Website tools and features are not like your kids… it’s ok to choose favorites. More importantly, as better tools come along, it’s ok to kick the old ones out and adopt the new ones. Again, the tools, not the children.
Not only is it ok, it’s an important change to make for several reasons:
- Certain tools subject your website to privacy laws – Tools that collect Personally Identifiable Information (PII) or track users can subject your website to a variety of privacy laws. This will increase the time, cost, and effort required to achieve compliance and can even subject your site to fines and lawsuits. For example, if your website doesn’t have any cookies then you may not need a cookie consent banner.
- Some tools violate privacy laws – Some common tools have been deemed non-compliant with certain privacy laws. For example, courts have ruled that the previous version of Google Analytics violates the General Data Protection Regulation (GDPR).
- Privacy is a competitive advantage – With privacy becoming more important to consumers, features that have been long-time favorites for web builders are starting to be replaced by more privacy-friendly alternatives – all in an effort to make users more comfortable. For example, tracking users without their permission to send them targeted ads, is so, 7-privacy-laws ago.
Before we dive into some common features that aren’t so privacy-friendly, we should first explain what factors make for a better, more privacy-focused alternative.
Table of Contents
Factors to consider when choosing privacy-focused alternatives
- Discuss cost. You may have heard the saying, “If something is free, you’re the product.” There’s certainly some truth to this when you look at the more privacy-invasive tools out there. They’re often free because they can make money off your website visitors’ data. Privacy-focused options may cost some money (even though they’re usually very affordable or competitively priced) because they aren’t selling personal data.
- Does the tool collect PII? Collecting PII like names, emails addresses, IP addresses and phone numbers isn’t always a bad thing, but a privacy-focused tool should only collect the PII that’s necessary for the task, nothing more.
- Does the tool place cookies on your website? You may be surprised just how many features will place a cookie on your website to track users (even though that’s not what the tool’s main purpose is).
- Where does the tool store data? Some countries offer more privacy protections than others. If a country doesn’t have many laws in place protecting people’s data, it might not be a good one for tools to store/share their data with.
- Does it perform as well as more privacy-invasive tools? Don’t forget, you have a business to run. So you’ll want to make sure a new, privacy-friendly tool offers all the features you needed from the old one.
- Has the company been sued or fined for privacy law non-compliance? Do a quick search to see if the company has been sued or fined for data breaches or privacy law violations recently. Everyone deserves a second chance, but maybe don’t volunteer to be the first to see if they’ve changed their ways.
- Have their privacy claims passed scrutiny (i.e. are their privacy claims true)? Has the product/service been approved by an attorney or an organization like the International Association of Privacy Professionals (IAPP)? Also, some products claim to be compliant with all major laws, but then don’t even have a Privacy Policy in place. This is a massive red flag for most tools.
Privacy-focused alternatives to common tools
Product #1: reCAPTCHA
Purpose: Security – reCAPTCHA is used to keep malicious software from engaging in activities on a website.
Pricing:
Essentials package – Free up to 10,000 assessments per month
Standard package – Free up to 10,000 assessments*, $8 for up to 100,000 assessments per month
Enterprise package – Free up to 10,000 assessments*, $8 for up to 100,000 assessments per month, then $1 per 1,000 assessments
Privacy Problem: reCAPTCHA (even v3) is not compliant with privacy laws like GDPR automatically. That’s because it is designed to collect and track data in a way that’s invisible to website visitors. This lack of transparency is what makes it non-compliant with major privacy laws by default. While there are extra steps you can take to make reCAPTCHA compliant, Google has been known to only make privacy changes when it has been ‘caught,’ instead of aiming for privacy best-practices from the start.
Privacy Friendly Alternative: Friendly Captcha
Purpose: Protect websites and online servers from spam and abuse.
Pricing:
Starter package – €9 per month (up to 1,000 requests per month)
Growth package – €39 per month (up to 5,000 requests per month)
Advanced package – €200 per month (up to 50,000 request per month)
Enterprise package – Custom pricing (unlimited request per month)
Privacy advantage: Friendly Captcha does not track website users or store their data to perform its security duties.
Product #2: Google Analytics
Purpose: To track customers across devices and platforms to give you a better understanding of their customer journey and behavior.
