|
Q: How should I set up my email tracking in the GDPR era?
By Johannes Hubert,
Senior Applications Programmer, L-Soft
The purview of the GDPR is the protection of personal data. If you're sending email campaigns and tracking the results, you are processing the personal data of your subscribers and need to take certain measures if you want to be fully compliant with the GDPR. Let's take a look at some different types of email tracking and what is most appropriate to use in the GDPR era.
Before we delve deeper into this topic, let's first examine the possible reasons why someone would want to use email tracking in the first place. There are three main use cases for email tracking:
1. View and click counts, expressed either as percentages (rates) or as total numbers
This data is used to find out how many recipients viewed the email or what percentage of recipients clicked on a certain link in the email. You can also do A/B-split tests to find out which variant generated the better view or click rates.
2. Demographic analysis of recipient behavior for more in-depth insights
This data can be used to find out how successful a mailing was among male recipients compared to female recipients or if recipients from one country are more likely to click on a certain link than those from another country.
3. Follow-up mailings based on previous recipient behavior
This data enables you to send out a mailing to a certain group of recipients. A few days later, you can send out a follow-up mailing to all recipients who viewed the original email and a different follow-up mailing to all recipients who did not.
All of these use cases can be fulfilled with LISTSERV Maestro's email tracking features depending on the tracking configuration. The impact of the GDPR depends on how you set up this configuration and what tracking type you use.
Tracking Types
In LISTSERV Maestro, you have the choice between several tracking types. The most commonly used ones are unique tracking, anonymous tracking and personal tracking.
1. Unique Tracking
Unique tracking is absolutely anonymous. The tracked recipients are identified by random unique IDs that cannot be traced back to the actual recipients.
Unique tracking supports the "View and Click Counts" use case but not the "Demographic Analysis" and "Follow-Up Mailing" use cases.
2. Anonymous Tracking
Anonymous tracking, if done right, is also anonymous just like unique tracking.
In addition to supporting the "View and Click Counts" use case, this type of tracking also supports the "Demographic Analysis" use case, although in a limited way. It does not support the "Follow-Up Mailing" use case.
3. Personal Tracking
Personal tracking is the most complete type of tracking. However, it is not anonymous and collects personal data of the recipients. This includes data like "which recipients viewed the email?" or "when did a certain recipient click on a certain link?".
It fully supports all three tracking use cases mentioned above.
Tracking Types vs the GDPR
The purview of the GDPR is the protection of personal data. Any data that is collected in an anonymous fashion doesn't usually count as personal data and does not fall under the GDPR's purview.
Therefore, the easiest way to perform email tracking in compliance with the GDPR is to do this tracking in a purely anonymous fashion so that the collected data is not relevant for the GDPR in the first place. In LISTSERV Maestro, this means to only use unique or anonymous tracking (although with the latter you have to take care so that it is truly anonymous – see below for further details on this).
While using unique or anonymous tracking makes it easy to be compliant with the GDPR, the drawback is that they don't support the "Follow-Up Mailing" use case. And the "Demographic Analysis" use case is only supported by anonymous tracking and only in a limited way.
If you need full support for all tracking use cases, then you need to employ personal tracking. This, in turn, has the disadvantage that the collected tracking data is definitely personal data of the recipients and falls under the purview of the GDPR. So you need to take additional measures to be GDPR compliant.
Among other things, this means that if you plan to use personal tracking, you must inform your subscribers about the fact that you plan to track their activities, like views and clicks, and you must ask for their consent during the subscription process. The most common way to do this is to include this information in your subscription terms in a detailed fashion (ideally making use of LISTSERV Maestro's special "Consent to Subscription Terms" profile field type – see How can I query my subscribers for explicit subscription consent?).
In contrast, if you only use unique or anonymous tracking, the subscription terms will usually not require an additional clause about email tracking.
Including such an additional clause about personal tracking in the subscription terms may have an alienating effect on potential subscribers, possibly leading to a lower subscription rate than you might otherwise have.
So you have to make a decision between using personal tracking with its more complete support for the various tracking use cases but also with more elaborate subscription terms that may alienate potential subscribers, or using only unique and anonymous tracking, where the subscription terms are simpler and thus the barrier of entry is lower.
This is an important decision with a long-term impact. If you decide to only use unique or anonymous tracking, and thus you do not include a special tracking clause in your subscription terms, then you must make sure that you indeed never use personal tracking. If in the future you want to use personal tracking after all, then you first have to collect consent from all of your existing and future subscribers in a fashion that is compliant with the GDPR. The best method to ensure that you don't accidentally use personal tracking is to set the personal tracking type to "Hidden" in the "Tracking Settings" in the Administration HUB:
Separating Consent to Personal Tracking from the Subscription Terms
Even if you decide to use personal tracking and to include a corresponding clause in your subscription terms, the GDPR may still put another obstacle in your way.
