From hopelessness to a start-up - even if everyone laughs at you. Here you can find out how the idea for Anogate came about and what motivated me to take the difficult path.
When the GDPR was introduced in Europe in 2018, I already suspected that it would change a lot of things. I had been working in online marketing for almost 20 years by then and remembered all the data "scumbag" I had seen. I also always wanted to know where the limits are, but not to exploit them to the maximum commercially, but to find out what was possible. Accordingly, I have experimented, "played around" and researched a lot over the years. Until the GDPR, it was more or less the "Wild West". So this was possible without any problems - either nothing was regulated or nobody was interested.
That changed with the GDPR. I realised that data protection was slowly but surely becoming part of people's consciousness AND, more importantly, in politics!
Come to stay
The wheels of politics often grind very slowly. Whether it's a law, regulation or directive - it goes through a long process involving many interest groups until something is formulated and adopted. The end result is a compromise that more or less everyone involved has worked out. However, as long as it takes to pass something, it also takes time to bring about changes.
So I asked myself a few questions:
If politicians address the issue of data protection, what consequences will this have for us as an online company?
What would be necessary to maximise compliance with the (new) legal requirements?
What impact would the changes have - and more importantly: what impact would it have if they were not implemented?
Are we processing our customers' data the way I would like my data to be processed?
I quickly realised that there was a lot of work to be done and that the impact would be enormous! In the end, however, I came to the following question: Which way is the least evil?
Against the current
Unlike most people I spoke to about data protection and tracking, I decided to take the difficult route. One of the reasons for this decision was that at my other company - everysize - we noticed a steadily increasing deviation in our reports. The reason for this was declining attribution, partly due to the GDPR - I also published a 7-part series of articles on this in 2020 entitled "Flying blind through online attribution". So we put everything to the test and carried out an all-encompassing analysis and inventory. Our aim was to be able to dispense with cookie and consent layers and thus achieve better tracking.
To do this, we replaced numerous tools & services with European SaaS providers or switched to open source alternatives that we installed on-premise. We analysed and documented all of our data flows and tested various more data protection-friendly tracking alternatives such as Matomo. However, we kept coming up against obstacles. Once, a newly implemented European SaaS tool was bought by a US company and completely migrated to the USA (problem: "Schrems II"). Another time, we were unable to find a replacement for a tool that worked without long-running cookies (problem: ePrivacy Directive). We were also not completely satisfied with some other solutions - either they were significantly more expensive, lacked important functions or were simply extremely unwieldy or even unusable. Another major disadvantage was that the increase in control came at the expense of flexibility and agility.
So after we had implemented numerous improvements from a data protection perspective, I had to realise that going further would restrict us too much. This would be at the expense of our marketing and ultimately cost us sales. So what should we do?
The conflict: marketing vs. data protection
So I did some soul-searching and thought about what goals my two inner selves were pursuing: the marketing person and the data protection advocate.
The marketing person:
I want to draw customers' attention to my offer (a price comparison for sneakers)
I want to check which adverts I need to scale or stop according to various criteria (time, channel, display, etc.)
I want to continuously improve my website so that customers receive the best customer experience. To do this, I need to know which pages (categories, brands, models, products) but also which features (colour, shoe size, etc.) are most relevant and how customers navigate my site to reach their destination or, more importantly, NOT reach their destination.
I want to be able to test new functions to determine whether they have a positive or negative impact and do so in a comprehensible way.
I want to use the best tools to support us in our work.
The data protection advocate:
I want to be as anonymous as possible on the Internet and be able to decide for myself who I make which of my data available to.
I don't want my data to be distributed uncontrollably across dozens of services.
I want my data to be stored as securely as possible.
I hate cookie/consent banners and I will always refuse if it is easy to do so.
The goal: Marketing 🤝 Data protection
When comparing the two positions, I came to the conclusion that they could not be reconciled with the previous means. However, one thing struck me when looking at the goals of the marketing ego: it was not important to me who does what in the INDIVIDUAL. Only the totality of the data collected was relevant to me! With the data protection ego, on the other hand, I always focussed on MY data.
This ultimately led me to the following consideration: If I remove the personal data from the rest of the data, can I live with it both as a marketing person and as a data protection advocate? To put it very simply: If it is ensured that no more conclusions can be drawn about me from the cleansed data, would I mind if the website I visit then records which pages I visit? Admittedly, my first intuitive thought was: "Yes, I would mind." But my second thought was: "Why?" But I could only answer with "That's why!".
This made me realise that this is the compromise that is necessary to bring the two egos together. This means that if I manage to remove the personal data from the data collection or replace it with non-retraceable data, I can fulfil both goals of my egos.
The first of many steps
This was the first step - there was now at least a hypothesis that it might be possible to bring the two worlds together after all. However, as I first had to realise, it was still a very long and rocky road to the finished product. I will report on this in my next article.