Our Insights


GDPR-proof data success? Make it work with server-side tracking

Dave van Zanten
Dave van Zanten
31 Mar 2023 - 6 min read

“How can we use data?” - This is the most frequently asked question my data colleagues and I are asked by companies. It is a very important question, because making smart use of data is key to innovate and grow faster. However, when we deal with data, we need to take laws and regulations into careful consideration. 

Under the GDPR, customers or users have the right to decide what data can be collected and how that data can be used (consent). This protects users from practices such as spam and the reselling and endless reuse of their data. They can also ask you to access their data or delete their data altogether. The software that companies use to collect data is very often not fully compliant. Tooling like Google Analytics 4, for example, still stores data in the United States, even though courts have ruled that your customers do not have adequate legal protection there. 

At Triple, we believe that working with data should always be 100% compliant. Because that is the way it should be, because it protects our customers from hefty fines, but mainly because trust is the basis of a good customer relationship and attention to privacy contributes to a positive customer experience. Therefore, we build all our data solutions to comply with all legislation. We go further though. You also want to be able to quickly comply with any new rules: the GDPR is most likely not the end-all-be-all when it comes to privacy and data legislation. And building a data platform that you need to discard of as soon as legislation changes, is obviously a waste of money. 

So the question should actually be: “How can we use data and how do we keep it compliant, today as well as in the future?”.

Assumptions about what customers want

Frequently, I see companies working with assumptions about what customers want and which products perform well. Based on those assumptions, they create marketing campaigns and build their websites. Many times, a conclusive mechanism to test their assumptions and to check the effectiveness of the marketing campaigns is missing. This means they do not have a comprehensive understanding of the user experience, do not know where to best invest their marketing budget and if the development team is working on the right things. Consequently, there is no predictable way to engage users and increase website revenue. 

Is ‘more data’ the solution? 

A common reflex in that case is to start collecting as much data as possible and linking to as many platforms as possible. Think analytics cookies, HotJar trackers, tags for remarketing on Facebook and Google and much more. However, with all those tags, cookies and platforms, things might actually get really complicated. With dozens of websites and apps, it will be difficult to manage them all in such a way that it both produces usable data sets AND neatly complies with legislation. Implementing, managing and demonstrating consent becomes an enormous task, if only because you no longer know exactly what data you are collecting and where it is stored. On top of that, all those tags are bad for the performance of your sites and thus for the customer experience. Moreover, you will have to figure out a way to bring all that data from all those separate sources together into one complete customer view. Simply ‘collecting more data’ is therefore not the answer. The answer is to collect smarter data. 

Server-side tracking

With server-side tracking, we flip the standard tracking model and set up a separate server to manage and serve all your tags. On the website itself, at your end user's side, there is only one tag. Initially collecting all user data in a central location makes it possible not only to combine, store and operationalize data better, you can also decide what you want to send to third parties. In other words, it is not Meta and Google that decide what they know about your customer, it is you. As a result, you can finally safely guarantee your customers that you will not share anything without their permission: on your own tracking server, you have complete control. If a user does not give permission to store or use data, all you need to do is record this in one place and you can be sure that you are compliant everywhere. Moreover, you can still use aggregated and anonymized data, giving you more control over the behavior of users who have refused consent. In this way, compliance and data go hand in hand. If you are interested in server-side tracking, check out the full article my colleague Daniel wrote about it

Two ways to get started

There are two ways to look at server-side tracking. Our client FM Group chose it because they wished to collect as much data as possible from their 15 websites. They preferred to combine that data internally into a single platform for customer data, so they could decide how to use it later. 

Server-side tracking from Triple was the solution here; we could pull the analytics data to our platform and combine it there. This allowed us to create separate Analytics properties for each site without requiring an expensive Analytics 360 subscription. Without server-side tracking, managing so many separate properties would have been a lot of work. Now, FM Group could also work with a single Facebook pixel, which saves significantly on management. As consent and data management are handled centrally, GDPR compliance is easy. New legislation coming up? We can easily make the necessary adjustments centrally. There are also companies that take the opposite approach. They start small, see what they lack in data and then supplement. But even for that, you require a future-proof platform that can grow compliantly with you, especially if you have an increasing number of websites.

Trial & error

So server-side tracking has many advantages, but it is definitely not something you just ‘switch on’. When building our own solutions for this, we found that the interfaces of the big data platforms are not necessarily designed for easy integration. Google and Facebook's APIs, for example, are also insufficiently documented. Moreover, the interface of Google Tag Manager, the tool that underlies server-side tracking, does not provide feedback or clear error messages if you try something that does not work. As a result, building our solution involved a considerable amount of trial and error.

However, all that testing and trying delivered us extensive operational knowledge of how these systems work. And how we can exchange data with them. Thus, now we can swiftly roll out our solution to a customer domain. They can then quickly, efficiently, and completely GDPR-compliant start working with data across different websites.

What server-side tracking gets you

So with server-side tracking, you have more data available and you can do more with it, while always keeping a 100% grip on consent and GDPR compliance. That sounds great, but what does it mean specifically? To answer that question, we should circle back to the question that started this article: how can you use data?
If all goes well, you started your data journey with a goal in mind. For an e-commerce company, the goal is usually to gain more insight into what customers buy and how often. After all, if you know your customers' behavior, and you can recognize them when they return to one of your sites, you can show them offers you know they'll find interesting. These kinds of personalized recommendations have an immediate and demonstrable effect on your sales. But you can also use this data to create other marketing promotions, such as e-mails, and make them more personal and therefore more effective.

Faster experimentation

More data? That calls for more experiments, because you should be able to optimize your user experience as well as your marketing. When we come up with a new feature at FM Group, we add a button to the user interface before we actually build the feature. The button indicates what the new feature does, but when the user clicks or taps it, nothing happens yet. Except, we can see that it has been clicked. If it is clicked on a lot, we build the feature. If no-one clicks, we remove the button and have not wasted time building the logic behind it. This way, users tell us whether they are receptive for the feature or not, and server-side tracking helps us to experiment and innovate quickly.

In addition to e-commerce sites, we build many apps at Triple. For apps, it is also important to be able to test and evaluate new features quickly, based on as much data as possible. This GDPR-proof server-side tracking solution allows us, for example, to greatly improve the recommendation of new videos in streaming platforms.

Roadmap for success:

  1. List your use cases. Data success always starts with a broad, strategic view. By listing all possible use cases and assessing them for complexity and impact, it is easier to determine where to start and what you need in order to do it.
  2. Look at your overall data maturity. Server-side tracking is not a stand-alone solution. To get returns from your data and stay compliant, you need other processes and systems as well. This is a good time to look at what you're still missing.
  3. Make a well-informed platform choice. Server-side tracking is not a standard product, nor is it necessarily the right solution for everyone. Be sure to carefully consider other possible solutions.
  4. Implement server-side tracking the right way. We first implement the tracking server on your domain, so you work with first-party cookies and are therefore compliant. From there, we configure your new consent mechanism across all your sites. Once this is operable, we will know what data you can and cannot keep, and we can build filters to send data to Google Analytics and other applications. 

    Getting started with server-side tracking? Email me and we can discuss further.