Privacy Regulations and Analytics

Analytics collects user data from some of the resources that it monitors in order to track how users interact with those resources. Tracking user information makes it possible to assess the usage of various applications and sites in order to facilitate decisions on how to improve the user experience. Whenever an organization or software collects user data, privacy and the protection of personal data becomes an issue.

Increasingly, regions like the European Union (EU) and California are enacting laws or regulations to govern how organizations protect users' privacy rights when they collect user data. Regulations vary between regions from non-existent to a strict set of precise instructions.

Currently, the strictest set of regulations is the EU General Data Protection Regulation that comes into effect on May 25, 2018. Only Analytics users in the EU have to follow these strict regulations. Most other regions are likely to have less exacting requirements.

To ensure that all Analytics customers are able to comply fully with privacy regulations, Analytics has built-in features that make it possible to comply with the strictest current regulations.

Because of the differences in regional regulations, Analytics customers need to ascertain what the regulations are in their particular region, and then ensure that they configure the Do-Not-Track option in Analytics to comply with those laws.

Privacy regulations usually specify that organizations protect personal privacy in the following ways: 

How do I comply with privacy regulations?

The following is a comprehensive, although not exhaustive, list of measures that you can implement in order to comply with the strictest privacy regulations. Unless you are operating in the European Union, you are unlikely to have to implement all of them.

To meet strict privacy regulations, you should: 

  1. Establish what privacy laws and regulations are applicable in your area.

  2. Establish what your organization's retention policy is for stored user data, in particular, how long user data will be kept. Some regulations require that you inform the user of the length of time their data will be stored.

  3. Based on what your region's regulations are, configure Analytics to comply with those regulations.

  4. If the region you serve has privacy tracking laws, then obtain users' unambiguous consent before tracking or using their data.

    A good practice is to add a pop-up that appears when the site or software opens. The pop-up contains text to inform the user how their data is used, how long it will be kept and how to opt out of tracking. The pop-up also contains a box for the user to confirm that they consent to being tracked. The language must be plain and easily understood.

    Example text for this pop-up could be:

    This [application/website] records user statistics, such as your user name and Internet Protocol (IP address) in order to improve your user experience and the overall quality of our services. User data is stored for analytical purposes for up to [X] years and is not shared with any third parties.

    Consent is determined by the Do-Not-Track setting in your browser. If you do not want your usage of this application/website to be tracked, you must enable your browser Do-Not-Track setting.

  5. Keep the stored User Data that Analytics collects secure: 

  6. If you are an Analytics customer servicing the EU and there is a data breach, you must inform the EU privacy body within the time period specified in the regulations.

© 2020 VertiGIS North America Ltd. All Rights Reserved.

Documentation Version 1.7