This week, several large Dutch health insurance companies were all over the news for sending confidential customer / patient data to Facebook (read more here). In short, they deployed conversion pixels (Facebook, LinkedIn, etc..) on their websites, including pages behind-the-login, showing personal medical data.
? Before we continue: new to conversion pixels? Read this excellent piece by Shopify on how the Facebook pixel works.
As the pixel ‘listens in’ on all user behavior, data that most of us would consider to be confidential was sent directly to Facebook. Data included search behavior on medical conditions, medical expense claim forms, etc. Not a very smart move…?
Let’s take another perspective. One could say it is unlikely that these companies, heavily regulated and having sizeable Compliance and Risk departments, deliberately went off track and exposed this confidential data to Facebook. There really isn’t too much benefit for them in doing this. It is far more likely that these companies failed to correctly setup and embed these conversion pixels due to a lack of in-depth digital marketing expertise. Speculative? Yes, agreed. But at least likely.
In its most default form, the conversion pixel tracks all pages on a domain (that is, if you don’t pay attention in Google Tag Manager ?). Not just on the homepage / all public pages, but all pages. So including those you might not want to track people at all, let alone send data to Facebook. Oops…
Here are 3 things we urge you to cover privacy issues when using website conversion pixels.
1. Don’t just fire the conversion pixel on all pages on your domain
What goal are you trying to achieve by using the pixel? In most cases, that would be to retarget leads / prospect customers that visited the public part of your website. In that case: fire the pixels only on those select pages, not all pages on your domain. If you fire the pixel on pages behind a login, make sure you know what data you are collecting and…
2. Explicitly cover conversion pixels in your cookie / privacy policies and make sure to get visitor consent
Ensure you cookie and privacy policies explicitly state what type of data you’re collecting, how you store it and how you plan to use it. Also, make sure you ask your visitors to accept this policy before they enter your website. If you don’t have this in place yet, Google “free GDPR cookie script” and you will find a boatload of tools at your feet. The European data regulation GDPR is just around the corner (coming into force on May 25), so make sure you’re prepared and compliant. Check out this excellent guide by Wired covering everything you need to know about GDPR.
3. Make sure you or someone else knows what they’re doing
The larger the company or the higher website traffic, the larger the risk when using tracking & conversion pixels. Make sure you have access to the technical marketing know-how required to correctly implement, setup and use conversion pixels. Either in-house or through a credible digital agency. Don’t assume your intern or junior online marketeer knows how because they Googled it.
Need help? Let’s talk. But beware, our website uses conversion pixels ?
Björn Brekel
Lead growth hacker @ RevelX
Bringing startup thinking to the boardroom
Road cycling, minimalism and blockchain enthusiast
Related Posts
September 15, 2022
5 Growth Mindset Examples That You Can Use in Your Job Tomorrow
People who believe their success is…
April 22, 2020
Why customer lifetime value analysis is now more important than ever
Over the course of the last weeks we,…