Dive into the fourth and final episode of our video series with Brian Clifton, a renowned digital analytics and privacy expert. He presents the history of digital analytics, including technologies and mindsets surrounding the analytics industry. The first part is dedicated to the origins of web analytics tools, the second focuses on the increased interest in privacy in data collection, and the third discusses challenges in ensuring proper data quality for effective decision-making. 

In this part, Brian talks about the importance of staying current with technological advancements to maintain proper data quality. He also shares insights into the future of digital analytics, emphasizing the need to balance automation and human knowledge to enhance marketing strategies.

The complexity of data quality in digital analytics

Over the years, many have viewed data collection as a daunting task, particularly for those without technical expertise. However, it has become clear that the real challenge is not gathering data – it’s effectively making sense of it. Analysts must connect a host of data points to extract meaningful insights that drive informed decision-making.

This content is hosted by a third party (YouTube). By clicking the button below, you consent to loading the video.

Poorly collected or noisy data can lead to tricky conclusions, making robust data-cleaning processes essential. Once data quality is compromised, correcting flawed data can be an intensive task and may require starting over from scratch.

“It’s very easy to collect poor-quality data without knowing it’s poor quality. However, it’s very hard to clean it later. Monitoring data quality at the point of collection is crucial for effective decision-making.”

Brian Clifton, Digital analytics and privacy expert

There is a school of thought that businesses should embrace aggregate tracking methods alongside individualized tracking. This dual approach enables organizations to gain insights into overall trends while respecting individual privacy rights, aligning more closely with consumer privacy choices. For those users that grant consent to be tracked, individualized tracking allows for the website to provide a more personalised experience.

Privacy and ethical use of data

As digital analytics has evolved, so has awareness of privacy responsibilities. Analysts now find themselves focused not only on educating data stakeholders about web analytics, but also on their obligations regarding protection of users’ data. Striking a balance between collecting valuable insights and upholding user privacy remains a persistent challenge.

“I think GDPR is the best thing since sliced bread as it has put control in the hands of users, and not with far away and opaque tech vendors. Privacy laws are here to stay, because that is what users want and I believe the US will eventually adopt a federal privacy law similar to GDPR, instead of having fragmented state-level regulations.”

Brian Clifton, Digital analytics and privacy expert

Organizations must navigate the complexities of compliance to avoid severe penalties, including hefty fines and reputational damage. As marketers adjust to these new realities, they must rethink their strategies to rely less on extensive personal data and more on aggregated insights that respect individual privacy.

Adapting to new analytics tools supported by AI

With rapid advancements in analytical tools, now is the time for organizations to reassess their technological stack. By exploring alternatives beyond traditional platforms, companies can better tailor their approaches to meet contemporary analytical needs.

This content is hosted by a third party (YouTube). By clicking the button below, you consent to loading the video.

The role of analysts is becoming increasingly specialized, with AI augmenting human capabilities by enabling faster restructuring and comparison of data. Technologies like ChatGPT have dramatically transformed digital marketing by shifting focus from keyword-based searches to conversational queries. This evolution challenges the traditional role of the analyst, though building insights based on a solid understanding of the data is still key.

“Advanced web analytics isn’t about the tools; it’s about doing the basics very well and applying them in a clever way.”

Brian Clifton, Digital analytics and privacy expert

Making sense of data to drive meaningful change

AI has the potential to revolutionize digital marketing by providing rapid insights through data interpretation. While some jobs may be displaced by automation, AI creates new opportunities by handling time-intensive, complex tasks, allowing analysts to widen their analytical scope for even greater insights.

“There’s huge potential here – not to replace humans but to augment their capabilities with superpowers. AI serves as a smart, always-on, never forgetful assistant. It helps the analyst work faster and more efficiently, even trying new ideas that were previously too cumbersome to explore. The role of the analyst is becoming increasingly more important to businesses.”

Brian Clifton, Digital analytics and privacy expert

The future of digital analytics hinges on building trust and privacy while embracing technological advancements and AI-driven tools. By prioritizing data quality, respecting user privacy, leveraging new technologies, and fostering collaboration among teams, analysts can effectively navigate this dynamic landscape and drive meaningful change within their organizations. 

The post 25 years of digital analytics with Brian Clifton: The real challenge for the future is to make sense of data appeared first on Piwik PRO.

As of January 1, 2025, significant amendments have been introduced, particularly concerning cookie guidelines and user data collection. 

These changes aim to enhance user privacy and align Norway’s regulations with broader European standards, such as the General Data Protection Regulation (GDPR) and the ePrivacy Directive.

Understanding the Norwegian E-Com Act

The E-Com Act serves as Norway’s implementation of the aforementioned EU’s privacy regulations, focusing on regulating electronic communications networks and services. 

