Privacy-Centric Data Collection — Getting The Most From Every Event With Piano Analytics

Nicolas Hinternesch
5 min readJan 16, 2024

--

When users navigate digital products, they can be in a fluctuating state between varying levels of tracking consent. Each consent scenario needs to be respected and will have a direct impact on the technology that can be used for said event (Cookies? No cookies?), the data collected for said event (Event data? Session data? UTM data?), and the meaningful analysis that can be applied to said event. Consent modes are used to configure Piano Analytics in a privacy-compliant way, while still extracting the most value possible from each single event. This will allow you to maintain a full view of your data, interpret it correctly, and apply it to make meaningful business decisions towards your organizational objectives in a privacy-first environment.

Privacy-Centric Data Collection, Emojis

Understand And Deploy Consent Modes

The standard consent modes for the audience measurement purpose in Piano Analytics allow you to control the events and properties collected, the cookies utilized, and the value of two consent-related event properties visitor_privacy_mode and visitor_privacy_consent. The latter two properties will simplify debugging and allow you to apply proper additional treatment later on in line with your data governance strategy.

Standard Consent Modes

  • Opt-in → full consent | 1st party cookies | session-, user-, and event-data
  • Exempt → consent-less | 1st party cookies | session-, user-, and event-data
    * This configuration is based on an expressly issued ePrivacy exemption for audience measurement and relies on a specific configuration. It allows you to regain full visibility into previously lost pre-consent visitor data and to connect the pre-consent data with full consent data after opt-in via Hybrid Measurement.
  • Extended Opt-out → consent-less | cookie-less | full event-data
  • (Opt-out → An alternative to the extended opt-out. All events will be completely anonymized and excluded from regular analysis. Only a simple event counter and the reason for the exclusion will remain.)

A full breakdown is available in the documentation and you can find a guide on how to align your CMP and purpose limitation with the Piano Analytics consent management in the Help Center.

In the implementation, the consent mode should be set properly for every single event, depending on the consent status at the moment when the event is being generated. The configuration of the Consent feature happens in a global variable window.pdl before the SDK is loaded. After following a few prerequisites, the default consent mode can be set using window.pdl.consent = { defaultPreset: {PA:'opt-out'}};. When a user modifies their state of consent, likely after an interaction with your CMP communication or cookie banner, you can set the new consent mode using pa.consent.setMode('opt-in'); .

The current mode will be stored in a _pprv cookie and will be used on all events until it is modified, or until the cookie is deleted. The consent state information is also added to every single event, which you can access directly for debugging purposes via Tag Inspector in the browser or via Stream Inspector for cross-platform debugging.

Consent mode information as event properties in Tag Inspector and Stream Inspector

These are just the very basics as they relate to the purpose of audience measurement. Of course, you can also customize the default consent modes, create your custom consent modes, and integrate a unified consent management across the entire Piano stack, in case you are also using the Activation tools of the Piano platform.

Collect, Process, Analyze: The Right Amount Of Compliant Data For Each Event

Consent modes directly determine the amount of data being captured — or not. The solution is configured in a way that it extracts the most value from each state.

Piano Analytics Data Collection Per Consent Mode

The resulting data can now be integrated in your big data stack as well as analyzed and reported on with the Piano Analytics interfaces and APIs. While analysis examples are endless, it is important to note that Piano Analytics allows you to flesh out consistent and reliable reporting that is firstly aligned with your business objectives and secondly meaningful given the data constraints that come with respecting the consent modes.

A first example could be assessing how much data has been collected in which consent context. Continuous awareness of this trend allows you to interpret the data in your reporting correctly and potentially infer actions to improve implementation and design of your consent banner strategy.

Piano Analytics Interface

You can use built-in anomaly detection and real-time alerts to stay on top of user consent fluctuations and identify patterns with automated contribution analysis. For instance, Piano Analytics applies machine learning to point out whether there are different consent tendencies across specific traffic sources, geographic regions, or contents of your product.

In terms of possible analysis, Piano Analytics allows you to leverage the full spectrum. From a high-level event-based dashboard for 100% of the traffic in a cookie-less context — to more sophisticated analyses like pathing, funnels, conversion analysis, and attribution modeling, which all require consented 1st party cookies to yield session- or user-level information.

Piano Analytics Interface
Cookie-less Analytics Dashboard
Piano Analytics Interface
Custom Funnels, Attribution Modeling

Bottom line

Respecting data privacy and maintaining data quality are not mutually exclusive. Once configured correctly, the data from the varying consent scenarios cohabitates. It is collected, processed, analyzed, and reported on in a single unified analytics platform, which is built on a privacy-first collection- and processing-architecture. As buzzwordy as it sounds, the privacy-first notion is deeply rooted in Piano Analytics’ core and is reflected in the continuous maintenance of excellence in three key areas when it comes to addressing regulatory requirements across regional markets: The processes, the people, and the technology.

— If you have questions, clever suggestions, or if you’re simply up for talking analytics: Feel free to reach out.

--

--