OP here. In Slovenia we had a well publicised deadline of 15. June 2013 to implement the strict opt-in version of the directive with penalties up to 30.000 EUR if failing to do so. So most sites actually implemented annoying cookie dialogs.
The irony is that most websites can actually avoid using invasive cookies all-together and avoid confusing users with cookie dialogs. That was our strategy when ensuring compliance for our clients and the submitted no-cookie GA library was a part of that.
The words of the law are actually not supporting the spirit of the law, at least when passing data to Google is concerned. Data protection can not be enforced with messing with cookies. EU should focus its influence on ensuring that companies operating in EU (like Google) respect user's privacy - including not passing data to third parties, like NSA.
Good catch. GA added this after we came up with our solution. We are using custom Javascript code that uses Measurment Protocol to send data to GA.
EDIT: Client Id still needs to be generated for Google's Analytics.js. In my experience, the approach we took for that works quite well without using complicated browser foot-printing.
This will not work in the Netherlands (although, see below, the law here might change soon). The law as written in NL prohibits reading data out of a user-device (fingerprinting) when not strictly necessary for delivering the service that was asked for. So getting things like screen-size and browser-name just for identification purposes is not allowed, because you wouldn't need those to deliver the service as requested by the user. Next to that, IP-addresses are under discussion for being "identifiable information", as is already the case in Germany.
Please do take this all with a grain of salt, because not a single website here actually adheres to the current implementation of the cookie-law. The political process has been set in motion to change the law and exempt anonymous statistics from the permission-requirements. This "soon to be exception" is already used by virtually all website and the regulatory agency responsible for enforcement seems to have decided not to make a problem of it for the time being.
I think you're almost completely right on this one. Fingerprinting is allowed as long as it is a functional requirement of the website. What IS - to my best knowledge - unknown (or at least a gray area) is whether you can use a fingerprint created as a functional requirement for statistical purposes as an (double emphasis quote) "afterthought".
Despite EU directive, cookie laws across EU differ quite a lot in terms of how they define acceptable/unacceptable use. I added the following notice to the original text to reflect this:
Use this code (GitHub) to implement client-side Google Analytics without storing data on user's device (cookies, cache, local storage, Etags...). The solution still uses the data from client devices to facilitate user tracking. Please check cookie laws of your individual country to see if you can legally use this approach without user opt-in.
11 comments
[ 24.2 ms ] story [ 33.5 ms ] threadThe irony is that most websites can actually avoid using invasive cookies all-together and avoid confusing users with cookie dialogs. That was our strategy when ensuring compliance for our clients and the submitted no-cookie GA library was a part of that.
Edit: I guess this is what the OP's link is actually using.
EDIT: Client Id still needs to be generated for Google's Analytics.js. In my experience, the approach we took for that works quite well without using complicated browser foot-printing.
Please do take this all with a grain of salt, because not a single website here actually adheres to the current implementation of the cookie-law. The political process has been set in motion to change the law and exempt anonymous statistics from the permission-requirements. This "soon to be exception" is already used by virtually all website and the regulatory agency responsible for enforcement seems to have decided not to make a problem of it for the time being.
Use this code (GitHub) to implement client-side Google Analytics without storing data on user's device (cookies, cache, local storage, Etags...). The solution still uses the data from client devices to facilitate user tracking. Please check cookie laws of your individual country to see if you can legally use this approach without user opt-in.