banner, but need further technical knowledge to set it up correctly (this part is usually left out).

One of the best plugins currently is Complianz which automatically scans and finds cookies and services in use on your site and blocks them until the user has given consent. This means that YouTube videos and other integrations won’t load until the user has given permission.

We hope that when browsers take control of cookies (as it should have been to start with), we can say goodbye to cookie banners at some point. We all hate them.

Privacy Policies

As mentioned, most people won’t read the privacy policy, but it’s a required legal document to comply with regulations. It should be human-readable.

It should contain basics such as:

  • What data does your site collect? Contact forms, third-party integrations, cookies, and analytics data for example.
  • What do you do with it? This includes where it’s saved (the EU, elsewhere?). How long it’s saved for? Is it saved in someone else’s systems? Where are they storing it and how responsibly?
  • How can a user get more information? Including who is responsible for maintaining the data. How can the data be deleted when requested?

We’re not legal experts so we tried to make our policy as straightforward and transparent as possible.

Keep it Simple, Stupid

We have a whole article on this subject, but keeping things simple on your website has a whole host of benefits not just to the privacy of your visitors. It’s worth considering how to simplify the tools, plugins, and methods you use on your site and improve privacy, but also security, speed, and usability.

Conclusion

We help our customers with many of the technical requirements of GDPR such as making sure your consent banner actually works! We are not lawyers though so it’s always worth finding out your legal requirements.

Contact us if you would like more information or would like advice on improving privacy on your site.

Author Info: Lisa Karvonen

Lissu is a full-stack developer who started working in WordPress in 2003. Since then she has coded plugins, themes and applications for companies and organizations in both WordPress and Multisite as well as other PHP/MySQL applications.

She started developing the WP-Ensure platform in 2017 as a response to customer site attacks and has been steadily improving and growing the company and platform since then.

She's originally from Scotland but lives in Finland with her husband, son, two dogs, two cats and a reef tank.

Services We Love