Server Side Tracking AVG: What You Need to Know
The AVG has changed a lot for online entrepreneurs. It is increasingly important to handle personal data properly. In this context, Server Side Tagging helps you better comply with AVG guidelines. What is the role of Server GTM in this? We explain that in this article.
Key Points 🔑
- Manage Data Collection: Using Server Side Tagging provides more control over what data is sent to platforms such as Google and Facebook, allowing you to exclude personal information such as IP addresses and client IDs.
- Data Storage and Processing Agreements: Important considerations regarding where and how long data is stored, and the importance of processing agreements with third parties such as Google Analytics.
- Future of Server Side Tagging: The increasing emphasis on data privacy and the shift from Third Party to First Party Cookies highlight the growing importance of Server Side Tagging as a method for AVG compliance and advanced data analytics.
What is the AVG?
The AVG is about regulating (online) personal data. It went into effect May 25, 2018. Online, at least the following are considered personal data:
- Name
- IP
- Address
- And some cookies
In addition, health data or financial data, for example, are also personal data and thus should not be collected or shared without consent.
By default, Google and Facebook collect IP, location and cookie data. You can also send additional data (enhanced conversion data) to these platforms, but that's not in the default setup.
So, in the current way, you cannot link Google and Facebook to your website within the guidelines of the AVG. That linking is often done through a tool like Google Tag Manager. GTM does not store data, but acts as a conduit. So Google Tag Manager can be used AVG proof, but in a specific way. More on that later.
What does AVG mean for data tracking?
For many online businesses, monitoring user behavior on their website or app is an essential part of their operations. Through trackers, they collect data on user behavior, leading to informed decisions and ultimately greater profits.
Website tracking is not in itself illegal. Legality depends on where you do business and how tracking is regulated. To determine if your Web site is tracking data correctly, you need to understand how you monitor your users and what steps you need to take to comply with legal requirements.
To be AVG proof yet do data tracking, a few things are important to consider. The collection, storage and processing of data.
Collecting data
Data collection is usually done with a third party tracking script and third party cookies. These are codes from Google and Facebook, for example. These are often placed through GTM. These codes collect data. You have virtually no control over this. So Google can collect what it wants. To control which data is collected, you can apply server side tagging. This allows you to take full control over what data is sent to Google or Facebook.
This also allows you to exclude certain data from being collected. For example, you can exclude IP addresses and client ids from tracking. In addition, you can go even further by also not sending URL parameters (UTM tags, for example).
The new version of GA4 also has more flexibility to ensure that some data is not collected. For example, you can disable google signals, ad personalization and location data for optimal security.
Finally, the most important thing is to use a cookie banner to ask permission to track data (and indicate what data you will collect, for what purposes). We use Cookiebot for that, because it works well with Google Tag Manager. By means of the Consent Mode in Google Tag Manager you can regulate that the tracking actually complies with what is indicated in the cookie banner.
When you set up consent mode in the Google Tag Manager server container, based on the consent level someone enters at the cookie banner, you forward the data to the relevant platforms. This ensures that data processing is more in line with user preferences and privacy laws, balancing user privacy with data use for targeted marketing and analytics.
Save data
In addition, data storage is also an important factor. How long will the data be stored? GA4 has made many strides in this as well. For example, you can exclude data being shared to other parts within Google.
In addition, it is important that personal data is not stored outside the EU. This is the case with Google Analytics. Through Server Side Tagging, we ensure that the personal data is already excluded before and thus never sent to Google Analytics. This way you can use it within the guidelines of the AVG.
TAGGRS has servers around the world , so data is securely stored and processed within your own country.
Processing data
Finally, you need to sign a processing agreement with the party receiving the data. In the case of GA4, you sign for this when you create an account.
First party vs third party cookies
First Party Cookies are created by the visited website itself and are primarily intended to optimize the user experience, such as remembering login information and shopping basket items. They are critical to site functionality and are only active on the website that created them. In contrast, Third Party Cookies are created by third parties, such as ad networks, and focus on tracking, retargeting and delivering personalized ads to users.