Under some circumstances, it's possible that if consenting to personal tracking is a pre-condition for the subscription itself (in other words, a subscription without this consent is not accepted), then this consent is not deemed as "freely given" as required by the GDPR.
You should check with your legal counsel to determine if a bundling of the consent to tracking into the subscription terms is acceptable.
If not, then you cannot use personal tracking by simply adding a clause about it into the subscription terms. You can then either stick to unique and anonymous tracking, or you need to separate the consent to personal tracking from the subscription terms so that a subscription is accepted even if the consent to personal tracking is not given.
Of course, if you do this, then you have to take care to never send a mailing with personal tracking to any subscribers who have not given their consent.
The simplest way to separate the consent to personal tracking from the subscription terms is to use the permission-based personal tracking feature of LISTSERV Maestro.
This type of personal tracking is available when using a LISTSERV Maestro subscriber list in a dataset that has a profile field of the special type "Consent to Personal Tracking".
With this profile field, LISTSERV Maestro queries the consent to personal tracking from the user at the time of the subscription, where the user can freely choose whether to give consent.
When sending a message to this subscriber list, the normal personal tracking option is then replaced with the permission-based personal tracking option. If selected, LISTSERV Maestro will automatically send out the email message in such a way that all subscribers who have given their permission are tracked with personal tracking while those who have not are tracked with unique tracking.
Note, however, that permission-based personal tracking currently does not support the "Follow-Up Mailing" use case, and any demographic analysis only includes the profiles of those recipients who have given their consent to personal tracking.
Using Anonymous Tracking Correctly
If you have decided to only track anonymously, but you still want to be able to perform at least a rough demographic analysis, you can do so with the anonymous tracking type if the profile data of your recipients allows this.
However, you need to take special care to use anonymous tracking correctly because if it's used incorrectly, the tracking data that is collected can still be traced back to the individual recipients, defeating the anonymity and putting you in a position where you, unwittingly, are in breach of the GDPR.
With anonymous tracking, the collected tracking data is not associated with the actual recipients. Instead, it's associated with anonymous profiles that must not include any identifying data. The demographic information from these anonymous profiles can then be used for reporting without exposing the actual individuals.
The key concept here is that these anonymous profiles must not include any identifying data that make it possible to identify an individual recipient. This is essentially only possible if for each anonymous profile there are several individual recipients with the same profile. So if later a tracked activity is associated with the profile, it isn't known which of the recipients that match this profile is the source of the activity.
To achieve this, when sending a mailing with anonymous tracking, you need to select a subset from the available profile fields that defines the mentioned anonymous profile.
This is the crucial part where special care must be taken so that this profile field subset does indeed constitute a proper anonymous profile.
Obviously, any profile fields with identifying data (like email address, name, street address, social security number, customer ID) should never be included in this anonymous profile.
Profile fields that contain more coarse data are more likely to be acceptable in an anonymous profile, but you need to be sure that they are coarse enough. A field is likely to contain coarse data if the possible values for the field are limited and are much fewer in number than the number of subscribers so that there is a high chance that each possible value will be shared by several subscribers.
For example, a "Country" field can be such a coarse field if you have a lot of subscribers from only a few countries. But if you have only a few subscribers, each from a different country, then it wouldn't be coarse enough for an anonymous profile.
But be aware that combining several such coarse fields into an anonymous profile reduces the coarseness of the whole profile with each field added. For example if you combine the "Country" and a "Gender" field into a profile, anonymity is only preserved if for each country+gender combination that exists, there are several subscribers that match this combination. In other words, there must not be any subscribers with a completely unique country+gender combination that isn't shared with any other subscriber.
The anonymous profile should therefore include as few profile fields as possible. In other words, you should only include those profile fields that you actually want to use during a demographic analysis, and only if the final profile field combination still results in coarse enough anonymous profiles that ensure the desired anonymity.
Also, anonymous tracking should not be used with subscriber lists that have only a small number of subscribers. The coarseness of the profile data is likely to be too low to guarantee anonymity for such small lists. For example, even if your anonymous profile consists only of the "Gender" field, if the subscriber list is quite small with, for example, only nine subscribers, eight of which happen to be female and only one is male, then the gender field alone would be enough to identify the single male subscriber.
Subscribe to LISTSERV at Work.
|
