Think Google Analytics is the only thing tracking IPs on your site? Hardly!!!
It goes way deeper than you can imagine, and has opened a huge can of worms for anyone doing business online.
Discover how the move to become completely GDPR compliant could tank your biz.
What’s at Issue
An IP address is considered to be personally identifiable information by the GDPR.
For you and me as site owners, it’s pretty hard to trace an IP address to an actual person who we can call by name.
But, if it can be coupled with a known account, tracking and IP back to a person is pretty easy.
GDPR Attacks Google and Facebook Immediately
LOTS of web surfers have both Google (mainly Gmail) and Facebook accounts.
If your site uses Google Analytics and/or Facebook Pixel Tracking, you are sharing the IP address of your site visitors with them.
Those big guns can easily trace IPs hitting your site to one of their account holders.
And that’s why the GDPR brought suit against Google and Facebook immediately.
Both of them use the IP info you share to target ads to that person based on their web surfing history.
You’re Being Tracked this Way Too!
Ever shop for something online and then jump onto Facebook and see an ad for the same thing?
Yep, the IP/account holder identification happens that fast!
Even your browser is in on the game, as it holds your site visit history and all associated cookies.
That’s supposed to be for your convenience with logging in and not showing you things that site owners selected to only display to first time visitors and such.
Can you imagine seeing a pop up you turned off every time you visit your favorite site? How annoying would that be? Aren’t you glad that site knows you are a frequent visitor and keeps it off?
But, the browser makers get something out of all this too.
Keep in mind that when you are given some tool to use for free, YOU are the product!
IP Rabbit Hole
IPs are being tracked on your site WAY more than you can imagine.
IP trackers also include:
- Server logs at your host (for security)
- CDN, like Cloudflare (for security and analytics of the bad bot filtering they do for you)
- Google Fonts (this one is a rumor and I haven’t verified it yet, but betting it is true)
Yep, there are certain cookies you can’t even disable or your whole WordPress site would croak.
You know, things like your login.
That cookie has to persist for you to stay logged into your site as you jump around different admin pages.
And your blog post commenters have a persistent cookie too. That’s especially true for those comments held in moderation.
In fact, that specific cookie is one I had to clarify in my site speed tests with regard to settings in caching plugins. (Here’s the one for WP Fastest Cache. I had to contact the dev of it and WP Rocket to clarify what constitutes a logged in user so I could properly advise how to configure that setting and ensure that leaving it off was correct.)
There are about 5 other essential cookies that WordPress sets too.
Bottom line – you can’t turn off ALL cookies.
And you can bet your bottom dollar that Google and others, including site security providers, will be arguing that their cookies are also essential under the super vague GDPR regulation of “legitimate interest” too.
So Now What?
With trillions of advertising dollars on the line, this part of the GDPR debate will never be over.
And it’s not likely that all sites everywhere will fall into an agreed upon set of what is acceptable compliance.
It is 100% likely that sites will continue to fall along a spectrum of compliance for the next several years.
The main thing is – GDPR is here to stay.
Data privacy is a real concern.
Some site surfers are getting more savvy about protecting their data and how it is used and taking control of it themselves at their browser level.
But the fact remains that there are 4 billion site surfers and the overwhelming majority of the them don’t give a rat’s patootie about any of this and will continue to remain careless with their online privacy and security.
We, as site owners, are the ones sweating all this GDPR stuff, not most of our site visitors.
And, there is only so much we can, or should do, to be GDPR compliant while so much debate is still raging.