A critical aspect of this Act concerns the use of cookies and similar tracking technologies – web beacons (pixel tags) or JavaScript trackers – on websites, mobile apps, and other digital platforms. 

Cookies, small data files stored on a user’s device, are widely used to enhance user experience, facilitate website functionality, and gather data for web analytics and marketing purposes. However, in some cases, this raises concerns about user privacy.

Norway’s new cookie guidelines (2025)

The 2025 amendments to the E-Com Act introduce stricter requirements for obtaining user consent before setting cookies or other online tracking technologies. 

Previously, implied consent methods, such as pre-ticked boxes or reliance on browser settings, were considered acceptable. Under the new cookie guidelines of the E-Com Act, such practices are no longer allowed. 

Consent must now be:

• Freely given: Users must have a genuine choice without any form of coercion or deception.
• Specific: Consent should be obtained for distinct purposes, ensuring users fully know what they agree to.
• Informed: Users must be provided with clear and comprehensive information about the data being collected, its purpose, and who will process it.
• Unambiguous: Consent must be indicated through explicit affirmative action, such as ticking an unchecked box or clicking an accept button, leaving no room for misinterpretation.

Additionally, the scope of cookies that do not require consent has been narrowed. Only those deemed “strictly necessary” (instead of just “necessary” in the previous version of the E-Com law) for a website or service’s basic functionality are exempt from consent. 

This change emphasizes the importance of obtaining explicit, active consent for analytics, marketing, or tracking cookies. 

In addition, companies are to meet the following requirements:

• Classify cookies under categories (strictly necessary, marketing, functional, etc.).
• Ensure users can easily give granular consent, i.e., agree to one cookie category but not the others.
• List the categories and respective cookies in the website’s privacy or cookie policy (this step can be easily automated with a tool like Cookie Information, which updates your cookie policy according to the cookies found during your website’s scan).

Proper cookie categorization on your website is essential to complying with Norway’s updated cookie regulations. These regulations now give authorities tools to easily determine which types of cookies are strictly necessary.

Implications for data collection in web analytics

These stringent consent requirements have significant implications for data collection, particularly in the realm of web analytics. 

Web analytics relies heavily on data gathered through cookies to monitor user behavior, measure site performance, and fuel marketing strategies. 

Under the updated E-Com Act, analytics cookies do not fit into the ‘strictly necessary’ category and require user consent.

With the new regulations in force, you have to bear in mind these crucial aspects of your web analytics:

• Data availability: If users choose to withhold consent for analytics cookies, the pool of data available for analysis may diminish.
• Data accuracy: Without comprehensive data, analytics may not accurately reflect user interactions, potentially impacting business decisions.
• User trust: Transparent data practices can enhance user trust, potentially leading to higher consent rates and more reliable data. 
• Compliance: Non-compliance with the E-Com Act can result in substantial fines and reputational damage.

Therefore, organizations must adapt by implementing robust consent management solutions that allow users to easily grant or withdraw consent.

Impact of the E-Com Act compliance on businesses

The updated E-Com Act 2025 should not be considered another set of business limitations. Despite the challenges associated with stricter regulations, it offers numerous opportunities.

Here are some of them:

Building trust with users

Businesses can foster trust and loyalty by providing users with clear and detailed information about data collection practices. A privacy-centric approach can differentiate your organization from competitors who don’t comply with the new consent requirements and strengthen customer loyalty.

Future-proofing against regulatory changes

The E-Com Act aligns with broader trends toward stricter data protection laws worldwide. Compliance now ensures businesses are well-positioned to adapt to future regulations, minimizing disruptions.

Gaining competitive advantage

Adopting compliant analytics tools like Piwik PRO allows organizations to balance privacy with performance. Businesses prioritizing user privacy can market themselves as ethical and trustworthy, appealing to increasingly privacy-conscious consumers.

Improved data quality

While the new consent requirements may limit the volume of data collected, the quality of the data obtained will likely improve. With explicit user consent, businesses can have more confidence that the analyzed data reflects genuine engagement, which allows them to target their audiences more precisely.

Steps to achieve compliance with the E-Com Act

Businesses operating in Norway or targeting Norwegian users should take the following steps to ensure compliance with the newly introduced requirements:

1. Audit your current practices

• Review the types of cookies and tracking technologies used on your website.
• Identify whether you rely on implied consent or collect data without explicit user approval.

2. Implement a consent management platform

• Deploy a consent manager that allows users to give, withdraw, or modify their consent easily.
• Ensure the tool meets the E-Com Act’s requirements for obtaining clear, specific, and informed consent.

3. Update your privacy policies

• Clearly outline your data collection practices, cookie usage, and user rights in your privacy policy.
• Make the policy easily accessible to users on your website.

