Navigating Website Analytics in a Privacy-First World

Marketing

Analytics

Suset Acosta

May 15, 2025

Data is key if you’re a marketer in charge of optimizing your business’s online presence. To provide better user experiences, you first need to understand your users—their preferences, behaviors, and the key areas of improvement for your site.

Most analytics and optimization tools rely on cookies, but growing privacy concerns and regulations like GDPR and CCPA have made us rethink how to track user behavior while respecting their right to privacy.

If your martech stack includes tools that set cookies beyond what's strictly necessary (like Google Analytics), privacy regulations (where applicable) require that you offer users a way to opt out. This is usually handled through a cookie consent banner. The challenge is that most users don’t opt in, which can drop your website traffic data by 80 to 90 percent.

So, how can you maintain reliable website analytics while respecting user privacy? We’ll explain in this blog.

Cookies Defined

Cookies are small text files stored on a user’s device when they visit a website. They help websites remember user preferences, login details, and browsing activity. While they improve user experience and provide businesses with valuable insights, not all cookies serve the same purpose.

Cookies can be classified based on their origin and their purpose. First-party cookies are created and stored by the website you're directly visiting. Third-party cookies are created and stored by a domain different from the one you're visiting.

Third-party cookies raise privacy concerns as they can track users across multiple websites without explicit consent. Consequently, regulations like GDPR and CCPA require websites to disclose whether cookies are used and provide disabling options.

Additionally, cookies can be classified in the following ways:

1. Necessary Cookies

These cookies are essential for a website to function correctly. They enable core functionalities like page navigation, security, and access to secure areas of the site. Since they don’t track users for marketing purposes, they don’t require consent.

2. Performance Cookies

Also known as analytics cookies, these track user behavior across a website, helping businesses understand page performance and user engagement. While they don’t collect personally identifiable information, they often require user consent.

3. Functional Cookies

These cookies enhance the user experience by remembering choices like language preferences, region selection, or login credentials. They’re not essential, but they improve site usability.

4. Targeting (Marketing) Cookies

These cookies are used primarily for advertising and tracking website users to deliver personalized ads. They collect data on browsing habits, making them a significant focus of privacy regulations like GDPR and CCPA, which require explicit user consent before activation.

In short, to comply with privacy regulations like GDPR and CCPA, any type of cookie other than necessary requires user consent.

Privacy Compliance & Cookie Restrictions

Regulations like GDPR require explicit consent before storing non-essential cookies, while CCPA mandates transparency and opt-out options. This has led to high opt-out rates on cookie-based tracking and gaps in website data due to missing user interactions.

So, what’s the alternative? Is there a solution to fill in the data gaps?

Cookieless Tracking: A Smarter Alternative

Instead of relying on cookies, cookieless tracking platforms use techniques like:

Aggregated data collection: This approach focuses on gathering data in bulk to identify trends and patterns without exposing individual user identities. For example, instead of tracking what a specific user clicked on, you might analyze how many users from a particular region visited a page or completed a purchase.
Fingerprinting methods: Collecting browser and device data to build anonymous user profiles. While effective, fingerprinting raises privacy concerns and can violate regulations like the GDPR. It’s also difficult to regulate since it relies on collecting technical details, like fonts and hardware specs, that are hard to detect or block, leaving users without control.
IP-based tracking: This involves counting unique IP addresses to estimate the number of visitors. To comply with privacy regulations, IPs must be masked so they are not treated as Personally Identifiable Information (PII).

To avoid legal risks related to collecting PII and fingerprinting, cookieless platforms must rely on privacy-friendly tracking methods. This allows them to track user activity without relying on personal identifiers. One common approach is generating a temporary, anonymized ID based on non-sensitive browser and device data. Because the ID is time-limited (24 hours) and doesn’t persist across sessions, it strikes a balance between meaningful analytics and compliance.

Cookieless Analytics Platforms

Choosing a cookieless tracking platform eliminates the need for a cookie consent banner. Since these tools don’t rely on cookies or store identifiable information, they ensure your site fully complies with privacy regulations. Below is a list of leading cookie-free analytics tools that align with modern privacy standards.

1. Matomo (formerly Piwik)

What it does: An open-source analytics platform that provides 100% data ownership with a self-hosted option.
Why it stands out: Offers cookieless tracking, heatmaps, A/B testing, and session recordings without relying on third-party cookies.

2. Plausible Analytics

What it does: A lightweight, open-source alternative designed for privacy compliance.
Why it stands out: It uses cookieless tracking, anonymized visitor data, and real-time insights while keeping data fully transparent and accessible.

3. Simple Analytics

What it does: A minimalist analytics tool that provides essential website metrics without storing personal data.
Why it stands out: Offers fully cookieless tracking, GDPR/CCPA compliance, and lightweight scripts for better site performance.

Google Analytics V4

Imagine you’re using a cookie-based tracking tool, implement a consent banner, and as a result, lose visibility into your website’s core metrics. In many cases, that tool is Google Analytics. If you want to continue using Google Analytics while respecting user privacy, you can implement Google Consent Mode. This feature adjusts data collection based on user consent choices.

