Dave Smyth Studio

Privacy-focused Websites

When we hear the word ‘privacy’, we might think of tracking, cookies or Cambridge Analytica. We might even think of a recent security breach that’s released millions of user’s data into the wild.

Privacy has a different meaning for everyone. But as a website owner, what does a privacy-focused website look like and what do you need to consider to build one?


Let’s start with cookies, the device websites and services use to collect data about how users behave online. They fuel all sorts of online activity, from basic functionality like logging in, to the tracking that underpins the behavioural advertising industry.

Many marketing and analytics tools rely on cookies to function. They track users as they browse the web, then feed that data back to the original service (Google Analytics, Facebook Pixel, etc).

Under PECR legislation, only functional cookies can be set before a user opts-in. Cookies for marketing and analytics can only be set after a user chooses to allow them.

Leaving aside ethical issues around tracking, many websites have a poor approach to cookie opt-in. It’s common to see sites that:

  • Force users to accept all cookies (“By continuing to use this site you agree to our use of cookies...”)

  • Set non-essential cookies before a user opts-in

  • Use dark patterns in cookie banners, making it hard for users to opt-out

Take the MacRumors.com cookie banner, for instance. Once you open the options, it’s not immediately clear which button you need to press to opt-out of cookies:

Screenshot of the MacRumors.com cookie banner: the button text and colours “Save and Exit” and “Accept All” are deliberately misleading.

Data and (vanity) metrics

Site owners and marketers have grown used to being able to access an endless stream of data about users. This is a by-product of several factors:

  • The metadata devices/apps broadcast and collect about users

  • Old technologies and approaches that are now baked into modern systems

  • Humanity’s seemingly insatiable desire for data

Much of this data is collected without user’s awareness or consent. The spy pixels that our emails contain are a great example of this.

To enable read receipts in email, services embed a tracking pixel that can report:

  • When a user opens an email

  • Where they were when they opened it

  • How many times they opened it

  • What device was used to read it

  • The links a user clicked in the email

  • How many times each link was clicked

Users are rarely told about this data collection, let alone given an opportunity to opt-out. If they unsubscribe and revisit an email, the data collection continues.

What’s surprising is how relatively unknown this is outside the tech and marketing worlds. Especially as email addresses are so intrinsically linked to their owners.

Prioritising useful metrics

This data is collected to track two email statistics:

  1. Open rates

  2. Click rates

Given the increasing number of services that block tracking pixels, click rates are the only useful indicator of engagement – data that can be collected without building a logbook of every recipient’s email behaviour and location history.

This data collection in emails is representative of other areas: it’s collected because it’s available. After tasting this forbidden fruit, it can be hard to kick the data collection habit.

If we’re serious about pursuing privacy-friendly choices for users, we have to question the data we collect and why.

Which metrics are useful to us? How can we collect this in a manner that doesn’t invade our users’ privacy?

Website data collection

Email is a good example of unnecessarily broad data collection because it combines:

  • A lack of awareness about the surveillance taking place, especially amongst users (the surveilled)

  • A widespread and ongoing privacy-invasive practice

  • A collective pursuit of a low-value data (open rates)

  • The limitations of old web technology (the pixel can’t be removed when a user unsubscribes)

But we can bring this thinking back to the websites we run.

For instance, Google Analytics has been the dominant analytics service for many years. It’s free, powerful and easy to install, but not without issues:

  • It requires cookies to work

  • It’s complex software

  • Visits won’t be collected for users of ad-blockers or certain browsers

  • The data feeds the surveillance capitalism model

Alternative analytics

In truth, many sites don’t need the level of detail or tracking that Google Analytics provides. Alternatives like Fathom (referral link for a $10 discount) makes more sense for site owners concerned with privacy because it:

  • Offers the information they need (page views, unique page views, referrers, goals)

  • Doesn’t set cookies or track users

  • Collects more data (not blocked by ad-blockers or browsers)

  • Is financed by actual money, not user data

Another example would be the Facebook Pixel. It’s promoted as a way to optimise ad campaigns: it tracks users and sending the data back to Facebook.