There is a clear shift from the use of Third Party Cookies to First Party Cookies. This trend is reinforced by the increasing focus on privacy and data protection. In addition, browsers such as Google Chrome and Mozilla Firefox also consider user privacy increasingly important resulting in the increasing blocking or restricting of Third Party Cookies.
These developments are creating a shift from Third Party to First Party Cookies.
Learn more in this blog about first party vs third party cookies.
Impact of AVG on data tracking
A specific example of the impact of privacy laws on Server Side Tagging is the ban by some governments on the use of Google Analytics. Because Google Analytics collects data on the behavior of Web site visitors, this can lead to privacy concerns. Therefore, certain governments have decided to ban Google Analytics on government websites to protect citizens' privacy.
There are many countries that feel Google Analytics is not compliant with AVG legislation. This development highlights the growing importance of privacy and data protection in the digital world, and at the same time, it shows the need for alternatives such as Server Side Tagging.
Here you can find a list of countries that think Google Analytics is illegal.
How does Server Side GTM help with AVG compliance?
If you work with third-party cookies, you know that control over your data can sometimes be difficult. With Server GTM, you can solve this problem and better manage what happens to your data. Below we discuss how.
Control Over Third Party Data
Working with third-party Web tracking scripts doesn't always mean you know what data is being collected. With Server GTM, you can manage this more precisely. For example, if you want to set up Server Side Tagging for Facebook, you can use server tags to specify exactly what info goes to Facebook. This limits what Facebook can see.
Safely Handling Sensitive Info and PII
It is against the policy of platforms like Google and Facebook to send personally identifiable information (PII). Server GTM helps you deal with this. You can remove PII such as IP addresses before it goes to external platforms, or you can hash the info.
Data Management Solutions.
Hashing of User Data: Different platforms have their own standards for hashing. For example, Google Analytics uses SHA256, as does Facebook.
Use a Fake GA4 ID: Some people use a real Google Analytics 4 ID for event tracking, and a fake GA4 ID to send data to the server container.
Server GTM also allows you to modify Web site URLs before sending them to an external party. This is useful if, for example, you have sensitive information in your URLs that should not be shared.
Is Server Side the Future?
Given the increasing emphasis on data privacy and the AVG, Server Side Tagging seems to be more than a trend. It allows companies to refine data collection while ensuring better compliance with privacy laws. Some countries already prohibit the use of certain third-party tracking tools, further reinforcing the need for server side tracking solutions.
There is also a shift from Third Party to First Party Cookies due to greater emphasis on user privacy. Server Side Tagging provides an additional solution here by filtering and hashing sensitive data before sending it to external parties.
All in all, Server Side Tagging not only seems to be the future; it seems to be the future. With an increasing focus on AVG compliance and data integrity, Server Side Tagging offers a path to both compliance and detailed data analysis.
TAGGRS offers Server Side Tracking hosting that allows you to continue to collect data online while being AVG compliant.
See you on the server side!
FAQ - Server Side Tagging AVG
What data falls outside the AVG?
Anonymous data, where identification of individuals is impossible, falls outside the AVG. The AVG applies to personal data, which means that all information that can directly or indirectly identify a person is covered by this law. Anonymous data, or data processed in such a way that it no longer identifies the individuals involved, is excluded from the AVG. Server Side Tagging can help anonymize personal data such as IP addresses.
Is Google Tag Manager AVG compliant?
Google Tag Manager can be AVG compliant if it is correctly set up to collect and process personal data only with consent, using Consent Mode.
Is Server Side Tagging legal?
Server Side Tagging is legal provided it complies with AVG rules. It requires transparency and user consent for the collection and processing of personal data.
Can AVG be done without consent?
AVG requires consent in many cases, but processing is sometimes possible without consent for specific purposes such as contractual necessity or legal obligations.