Consent Mode allows partial data collection even when users decline cookies and enables conversion modeling to estimate lost data. It requires integration with a Consent Management Platform (CMP) for full compliance, and the data is limited when users decline tracking, relying on modeled estimates. I believe that modeled data accuracy is a concern. How reliable is it? That's a good topic for another post.

Consent Mode

What it does: It uses the latest version of Google Analytics, which can work in a cookieless mode when users decline consent.
Why it stands out: Uses machine learning and data modeling to fill gaps in tracking without relying on personal data.

Cookieless vs. Consent Mode

Cookieless tracking platforms are a future-ready alternative to Google Analytics & Google Consent Mode.

Google Consent Mode is Google’s solution for collecting some data even when users reject cookies. It helps maintain some level of reporting, but it's still tightly coupled with the broader Google ecosystem and still fundamentally built around cookies and consent frameworks.

On the other hand, cookieless platforms like Plausible, Simple Analytics, and Matomo (cookieless setup) take a different approach by not relying on cookies at all. There’s no modeling or workarounds, and often no need for a consent banner. These tools are built with privacy by design to allow for anonymous, aggregate data collection that meets regulatory requirements out of the box.

Here’s how they compare at a glance:

Feature	Matomo	Simple Analytics	Plausible Analytics	Google Consent Mode
Privacy & Compliance	GDPR and CCPA compliant	GDPR and CCPA compliant	GDPR and CCPA compliant	Collects only aggregated, non-personal data
Tracking Method	Cookieless tracking is available. Uses cookies for advanced features	Fully cookieless	Fully cookieless	Aggregated tracking when users decline cookies
Requires Consent Banner	Yes	No	No	Yes
Heatmaps & Session Recording	Yes	No	No	No
A/B Testing	Yes	No	No	No
Form Analytics	Yes	No	No	No
Google Analytics Importer	Yes	Yes	Yes	N/A
Built-in Tag Management	Yes	No	No	Google Tag Manager
Custom Reports	Yes	No	No	Yes
Self-Hosting	Yes	No	Yes	No
Ease of Use	More complex, enterprise-ready	Extremely simple	Simple	Requires technical setup
Implementation Effortg	Low (cloud) \| Higher (self-hosting)	Very Low (simple script)	Low (cloud) \| Higher (self-hosting)	Medium (Requires Google Tag Manager setup)
Cost	$ cloud (from $26 per month) \| $$ self-hosting & additional features	$ cloud (from $0 per month)	$ cloud (from $9 per month) \| $$ self-hosting	$$ indirect costs (implementation & consent banner)

Beyond Analytics

Suppose you’ve moved toward privacy-first, and you're looking for ways to go beyond data collection and reporting. In that case, the next step in your digital optimization journey might be investing in a Customer Data Platform (CDP).

Platforms like Sitecore CDP, Optimizely Data Platform (ODP), and Adobe Real-Time CDP empower marketers to do much more than analyze traffic. They provide a centralized view of customer behavior across channels and help deliver personalized experiences in real time, without depending on third-party cookies.

Here’s what marketers unlock with a CDP:

Unified Customer Profiles

Marketers can combine data from their website, CRM, mobile app, email campaigns, and more to build a single view of each customer, even when they’re anonymous or not logged in.
Real-Time Personalization

Teams can deliver tailored content or offers based on a visitor’s current behavior or audience segment, enhancing engagement without needing historical cookies or outdated data models.
Smarter Segmentation and Targeting

Teams can create dynamic segments using behavioral, transactional, and demographic data to power more relevant marketing strategies across all channels.
Cross-Channel Campaign Orchestration

Marketers can go beyond web analytics by coordinating campaigns across web, email, ads, and in-app experiences to ensure that messages reach the right person at the right time.
Built-in Privacy and Consent Management

CDPs are designed to operate within today’s privacy frameworks, helping enterprises honor user preferences and stay compliant with GDPR, CCPA, and other regulations.

Making the Right Website Analytics Choice for Your Business

If your organization relies heavily on tracking user behavior for marketing and decision-making, transitioning to privacy-compliant analytics is crucial. Consider:

Your need for real-time data: Do you require instant insights or general trends?
Customization vs. simplicity: Do you need advanced tracking, or are basic metrics enough?
Data ownership: Do you prefer to host data yourself or use a third-party provider?

If you're ready to take your website optimization to the next level, this might also be the right time to invest in a Customer Data Platform (CDP). Tools like Sitecore CDP, Optimizely CDP, and Adobe Real-Time CDP go far beyond traditional analytics. They allow you to move from passive reporting to active engagement, while staying compliant with modern privacy standards.

With the right strategy, you can maintain meaningful insights, deliver personalized experiences, and build stronger customer relationships without compromising privacy.

Oshyn is a Sitecore, Adobe, and Optimizely partner and can help you find the CDP solution for your business. From DXP development to digital marketing integration, we can expand your marketing team’s ability to realize its vision and unlock value.