Adobe library, visitor ID (s_fid and s_vi cookies) and GDPR | Community
Skip to main content
M
MFADLP
April 29, 2021
Solved

Adobe library, visitor ID (s_fid and s_vi cookies) and GDPR

  • April 29, 2021
  • 3 replies
  • 3571 views

Hi,

 

I am using Adobe Analytics and I have questions about compliancy with GDPR guidelines.

We now need users to consent before we can track any of their activity on our websites with AA. For that reason we currently prevent the entire library to fire if the user opts out for Adobe or makes no choice.

We are losing most bouncers I guess + all optout visitors. Reporting wise, it is a nightmare and that is why I’m investigating to see if we can fulfill exemption criteria for audience measurement tools described by the CNIL.

My problem is I don’t understand what technical solution Adobe offers for that.

 

I saw a webinar from Adobe French teams on the matter and they said that there are 3 of id/infos we need to anonymize :

  1. Client ID (also referred to as CRM ID I believe)
  2. Purchase ID
  3. IP address

But it is still unclear to me what they suggest on a technical perspective, especially for client ID (which I assumed is visitor id?).

 

My understanding is that prior and explicit consent must be obtained before any activation of cookies, apart from whitelisted & necessary cookies. I don’t think Adobe falls into that category, so I don’t see why I would be allowed to drop visitor id cookies (s_fid and s_vi). But I don't think data collect can work without them.

The solution presented during the webinar seemed to suggest maintaining collect of these ID, but restrict access to it. My understanding is that to be exempted from consent for AA we should not be dropping these visitor cookies at all if a user refuses AA tracking, and not simply anonymize visitor IDs while collecting them.

 

Am I getting it right ?

Am I bound to do block AA library for optout / no choice users or do I have other options ?

 

Thanks

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by yuhuisg

I don't know what that presentation from the Adobe French team was, but I think Client ID refers to a user ID that you obtain from a customer database, hence the "CRM ID" name too. So that is different from Adobe's visitor ID.

It can be argued that Adobe's visitor IDs can be tied back to an individual. In that case, it might be required to obtain consent before you can track your users to AA.

3 replies

yuhuisg
Community Advisor
yuhuisgCommunity AdvisorAccepted solution
Community Advisor
April 30, 2021

I don't know what that presentation from the Adobe French team was, but I think Client ID refers to a user ID that you obtain from a customer database, hence the "CRM ID" name too. So that is different from Adobe's visitor ID.

It can be argued that Adobe's visitor IDs can be tied back to an individual. In that case, it might be required to obtain consent before you can track your users to AA.

    M
    MFADLPAuthor
    April 30, 2021

    I don't think I can post an image but here is the video : https://www.youtube.com/watch?v=ZXZCWjXnWOg

    At 12:39 they present a diagram for AA with target consent exemption. Translation would be something like :

    1) Visitors

    2) Landing on website, AA is active and collects limited data (following CNIL guidelines, said orally)

    3) Users is asked for consent

    4) a) User refuses or does nothing : AA continues to collect only limited data

    4) b) User accepts : AA collects data as usual.

     

    Based on what they said I'm not 100% sure they would refer to CRM ID and not mention visitor ID.

    As said above I’m currently not launching AA when a user refuses /does nothing because I don’t see how limited data collection can be achieve while complying with CNIL guidelines. But I would be very interested to know how I could do that since they display this option.

    mikeetiuPH
    mikeetiuPH
    Level 4
    May 3, 2021

    From what I know, consent is needed before analytics tracking can be implemented (i.e. First-Party analytics). This means that in your privacy policy, make sure to work with your legal team to have a good and clear statement around the CRM ID tracking and tie-up thing you are doing. I suggest that you work with your legal team to determine what's the best thing to do to comply. When it comes to data privacy, technologists usually just get guidance from the legal experts on what is best to do

    Pls. also check if you guys are allowed to collect IP addresses. I believe those should be obfuscated in some territories 

      jantzen_b
      Adobe Employee
      jantzen_bAdobe Employee
      Adobe Employee
      May 24, 2021
      Do any of the answers below answer your initial question? If so, can you select one of them as the correct answer? If none of the answers already provided answer your question, can you provide additional information to better help the community solve your question?
      Terms & ConditionsAccessibility statement

      Loading footer...