A/B Testers: Time to Fix Your Post-GDPR Privacy Policy

A/B Testers: Time to Fix Your Post-GDPR Privacy Policy

Always be up to Date subscribe to updates - April 11, 2018

Right now, most of our customers run experiments on their websites without giving their visitors much notice.

Under GDPR: this should change.

This article details how—using Convert Experiences as an example.

Warning: Not All A/B Testing Tools are Equal

At Convert—we altered our software to take privacy by design into account. And in our software’s default setting, we eliminated the storage of any personal data point.

That means we don’t store: IP’s, Cookie ID’s, country, region or city data, transaction IDs or order IDs (making us the most privacy oriented testing tool on the market).

Sans jargon—that just means your A/B testing, doesn’t require data that could determine the website user.

The cookies we place are first party cookies, set in the domain name of the customer, and they don’t rely on User ID. The software doesn’t store personal identifiers, and, after doing the statistical research, we’ve found—web activity can’t be connected to a site visitor.

What the software does is to determine results is: make a random change for an audience group, and then, en masse, count how many users took an action, and how many did not.

The “buckets” visitors are counted in, to perform these actions, are large. Warnings are given when groups are becoming very small, as to avoid potential user identification.

While all this certainly makes compliance a lot easier—ignoring GDPR is still not a good idea. We suggestion you update your privacy policy and add a cookie policy.

What do the Privacy Experts Say?

After the revisions to our software, we asked some privacy experts what the think. If you’re running Convert Experiences–what adjustments should you make?

“If you are not collecting any personal data at all, including IP addresses, and the data you collect can in no way identify or be used with other information to identify an individual, then I don’t see a problem and the GDPR or ePrivacy Regulation would not apply. However, if the pages you are split testing have any contact information, i.e., email address, opt-in form, or phone number, then I think the pages being tested should have a website privacy notice to comply with global privacy laws. A properly drafted privacy notice or disclosure solves most problems when collecting personal data. Collecting personal data is not a problem if you disclose it properly. Even if you think you are not collecting personal data with the A/B testing, just insert a short provision in your privacy notice covering the information collected from the A/B testing to make sure.” – James Chiodo CEO of DisclaimerTemplate.com

 

“New legislation including the GDPR and ePrivacy Regulations puts the control over personal data firmly back in the hands of the individual data subjects. This means businesses need to step back and think about how they have been using personal data and what changes they need to achieve compliance. One option is to collect consent but smart marketers will avoid processing personal data by using intelligent tools. These will automatically anonymize a website visitor’s identity and do not store personal data. My view is its about careful selection of tools from suppliers who understand and embrace the new legal requirements and making the available tech work for you in your business.” – Sue Edwards MD of www.lawhound.co

When to ask for consent?

We should all care about our visitors privacy and collect only what we need.

To improves users experiences and drives strategic business goals—Convert Experiences does not need to collect much.

But for some settings—you should actively inform users of the tests you’re running. We suggest getting user consent for:

  • Cross domain tracking
  • Universal User ID’s
  • Using long term persistent segmentation
  • Regional and City targeting
  • Using cookies and Javascript for audience information
  • Using very detailed user-agent targeting

Other A/B testing tools?

If you’re using another A/B testing tool, you should really have a conversation with your provider about compliance.

In this article, we’ve detailed some questions you’ll need to ask about your testing software—before GDPR gets instated.

We did a lot to make our tool GDPR friendly—and we haven’t seen other tools on the market, document these steps. In particular, if you’re testing with a tool that offers post segmentation analysis, adding goals retroactively, 1:1 personalization, account based marketing or zip code targeting—you’re hinting at, or clearly using personal data. A lot of personal data. And you’ll want to hire a privacy expert for an assessment.


Originally published April 11, 2018 - Updated May 15, 2018

SUBSCRIBE TO OUR NEWSLETTER

Signup to our monthly newsletter to get the best of our content with the latest
Conversion and A/B Testing resources right in your inbox.

  • 11 Apr, 2018
  • Posted by Dennis van der Heijden
  • 1 Tags
  • 0 Comments

Written by Dennis van der Heijden

Co-founder and CEO of Convert.com passionate in building communities that care. Trying to make that happen inside and outside Convert. I love working with my team to make our A/B testing software better for agencies and e-commerce clients.

LOVE WHAT YOU JUST READ?

Have inspiration and insights you'd like to share with our tribe of testers? Convert is always on the look-out for awesome optimization content. Submit your pitch here and we will get back to you.

CATEGORIES Blogs

[hclightbox id='5' text='Anchor text']