Assessment of a Web Analytical Tool – GDPR and ePrivacy Directive

Nowadays, most organisations and businesses use web analytics tools. And in fact, the concern is not the use of these tools, is how they work, since they use cookies or similar technologies require consent before any processing takes place.

Useful? Embed this infographic on your website.


“A web analytical tool refers to a combination of (a) measuring, (b) acquisition, (c) analyzing and (d) reporting of data collected from the Internet with the aim of understanding and optimizing web experience” – Web Analytics Association (2008). 

A web analytics tool provides the ability to analyze sales, track revenue generated by the site, identify exit pages, monitored visitor’s traffic, detect website errors, etc. In other words, it detects what it works, what it is not and what can be improved to maximize results.


Until 25 May 2018, the principal EU legal instrument on data protection is Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Data Protection Directive).

As from 25 May 2018, the Data Protection Directive mean to be replaced by the Regulation (EU) 2016/679 General Data Protection Regulation (GDPR).      

Additionally, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector, translated the principles set out in Directive 95/46/EC into specific rules for this sector (ePrivacy Directive).

On the 10 of January 2017, a proposed regulation has been published to update the above-mentioned Regulation which aims among other things, alignment with the rules set on the GDPR (ePrivacy Draft Proposal Regulation )


The business or organisations providing a web analytical tool – as Data Processors; and, the entities taking the service – as Data Controllers. In case of transfer of data to third parties, you may be in front of joint controllers.


  1. To start, review how you are obtaining consent. See:
  2. Ensure compliance with the Principles for Processing Personal Data. See:
  3. Ensure compliance with the Data Subject’s Rights. See:
  4. Special attention to transborder data flow e.g. where the data is stored? See:
  5. Review the legal obligations of data controllers, data processors and if needed the contractual relationship between joint controllers. See: and,
  6. Check and update or if necessary as for an update of the relevant Privacy Policies.

The lawinfographic of this article aims to provide you with the key points when assessing whether a web analytical tool is compliant with the GDPR and ePrivacy Directive or not. The goal is to help organisations in their route to compliance and also to provide the general public with the necessary knowledge to understand what is and how it works a web analytical tool and the legal requirements for the use of them.

Each lawinfographic has a visual presentation and keywords that will allow comprehending at a glance the main topic. The articles contain several examples and/or references that have been taken from the EU law, regulations, guidelines and opinions on the matter. If you require more information, do not hesitate to consult the lawinfographic sources below or reach me on LinkedIn.


  1. European Data Protection Supervisor Opinion 5 October 2017 –
  2. WP29 Opinion on Purpose limitation –
4.8 (96.67%) 6 votes

Leave a Reply

Your email address will not be published. Required fields are marked *