profile

Analytics Playbook by Dana DiTomaso

Just because GA4 says something is right doesn’t mean it’s right

Published 3 months ago • 3 min read

Hey Reader!

I'm seeing a pattern in consent management configuration audits that's becoming a concern. People check the Consent Settings in the GA4 admin, see that signals are being received, and assume everything's configured correctly. Unfortunately, receiving signals doesn't mean your configuration is actually working correctly.

This matters because you could be violating GDPR right now without realizing it.

Let me walk you through an example. Sites set their default to opt-out for people in the European Economic Area (as you should), but when I actually test the configuration with a VPN set to an EEA location in an incognito browser, cookies are being set immediately when someone visits the site, or they show up after you select “no cookies”.

The only sure-fire way to catch these issues is to test every consent scenario you've configured in your CMP by setting your VPN to different regions. Use incognito browsers when you’re testing to ensure that you’re viewing the site as a brand-new person would. Make sure to open Chrome DevTools and look under Application > Cookies and Network to see what’s actually going on.

I recommend making this part of a monthly analytics check, because all it takes is one developer adding HubSpot to a site without checking with anyone first, and now you're in violation of GDPR. It’s very easy to get out of compliance and it can be a very expensive mistake.

If you haven’t tested out your consent setup before, I have a walkthrough here that can get you started! That’s a free lesson from my Google Analytics Audits course.

If you have questions about testing your consent setup, just hit reply and I'm happy to answer.

Dana DiTomaso

Founder
dana@kpplaybook.com

What ChatGPT's Atlas Browser Looks Like in Your GA4 Data

When ChatGPT released their Atlas browser, I immediately wanted to see how it would impact analytics tracking. We started testing it at Kick Point right away, and I've documented exactly what you'll see in your GA4 data.

TLDR: Atlas shows up as Chrome in your reports, but GA4 cookies don't transfer when people import their Chrome data into Atlas. This means your returning visitors will show up as "new users" when they switch browsers, even if they've been coming to your site for years.

If your audience includes marketers, developers, or AI enthusiasts, you might see this pattern in your data. I'm watching for unexpected bumps in new users from Chrome without corresponding traffic increases—that's your signal that Atlas adoption is happening.

Read my complete guide on what to watch for →

Articles Worth Your Time
———•

A Walk Through 25 Years of Google Ads Evolution

Ginny Marvin, Google's Ads Product Liaison, published a thoughtful retrospective on 25 years of Google Ads that I included because partly I can't believe it's been 25 years! But what I appreciate about this piece is how it connects the historical context to where we are now.

I think Ginny does a good job of explaining from the Google perspective why the job of managing ads has changed from tactical execution to strategic guidance. The fundamentals of marketing haven't changed, but how we work definitely has.

Making Sense of First, Second, and Third-Party Data

Maryna Semidubarska at Stape published a comprehensive guide to customer data analytics that I included because there's real confusion out there about what first, second, and third-party data actually means, and which types you should be prioritizing.

What I find valuable here is the practical breakdown of how to collect, store, and use customer data while staying privacy-compliant. The guide covers everything from obtaining clear consent to implementing server-side tracking.

This matters because privacy regulations aren't getting simpler, and first-party data is becoming your most critical asset. If you're still heavily relying on third-party data or haven't upgraded your tracking infrastructure, this guide gives you a roadmap for what needs to change.

When Thoughtless Code Creates Surveillance Networks

Juliana Jackson reached out to me last Wednesday with something alarming while checking her Google Search Console: random people's private ChatGPT prompts were showing up as search queries in her analytics. We're talking about deeply personal conversations appearing in her data because of a prompt box on OpenAI's site.

I included this because it's a perfect example of thoughtless code creating unintended consequences. If Juliana's seeing this in her data, thousands of other site owners are too.

Juliana asked me for my thoughts on this, and it fits right into what I said last week on LinkedIn about how people search now: people use the internet as a conversation engine now, not a search engine. These weren't search queries—they were private conversations that people thought were confidential. The fact that they're leaking across the internet into random people's analytics shows how surveillance infrastructure can be created through incompetence.

Where You Can Find Me
———•

Join Me at ConvEx by VWO

Later this month I'll be leading a workshop on the Insights track at ConvEx by VWO. I'm still working on the outline, but the workshop will be part of the Insight track (no big surprise there!).

Registration is free, so this is worth checking out. More details coming soon!

That's it for this edition of The Huddle. As always, if you have questions or want to share what you're working on, just hit reply!

Want more? You got it!

📈

Practical GA4

Sign up →

📘

Free Resources

Get yours today →

🛠️

GA4 Workshops

Level up in GA4 →

Was this email forwarded to you? Sign up here!

PO Box 68171 RPO Bonnie Doon Shopping Centre, Edmonton, Alberta T6C 4N6
Unsubscribe · Preferences

Analytics Playbook by Dana DiTomaso

Get the skills, strategies, and resources you need to prove your value.

Analytics Playbook gives you the analytics skills you need to land more clients, level up your career, or make smarter marketing decisions. Get bi-weekly insights curated by analytics expert Dana DiTomaso. Each issue includes expert tips, must-read articles, and free resources, all designed to help you take action and see real results.

Read more from Analytics Playbook by Dana DiTomaso

Hey Reader! Way back in 1996 I had to take one statistics class as a part of my geography degree. I never thought that I'd be using it again, 30 years later, but here we are! A client wanted to know if we can predict how many appointments they'll book based on their website traffic. The answer is yes, and yes it did involve stats, but it really wasn't as bad as I thought it was going to be. I started with two columns of data: website sessions per week and booked appointments per week. I then...

about 10 hours ago • 4 min read

Hey Reader! I've been thinking a lot about a situation that’s been coming up lately in conversations with clients and leads, and that’s diagnosis before investigation. Here's what I mean. At some point you'll have a situation where someone on your team (or a client, or a stakeholder) sees a number that looks wrong and immediately wants to fix it. Traffic's down? Let's redesign the homepage. Conversions dropped? Must be the new checkout flow. Engagement rate tanked? Time to rewrite all the...

14 days ago • 4 min read

Hey Reader! How do you listen for listenable events on a website you can't see, even with a VPN? That's the challenge I was working through last month, and I came up with a solution that might help some of you facing the same issue. First, I created a trigger in Google Tag Manager that listens for any event at all. It's a custom event trigger with an event name of .* (and make sure to turn on regex matching). Then, for your tag, it will look like this: This way you can see all the possible...

28 days ago • 3 min read