This article explores consentless tracking, a viable alternative to cookie-based analytics most businesses still rely on today.
We’ll explain how it enables businesses to collect meaningful website traffic data while staying compliant, protecting user privacy, and keeping the experience seamless.
Before we get into consentless tracking, we will first cover the consent question: Why do most traditional analytics require explicit user consent before collecting data?
The reason is that the data traditional cookie-based analytics collect and process is personal data of website visitors.
Cookie-based tracking has existed since the early days of the Internet. Cookies collect data about users—often without them noticing—as they move across the web.
“First-party” cookies allow website owners to analyze traffic and optimize performance. However, most cookies are “third-party,” meaning they continue tracking data across websites and offer the collected information to third-party ad networks, such as Google, Facebook, and data brokers.
The central concern with that type of tracking is the amount of accumulated data that allows pinpointing user profiling. Even if data brokers don’t have personally identifiable information such as full names, addresses, and social security numbers, we all witness that ad campaigns and social media recommendations can often be surprisingly accurate.
Such accuracy raises concerns about potential privacy infringement.
While many laws regulated the digital ecosystem, such as the ePrivacy Directive, the EU’s General Data Protection Regulation made significant progress, particularly regarding consent and online tracking. Here are some of the most important changes this major privacy law introduced that affected website tracking:
GDPR also has a broad definition of personal data—any data traced back to an individual physical person is considered personal data, whether on its own or when combined with other information. That means, processing IP addresses is regarded as personal data processing, even when IPs are hashed.
Techniques like fingerprinting or profiling—where multiple data points are combined to identify a user—also fall under personal data processing. Even if each data point is harmless on its own, consent is required if the combination allows identification.
GDPR also introduced high penalties for non-compliance, reaching as much as 20 million euros, or up to 4 % of their global turnover.
The GDPR’s influence spread rapidly, as many websites offering products and services to the EU market had to comply. Worldwide lawmakers soon followed, with the California Consumer Privacy Act (CCPA) being one of the most prominent examples of post-GDPR privacy regulations.
While legislators introduce changes to the approach, the main line of thinking remains the same—personal data processing is only allowed if previous consent has been given.
While companies can face GDPR fines even if they use cookie banners, legal penalties aren’t the only concern that follows consent-based analytics.
Legislators aren’t the only ones to address the rising privacy concerns that follow tracking on a massive scale—users are taking matters into their own hands.
Beyond rejecting cookies, users increasingly turn to privacy tools to protect their data:
As a result, traditional cookie-based marketing is no longer as accurate as it used to be.
However, the diminished data accuracy isn’t the central issue. When data-conscious users see consent banners, they know the website asks them to share their data with ad networks and brokers.
Privacy-conscious users may view this approach as misaligned with their expectations. They will likely question the ethical principles behind the brand processing and sharing their valuable data to make their marketing campaign more effective. Not only are they likely to refuse the consent of the processing, but they will probably look for alternative brands that prioritize ethical standards.
In other words, relying on cookie-based analytics may cause you to lose potential customers and clients to direct competitors.
We often hear that “data is the new oil”—but in today’s digital world, user attention might be even more scarce.
That’s why displaying complicated consent banners that take up significant portions of your pages and interfere with their design can negatively affect user experience.
Instead of browsing your content and offerings, users are faced with tickboxes and small text. Those banners will take their attention away from the main page content, affecting how users behave once they enter your site and whether they eventually convert.
Consent prompts may impact trust and disrupt the user experience, but banner fatigue can also negatively affect conversions. Ironically, the goal of analytics is to improve conversions—yet consent-based tracking often does the opposite.
Due to the rising legislative pressure and the growing number of privacy-conscious users, relying solely on consent-based tracking is becoming less sustainable. As a result, businesses started looking into less invasive website tracking alternatives.
Third-party cookies raise concerns as they gather user data across websites, often on behalf of major ad networks. In response, more and more cookieless marketing solutions allowing website owners to track visitors limited to their own site.
However, cookies aren’t the primary privacy concern on their own—unnecessary personal data processing is what infringes user privacy the most. If you collect personal data, you are required to ask for consent.
While they don’t rely on third-party cookies to collect data, some privacy-friendly tools implement methods such as IP address hashing, assigning unique identifiers, and precise location and device tracking. As a result, even if they don’t use cookies, they still “fingerprint” individual users, which is considered personal data processing.
As a result, those types of privacy-friendly analytics collect data without cookies, but they still require user consent.
So-called privacy-first analytics goes a step further than privacy-friendly solutions—it avoids processing any personal data altogether.
Instead of cookies, processing IP addresses, hashing, fingerprinting, and similar methods considered personal data collection and processing, privacy-first tools rely on non-invasive tracking.
While these methods aren’t precise enough to track individual users, which is why they aren’t considered personal data processing, they are accurate enough to distinguish individual website visits.
As a result, privacy-first tools don’t require consent banners—leaving the user experience untouched. At the same time, tracking remains reliable: ad blockers, VPNs, or private browsers won’t distort your traffic numbers.
mandera for instance is a privacy-first analytics solution that shows accurate website traffic counts without personal data processing.
mandera implements non-invasive tracking methods such as removing IP addresses from every request, tracking time zones, referrer domains, and basic device parameters.
Because that type of information can’t be traced back to individuals, it isn’t considered personal data—using mandera analytics doesn’t require consent banners, and you’ll be 100% GDPR and CCPA compliant.
Furthermore, the website UX will remain uninterrupted, allowing visitors to focus on your main content, which can positively impact overall user satisfaction and conversions.
Additionally, privacy-aware users will appreciate that you are using cookieless tracking solutions to maintain high ethical standards and respect their privacy, which can boost brand reputation.
Consent-based marketing is losing ground because privacy-aware users are growing, and worldwide legislation is becoming more stringent. Relying on it will likely become a bigger concern, especially regarding compliance headaches, ethical dilemmas, and even brand reputation as well as conversion issues.
Privacy-first tools such as mandera allow you to track website visits accurately without collecting any personal data. This consentless approach helps you stay ahead of changing regulations, while earning trust from today’s privacy-aware users.
Try mandera now completely free: True consentless web analytics that puts privacy first without compromising accuracy.