4. Leverage privacy-friendly analytics 

• Switch to analytics platforms like Piwik PRO that prioritize user privacy and offer robust compliance features.
• Consider using cookieless tracking to mitigate data loss while respecting user privacy.

5. Train your team

• Educate your staff on the implications of the E-Com Act and the importance of compliance.
• Provide ongoing training to ensure your team stays informed about changes in privacy laws.

How Piwik PRO can assist you in complying with the E-Com Act

Piwik PRO Analytics Suite is a privacy-friendly analytics platform that enables businesses to meet regulatory requirements while maintaining effective data collection and analysis. 

Here’s how Piwik PRO supports compliance with the stricter cookie and consent regulations:

Privacy-centered data collection

Piwik PRO enables companies to collect data in compliance with the E-Com Act, GDPR, CCPA, and similar regulations. 

Its analytics platform offers flexible solutions that allow you to adapt to privacy requirements:

• Integrated consent manager: Piwik PRO is equipped with its own consent manager. It also integrates seamlessly with consent management tools like Cookie Information, ensuring users’ consent preferences are respected at every data collection stage. Only the data authorized by the user is processed, supporting compliance with the E-Com Act’s demand for specific and informed consent.
• First-party data focus: Piwik PRO allows you to gather first-party data, which is less intrusive and aligns with privacy regulations. This helps organizations reduce reliance on third-party tracking technologies while improving data privacy.

Enhanced transparency for users

Transparency is a cornerstone of the updated E-Com Act. Piwik PRO simplifies compliance by offering functions that make it easy to communicate with users about data collection:

• Customizable cookie banners: Businesses can create transparent, user-friendly cookie banners that adhere to E-Com Act requirements. 
• Granular opt-in/out settings: Users can consent to specific types of cookies, such as those for analytics or marketing, giving them greater control over their data.

Data protection at every stage

Piwik PRO Analytics Suite is designed to protect user data throughout its lifecycle, from collection to storage and processing. Key features include:

• Data hosting in secure locations: Piwik PRO allows businesses to store data in Europe or other trusted locations.
• Retention period management: Companies can set and manage data retention periods to comply with the principle of data minimization.
• Data anonymization: This feature allows you to respect users’ privacy preferences while gaining valuable insights into their behavior on your website.
• Cookieless tracking: If you want to reduce your reliance on cookies, Piwik PRO enables cookieless tracking, an ideal alternative for companies navigating stricter cookie consent rules.

Conclusion

The Norwegian Electronic Communications Act introduces stricter requirements for data collection and cookie consent, emphasizing the importance of user privacy. 

While these changes present challenges, they offer businesses opportunities to build trust, enhance transparency, and future-proof their operations against evolving regulations.

By leveraging privacy-friendly solutions like Piwik PRO Analytics Suite, organizations can meet the E-Com Act’s demands and gain a competitive edge in today’s privacy-conscious market. 

With features like customizable cookie banners, first-party data, and cookieless tracking, Piwik PRO empowers businesses to balance compliance with effective data-driven decision-making.

Discover Piwik PRO’s privacy-friendly and E-Com-compliant analytics. Create an account or book an individual demo.

FAQ

What is the Norwegian E-Com Act?

The E-Com Act in Norway, which aligns with the European Union’s ePrivacy Directive, governs electronic communications within the country. This comprehensive legislation impacts various aspects of online interactions, including data collection, storage, and processing. 

It aims to safeguard individuals’ privacy and ensure that businesses and other digital entities responsibly handle their personal information.

When did the E-Com Act come into force?

The E-Com Act, with its latest amendments regarding cookies and user data, came into force on January 1, 2025.

What are the new cookie guidelines in Norway?

Norway’s new E-Com Act has updated cookie guidelines, requiring explicit user consent for all but strictly necessary cookies. Websites can no longer use pre-checked boxes or imply consent, and must clearly communicate their data practices. Only cookies essential for core functions are exempt. 

Analytics practices must also comply, potentially requiring consent for analytics cookies or alternative tracking methods. These changes give users more control over their data and require businesses to adapt to maintain compliance and ethical standards.

How must companies obtain user consent under the Norwegian E-Com Act?

The E-Com Act has strict requirements for user consent: it must be freely given, specific, informed, and unambiguous:

• Freely given consent means users have a genuine choice without facing negative consequences. 
• Consent must be obtained separately for each specific purpose. 
• Users must be provided with clear and comprehensive information about the data processing. 
• Unambiguous consent means it must be expressed through explicit affirmative action. Pre-checked boxes or passive methods are unacceptable.

Companies gathering cookies must also list them in their privacy policy and categorize them properly, enabling users to give granular consent, i.e. to accept only some cookie categories while declining others. See the full checklist.

