How to implement server side tracking/tagging in compliance with the GDPR? What must be taken into account with regard to the GDPR? What is the difference between service side tracking and client side tracking?
What is server side tracking/tagging?
Server side tracking, or sometimes referred to as server side tagging, has recently been touted as the “GDPR-compliant tracking solution”, as cookies can be dispensed with.
However, server side tracking is not the same as server side tagging.
Tracking means “tracking”, tagging means the accumulation of information.
Server side tracking is not a new technique or technology.
Classic tracking (client-side tracking) is initiated by a client. In this case, data is sent directly from the browser or an app to the tracking server (e.g. Google Analytics server).
With server side tracking, the tracking events are sent from the app or website to your own server, which forwards these events to the analysis server. When we talk about server side tagging, further information is added before it is forwarded to the analysis server and only then forwarded. This means that data collection and processing takes place on the server, which enables more secure and efficient data collection.
One of the main advantages of server-side tagging is that it is less susceptible to blocking by browsers or ad blockers compared to client-side tracking methods. This makes server-side tagging a more reliable method for analyzing user data and provides more accurate insights into user behavior.
Implement server side tracking/tagging in compliance with GDPR
Re. GDPR, there is no difference between client-side tracking and server-side tracking. For each form, a technical implementation that complies with the GDPR regulations must be ensured.
Below you will find the most important considerations for website owners and
- Consent Management: Website and application owners must have a clear and transparent privacy policy that explains the type of data they collect, how they use it and how users can control their data.
- Data protection: Server-side tagging must comply with GDPR data protection requirements, including data protection and secure storage.
- Data erasure: Server-side tagging must also comply with the GDPR’s “right to erasure”, which gives individuals the right to request the deletion of their personal data. This means that website and application owners must have processes in place to delete user data upon request.
- Data processing: The server-side tagging implementation must also meet the requirements of the GDPR for data processing, including data minimization, purpose limitation and data security.
In summary, server-side tagging is a powerful way to track user data, but requires a technically sound implementation that complies with GDPR regulations. By prioritizing user privacy and data protection, website and application owners can use server-side tagging to gain valuable insights into user behavior in a secure and compliant way.