Facebook use the data to inform advertiser’s campaigns and refine behavioural data they collect about individuals, with the ultimate goal of selling more ads. To give you an idea of the scale of data fed back to Facebook through these services, here’s a chart from the UK Competition & Markets Authority’s “Online platforms and digital advertising” market study in July 2020 (Figure 2.3, p50).

Graph from the CMA report showing that Google and Facebook collect more data from third-party sources than from users engaging with their products directly.

In other words: Facebook collects most of its data from third-party websites.

But it’s possible to optimise ads in a privacy-focused way by including referral attributes in campaign links or sending users to unique landing pages. Both of these techniques allow site owners to assess the effectiveness of ads without sending the data back to Facebook.

And for site owners looking to retarget users, mailing lists are a great privacy-focused option. Mailing lists let organisations market:

  • Straight to a user’s inbox

  • To an audience they know is interested

  • Without tracking users

Ultimately, there are often privacy-focused ways to achieve the goals we’re told can only be achieved by tracking users. It doesn’t have to be that way.

Data protection by design

Aside from the metrics we follow, we also need to consider the data we collect. By collecting only necessary data, we build trust with users, reduce exposure to data breaches and improve our website’s user experience (UX).

A good example of this is a mailing list sign-up form, where it’s common to see websites asking for unnecessary information. The form needs to collect the user’s email address: everything else is optional.

If we decide we need to collect other information about a user, we should ask ourselves how important it is. Do we need to know their:

  • First name? Possibly useful for personalisation.

  • Last name? May not be necessary in many situations.

  • Date of birth? Unlikely to be useful outside for many types of site.

Whatever the data, we need to weigh how useful the information is against the impact it has on UX and the additional responsibility of storing that information.

A privacy-focused site would also:

  • Hold data for the shortest reasonable time

  • Delete data that’s no longer needed

  • Where possible, exclude personal information from backups

The privacy-focused approach

Running a website in a privacy-focused manner is a mindset rather than a set of requirements.

Privacy-focused sites follow at least some of these principles:

  1. Value useful data over vanity metrics

  2. Use cookie-less services where possible

  3. Add third-party integrations from companies with a strong privacy track record

  4. Only collect necessary data and delete it when no longer needed

  5. Make it clear what cookies are being used

  6. Don’t set cookies before a user opts-in

  7. Make it easy for users to reject tracking or opt-out (emails, cookies, etc)

Privacy is a broad topic. Taking a privacy-focused approach to building a site needs planning and care, but there are lots of benefits to this approach.

Designing privacy into a site reduces exposure to data breaches: you can’t leak what you haven’t collected. But there are clear UX benefits, too.

In some cases, these approaches might mean a site doesn’t need a cookie banner. Forms will be shorter and users are less likely to think, “why do they need to know [X] about me?”.

Then there’s performance: marketing scripts are famed for making sites slow. Reducing or removing these keeps sites zippy, which is also good for SEO.

Cookie-less analytics can collect more of the core data you need. As cookies and other trackers aren’t blocked, you’ll have a better idea of your site’s traffic, referral sources and page conversions.

Reducing your site’s reliance on Google and Facebook is good for business. As Rand Fishkin wrote, they aren’t reliable in-your-corner partners.

Google famously kills off projects at an alarming rate. Facebook tout themselves as the champions of small business but that’s a thinly-veiled cover for protecting their core business model.

Building a business without relying on Google and Facebook increases the business’ resilience. If you need to use their services, you’ll be in a much stronger position to make the best of them.

And finally, taking a privacy-focused approach creates trust with users. Each change is a small step, but the combined effect is likely to be a fast site without many of the UX issues typical of sites that utilise privacy-invasive practices.