Which companies must adapt to the new cookie guidelines of the E-Com Act?

Any business that operates in Norway or targets Norwegian users and utilizes cookies or similar tracking technologies on its websites and/or mobile apps must adapt to the new cookie guidelines.

How does the E-Com Act impact web analytics?

The Norwegian E-Com Act classifies analytics cookies as non-essential and requires explicit user consent before their deployment. This can lead to incomplete datasets and skewed web analytics reports, as users who decline cookies won’t be included in data collection. 

Businesses operating in Norway or targeting Norwegian users must adapt their strategies by implementing cookie consent mechanisms, exploring alternative data collection methods, or adjusting analytics practices to account for data gaps.

How can businesses comply with the E-Com Act?

To comply with the Norwegian E-Com Act, businesses should take a multi-faceted approach to data protection and privacy by following these steps:

• Conduct a thorough cookie compliance audit
• Implement a consent management platform (CMP)
• Update privacy and/or cookie policies
• Utilize privacy-friendly analytics
• Train staff on data protection
• Consider data processing agreements with vendors
• Stay informed about regulatory changes

By taking these proactive steps, businesses can navigate the complexities of the Norwegian E-Com Act, ensuring compliance and fostering trust with their customers.

How can Piwik PRO help with E-Com Act compliance?

Piwik PRO provides a comprehensive suite of tools designed to assist businesses in achieving and maintaining compliance with various data protection laws, including the Norwegian E-Com Act, while collecting user data. These tools include:

• Privacy-friendly analytics
• Integrated consent manager
• First-party data focus
• Customizable cookie banners
• Granular opt-in/out settings
• Secure data hosting
• Data retention management
• Data anonymization
• And many more

With Piwik PRO’s comprehensive suite of tools, businesses can navigate the complexities of the Norwegian E-Com Act and similar regulations, ensuring compliance while collecting valuable user data.

The post Navigating the Norwegian E-Com Act 2025: How it Impacts Web Analytics and What Steps You Should Take appeared first on Piwik PRO.

As such, we are pleased to announce that a HIPAA (Health Insurance Portability and Accountability Act) compliance assessment extended our SOC-2 Type II audit and was positively approved. This means we are officially HIPAA compliant. In receiving this recognition, we demonstrate our commitment to safeguarding the data we collect and the high standards we have set for ourselves.

What is HIPAA certification

HIPAA certification refers to the process by which organizations comply with the US Health Insurance Portability and Accountability Act (HIPAA). This federal law protects sensitive patient health information from being disclosed without the patient’s consent or knowledge. An external audit examines a company’s adherence to HIPAA rules and evaluates the organization’s controls related to security, availability, processing integrity, confidentiality, and privacy of PHI.

Achieving HIPAA compliance involves several steps to ensure that the organization meets all the requirements outlined in the regulations. These include developing policies and procedures, implementing security measures, and creating a comprehensive business associate agreement (BAA).

If you want to learn more about HIPAA read:

• A review of HIPAA-compliant analytics platforms
• HHS guidance on using online tracking technologies: How to make your analytics HIPAA-compliant
• HIPAA, marketing and advertising: How to run compliant campaigns in healthcare
• The AHA’s lawsuit against HHS guidance on online tracking technologies: What it means for HIPAA-covered entities and their use of analytics

Why HIPAA certification matters

Obtaining HIPAA compliance certification will further enhance our compliance with healthcare data protection standards.

You may also like:

• Piwik PRO meets the SOC 2 standard
• We’re officially ISO 27001-certified!

At Piwik PRO, we are committed to providing healthcare organizations with the most secure marketing platform available:

• We help companies in the healthcare industry meet the stringent requirements of HIPAA regulations and offer our clients informative, valuable, and actionable insights.
• We exclusively partner with select ISO 27001 and SOC2-certified Microsoft Azure HIPAA-compliant data centers.
• We operate following the best data security practices. Clients from industries handling sensitive data, like healthcare, are a prime testament to our expertise. With Piwik PRO, they have the flexibility to either de-identify all PHI in their data or sign a business associate agreement (BAA) to ensure that the collection and processing of PHI and ePHI comply with HIPAA requirements.
• We provide granular data access controls to restrict data access only to authorized personnel. Piwik PRO also maintains detailed audit logs to easily track data access and changes to data collection configuration.

HIPAA certification proves that Piwik PRO Analytics Suite is a verified solution for customers whose policies mandate partnering exclusively with HIPAA-compliant vendors. This certification demonstrates our commitment to ensuring a HIPAA-compliant analytics suite safeguarding Protected Health Information (PHI). Consequently, our future and existing clients can have greater confidence in the security of our data handling processes.

The post Piwik PRO is officially HIPAA certified! appeared first on Piwik PRO.