GDPR (and similar laws) protects the users and their data. Mainly from the big corporations that are making money from selling them like a bag of flour but for sure, the laws apply to everyone.
Although a generic website owner doesn’t (and can’t) sell its user data collected with GA (Google Analytics), but because they are using that tool for tracking, Google can and will.
One thing that GDPR shows us is that every service has its price. Suppose you want to track users and get statistics; you must pay for a service. If they give it to you for free, you pay elsewhere (with your user’s data). Piwik was always here, and now you can choose from more privacy-friendly analytics like Fathom and Plausible.
But still, in some cases, the best solution isn’t privacy-oriented tracking; it is to leave the analytics all out.
I made and redesigned some of my sites recently, and instead of setting up a cookie notification and consent, I just left the analytics out.
I know analytics is essential in many cases, but it is like a car. You own one and use it for 1% of your ownership. You believe (and/or are forced to use it) that you need it, but you don’t use it (properly). What is the point if you need an entire site tracking just for a monthly user number? Probably nothing.
You can rarely measure the success of a project through monthly visits (or other quantitive measurements), unless you have a news site.
- If you sell any product, you need good analytics and a professional who analyzes that data.
- If you sell a service - like dental works - you can measure your conversion through booking and contact form submissions.
- It is likely insignificant if you have a personal site.
And yes, I know that these data don’t just user visits; it is also behavior that is hugely useful in the right hands, but that requires time and expertise. Without them, what it’s worth for you?
Why is it running if you track your users with hotjar and don’t analyze the data? I know it is business, and that is data, but it can be unnecessary. And also, if you run these scripts, you must load them correctly according to GDPR (hence the mighty cookie notifications that are consent modals), only when your user explicitly asks for them because otherwise, you trick them, lie to them and break your country’s law (if any). And if you load them correctly, you (and ethically) will see a fraction of it.
If you need to collect user data, pay for the proper tracking. It is not free; it is a service. If you pay for it, you will respect that data and appreciate it because if you do so, you sure understand your user’s privacy.
If you don’t, don’t use tracking. Don’t help the big tech to access more free data. If you look at that data once a month, you probably don’t need it.
If you need a middle ground, use GA in a GDPR way only when the user explicitly enables it (and as the law requires it). Privacy is not a joke.