Thomas Baekdal, 16 april op Twitter:
My approach to managing GDPR is very simple (this is from my test server, the real site is still using the old code). By default, no personal identifiers are sent anywhere, so I don’t need to ‘ask for consent’ up front. I can just focus on giving people the best experience. ‘Consent’ is instead handled ‘contextually’ where the site only asks for it in very specific situations (like when people subscribe or when they want to see a video from YouTube), and it’s always explicit for that use. For instance, before, analytics was done via a client script, which meant that I as a publisher had no control over what was being sent. With the new system, all scripts are first passed through my server so that I completely control what GA is getting and when.
I was sceptical at first:
This is quite a brilliant idea! On the other hand: is this in full accordance with their terms? Sure, they offer this function, but I can imagine they could suspend your account for unintended usage of their ‘free’ service?
But he replies:
As far as I know, this is 100% is accordance with GA. This is why they created Universal Analytics to begin with :)