I am using Adobe Analytics and I have questions about compliancy with GDPR guidelines.
We now need users to consent before we can track any of their activity on our websites with AA. For that reason we currently prevent the entire library to fire if the user opts out for Adobe or makes no choice.
We are losing most bouncers I guess + all optout visitors. Reporting wise, it is a nightmare and that is why I’m investigating to see if we can fulfill exemption criteria for audience measurement tools described by the CNIL.
My problem is I don’t understand what technical solution Adobe offers for that.
I saw a webinar from Adobe French teams on the matter and they said that there are 3 of id/infos we need to anonymize :
Client ID (also referred to as CRM ID I believe)
But it is still unclear to me what they suggest on a technical perspective, especially for client ID (which I assumed is visitor id?).
My understanding is that prior and explicit consent must be obtained before any activation of cookies, apart from whitelisted & necessary cookies. I don’t think Adobe falls into that category, so I don’t see why I would be allowed to drop visitor id cookies (s_fid and s_vi). But I don't think data collect can work without them.
The solution presented during the webinar seemed to suggest maintaining collect of these ID, but restrict access to it. My understanding is that to be exempted from consent for AA we should not be dropping these visitor cookies at all if a user refuses AA tracking, and not simply anonymize visitor IDs while collecting them.
Am I getting it right ?
Am I bound to do block AA library for optout / no choice users or do I have other options ?
Pls. also check if you guys are allowed to collect IP addresses. I believe those should be obfuscated in some territories
I don't know what that presentation from the Adobe French team was, but I think Client ID refers to a user ID that you obtain from a customer database, hence the "CRM ID" name too. So that is different from Adobe's visitor ID.
It can be argued that Adobe's visitor IDs can be tied back to an individual. In that case, it might be required to obtain consent before you can track your users to AA.