Legal, Tax, and Accounting March 31, 2020

Should I share analytics with similarweb et al? GDPR/CCPA issues?

Andy Dent @AndyDent

I've got the Similarweb Chrome Extension installed to give me stats on other web pages and got around to trying it on

Which, promptly informed me we were too small to have been noticed but I could give them access to our Google Analytics.

There's also Alexa and Quantcast, based on the obviously-biased Quantcast page

The appeal in being listed is if we are to get on investor's radar, these are standard tools. However, I'm worried about privacy implications if this adds further burden, implies policy rewrites or just abuses our user privacy further.

  1. 2

    I am not a lawyer, but I am an analytics professional who has seen Similarweb alongside professionally-installed analytics data, and who deals with Legal routinely on privacy matters.

    IMO, Similarweb is not useful outside of getting a very rough idea of sites' scales. Think "orders of magnitude" at best.

    Similarweb asking for you to auth GA sounds like an effort on their part to just hoover up more data from your traffic. Not sure what the benefit is to you.

    It's not a direct privacy violation, but there are two things to consider:

    1. It very likely impacts your privacy policy - you would be handing browsing data, with maybe some indirect identifiers, to a third-party. Data transfers to a third party for statistical/measurement purposes are commonplace (Google Analytics itself is such a case) and may already be in your policy, but you might want to think or consult your legal if you really want to transfer that on to Similarweb. (Again, not sure how you benefit from that.)

    2. This seems more like an outside chance, but if you stand to gain financially from sending to Similarweb, that could fall under CCPA's "don't sell my data" protections and require both privacy policy updates and an opt-out mechanism for California users. If Similarweb themselves are the ones who stand to profit from the sale of that data that you transferred, I don't know about the CCPA impact.

    Again, not a lawyer, but in my experience an operator can do what they wish so long as it is spelled out in the privacy policy and users give informed consent. My mental model of investors is that they would be averse to legal risk - which is then closed off by having the privacy policy be accurate of what's happening on the app.

    As an analytics practitioner, however, I would argue that there are plenty of "standard tools" out there, and most of them deliver you more value than Similarweb.

  2. 1

    This comment was deleted 7 months ago.

Recommended Posts