Table of Contents

What is cross-site tracking?

What is cross-site tracking? Is cross website tracking allowed?

In this post, we’ll explain what cross-site tracking is and how privacy laws regulate it.

Cross-site tracking: what it is and how it works

Cross-site tracking refers to the activity of tracking across multiple websites. Websites that have enabled third-party trackers can share the information they collect about their users with third parties.

To understand how it works, let’s take social media widgets as an example.

Websites owners add social media widgets to increase the shareability of their content and get useful analytics. However, at the same time, they send back information to platforms such as Facebook, Twitter, or LinkedIn. That’s because social media widgets act like pixel tags, short snippets of code embedded within tiny images.

What’s the purpose of website tracking?

Cross-site tracking can have multiple purposes.

First, it can make your online experience effortless and overall better. Let’s take social media widgets again: if you run into an article you like, you just need to click the widget to share it.

Trackers can also gather details about your online activity to show you things like personalized ads. This type of cross site tracking isn’t inherently bad, but it needs regulating.

That’s where data privacy laws, such as the GDPR, go on stage.

🔒

More on data protection

This article is a part of our series on data protection. Read also:

👉 What do cookies track?

Cross-site tracking and the GDPR

When it comes to the usage of trackers in the European Union, two privacy laws apply.

The first one is the ePrivacy Directive – also known as Cookie Law. It requires that every website or app owner who uses trackers should disclose it in a cookie policy and block trackers from running if users’ don’t grant their consent.

The second one is the GDPR. Though the GDPR doesn’t specifically mention trackers, trackers do process personal data in most cases. Here’s s why the GDPR record-keeping requirements apply. Moreover, most Data Protection Authorities across the EU have aligned their rules about trackers and cookies to GDPR requirements.

Does your website use trackers? Here are 4 actionable steps to comply

So, the usage of trackers is generally allowed, but you need to take a few preventive measures first.

These steps will ensure that your activity is lawful and avoid hefty fines.

Add a cookie policy and a cookie banner to your website/app: you need to inform your users that you’re using trackers. Be sure to mention which ones, the purpose, and which third parties are involved.
Block trackers from running before you’ve obtained your users’ consent: you’re not allowed to install cookies unless you have your users’ consent, though there may be some exemptions regarding your website’s functionality.
Collect consent in a lawful way: consent must be freely given, specific, informed, and based on an explicit affirmative action. Many EU Data Protection Authorities have released guidance on trackers, including advice and recommendations on valid methods to obtain consent.
Keep records of consents. You need to be able to demonstrate that your activity was 100% lawful, so you need to keep detailed records.