Product

• Mobile Marketing Cloud

  • TraceDock

Resolution

At TraceDock, we believe that end user trustworthiness determines whether digital information technology maintains or relinquishes its right to exist.

That’s why we endorse any regulation that curbs any technology which enables to monitor internet users across the internet without consent.

An example of this regulation can be found in Denmark (the Cookie Order) and Belgium (the DPA) which is based on the European ePrivacy directive. Conceptually these laws curb the use of cookies by requiring website operators to explicitly ask consent when placing cookies. The consequence is that when a user does not provide explicit consent, the website operator cannot place a cookie that is used for tracking, which includes the Google Analytics cookie _ga.

Taking this into account, if a user rejects cookies, TraceDock will not store a clientID in the browser in the form of a cookie. Instead, TraceDock generates a server-side hash which provides marketeers with anonymous data of the user on their own website.

The server-side hash is computed through a hash function based on the website URL, User-Agent and the external 1P-address. This hash function (SHA1) used is mathematically irreversible, meaning that you cannot backwards engineer the underlying values. Also, by including the website URL in the hash, the identifier becomes completely first party. That means that the data in the analytics tool cannot be reused for further retargeting or tracking the user across multiple websites.

By not placing any cookies in the browser of the user, TraceDock becomes fully compliant to the European ePrivacy directive and the local cookie laws as found in Denmark and Belgium. Furthermore, by ensuring that the data is anonymized,
TraceDock strikes a balance between a website operator’s interest in acquiring visitor information and website visitors’ desire for privacy and avoiding being tracked all over the internet. As such making the service fully GDPR and CCPA compliant.