[🍪 Privacy Marketer] A couple os important things you must know about user id

Is UserID considered personal data?

Yes, user IDs are considered personal data under the GDPR. The GDPR defines personal data as any information relating to an identified or identifiable natural person, which includes user IDs that can be used to identify an individual. Therefore, the processing of user IDs is subject to the GDPR's requirements for the processing of personal data, including obtaining the user's consent before processing their data.

Does Digital fingerprinting tracking solutions work with UserIDs?

Yes, it does. They create a user ID based on the “photo” of your device, as we explained in a previous newsletter.

If my digital fingerprinting-based tech deletes userIDs every night and works anonymously, would I need consent to track?

If the data is truly anonymous and cannot be linked to an identifiable individual, then it would not be considered personal data under the GDPR. In that case, the GDPR's requirements for the processing of personal data, including obtaining the user's consent, would not apply. However, ensuring that the data is anonymous and cannot be linked to an identifiable individual is vital. If there is any possibility that the data could be linked to an individual, then it would still be considered personal data and subject to the GDPR's requirements.

How can I demonstrate that the web analytics data is entirely anonymous?

To demonstrate that your data is anonymous, you should ensure that the data cannot be linked to an identifiable individual, even indirectly. You should remove any identifying information from the data, such as names, email addresses, or other personal identifiers. Additionally, you should ensure that the data is aggregated and cannot be broken down to identify individual users.

Conducting a thorough risk assessment to identify any potential re-identification risks is also essential. This includes considering whether the data could be combined with other data sources to identify individuals or whether any other factors could lead to re-identification.

Finally, it is essential to document your anonymization process and keep records of your steps to ensure that the data is truly anonymous. This will help you to demonstrate to regulators and other stakeholders that you have taken appropriate measures to protect the privacy of individuals.

Conclusion:

If you’re tracking individually, even anonymously, if someone can merge your “anonymous” data with an email (for example), you’ll have a problem.

For this reason, SEALMetrics doesn’t work tracking users individually. No risk of legal problems!

Extra-mile: is Google's gclid considered as personal data?

Yes, Google's gclid is considered personal data under the GDPR. The gclid is a unique identifier used to track user activity on Google Ads. Since the gclid can be used to identify an individual user, it is considered personal data under the GDPR. Therefore, the processing of gclids is subject to the GDPR's requirements for processing personal data, including obtaining the user's consent before processing their data.