Pricing: Free
Privacy Problem: Google Analytics was found to be non-compliant with GDPR. That’s because it transferred the data of residents of the European Union to the United States and then made that data available to certain U.S. intelligence agencies (NSA, CIA, etc,). Similar to reCAPTCHA, Google claims that Google Analytics 4 (GA4) is now GDPR compliant, but it’s not 100% clear whether or not this is true. Future cases and enforcement actions should tell us whether GA4 is actually GDPR compliant.
Privacy-Friendly Alternative: Fathom Analytics
Purpose: Protect websites and online servers from spam and abuse.
Pricing:
Numerous tiers based on website size, but it starts at $15/month for up to 100,000 users
Privacy advantage: Fathom Analytics still allows for websites to collect information about user behavior, but in a way that’s GDPR compliant. It promotes privacy first and doesn’t share or store data that isn’t essential to its service.
Product #3: Google Fonts
Purpose: Google Fonts offers websites with a massive catalog of fonts to choose from.
Pricing: Free
Privacy Problem: Google Fonts was found to be non-compliant with – you guessed it – GDPR. That’s’ because Google Fonts was collecting people’s IP addresses without having a specific reason (legal basis) to do so. Laws like GDPR prohibits the collection of this type of data unless a legal basis applies.
Privacy-Friendly Alternative: Self-hosted Google Fonts
Purpose: Google Fonts offers websites with a massive catalog of fonts to choose from.
Pricing: Free
Privacy advantage: The key to making Google Fonts a privacy-friendly solution is to download the fonts you want and host them directly on your website. This will allow you to still access Google Fonts’ impressive catalog, but will no longer share user IP addresses with Google.
Product #4: YouTube
Purpose: Video is an excellent resource and YouTube is the largest video-hosting website in the world.
Pricing: Free
Privacy Problem: Embedding a video directly from YouTube onto your website will share data (IP addresses) with YouTube.
Privacy-Friendly Alternative: Host locally (best) or use ‘youtube-nocookie.com’ with any embeds.
Purpose: Avoids letting YouTube add cookies to your website. While hosting the video directly to your website, some website owners have concerns about that slowing down their site. That’s where youtube-nocookie.com comes in handy.
Pricing: Free
Privacy advantage: Activating Privacy-Enhanced Mode will prevent embedded videos from collecting IP addresses from your website users. It only requires a few extra steps in the settings and will help you: A) protect your users and B) avoid having to add YouTube to your cookie consent banner.
Product #5: Vimeo
Purpose: Vimeo is another popular video-hosting website for business owners. The embedding process is easy for most website builders.
Pricing: Free
Privacy Problem: Similar to YouTube, Vimeo collects user data unless certain measures are taken (see alternative below).
Alternative #5: Host locally or Vimeo’s “?dnt=1”
Purpose: Same with YouTube, the best option is to download and store the video on your website, locally – but Vimeo’s ‘?dnt=1’ is next best. This small code allows website users to still embed videos onto their website but in a more privacy-friendly way. By adding “?dnt=1” to the end of an embedded URL, Vimeo will no longer track those who watch it.
Pricing: Free
Privacy advantage: Data is no longer unnecessarily shared with Vimeo.
Product #7: Google Maps
Purpose: To help website users find your business.
Pricing: Free
Privacy Problem: Embedding Google Maps into your website will allow Google to access data from your website users (like IP Addresses).
Alternative #7: Screenshot & Address
Purpose: The primary purpose of Google Maps is to get a rough idea of where your business is located. Downloading and posting a screenshot of your location will still help users see where your business is located.
Pricing: Free
Privacy advantage: By downloading the image and hosting it on your website, you will no longer be sharing user data with Google. Also, if users still want to go to Google Maps to zoom in/out, you can provide your address with a hyperlink to Google Maps. That way your website is no longer responsible for sharing data to Google Maps directly.
Conclusion
We get it, website tools exist for a very good reason. They help your business grow and provide helpful services to your customers. We’re not saying you should throw them all in the trash to prevent any data from being collected or shared.
All this blog is designed to do is let you know that most tools out there have a privacy-focused alternative. Usually just adding “privacy-friendly” or “Privacy-focused” before your search for a new tool will reveal options. Use our list of things to look for above and do a little digging and it will go a long way to ensuring your website is privacy-friendly for yourself and your visitors.
Thanks for reading!