stendahls-living-analytics-policy.md

WORK IN PROGRESS!! OPEN TO STENDAHLS EMPLOYEES TO CONTRIBUTE TO.

Stendahls policy on ethics and analytics.

Stendahls commits to continuously implement and review an ethical analytics strategy, not aiming for legal compliance, but aiming for an ethical, open and trusting enviroment for our employees, clients and the end-consumers involved in any of our services.

Analytics can be a powerful positive force in understanding and improving customer experience, as well checking misinterpretations and privilege about users and their interaction with our services. It can also provide our clients with a way of understanding and improving the value (both monetary and experiential) of the services Stendahls provide them.

Analytics usage can however also undermine the user's privacy and therefore contribute to an industry-wide breakdown in consumer trust. Stendahls takes responsibility in trying to maximise the positive benefits to end-consumers, without neglecting (or exacerbating) the impact of the negative.

This document exists to allow everyone involved in a Stendahls project to know there should and will be limits to the use of consumer data in analytics. No one at Stendahls or it's clients should need to feel uncomfortable about not doing the "right thing" by the end-consumer, or should need clarification or discussion in judging where that line is. Privacy/trust implications that are either suggested or co-opted (sometimes by simply cutting and pasting a line of javascript into a website) should have clear guidelines so that they can be judged as acceptable or not. As an industry we need to understand that consumers should be protected if they are to continue to have trust in the services we provide.

The following guidelines should be taken as the process to judge the ethical acceptability of any analytics tool or service.

WEB/APP PRODUCTS & SERVICES

In the area of web sites, device apps and services, we aim to:

• Only use analytics tools and services that are compliant with EU GDPR laws.
• Never knowingly take advantage of cross-site tracking. Cross-site tracking and advert re-marketing are key factors in the breakdown of online consumer privacy, and we intend to limit their use where possible (In this case, cross-site means across different brands, whereas moving between physical servers within a single brand experience is not considered cross-site). Abiding by this would mean not using ad-services that carry out off-site re-marketing strategies, or analytics tools that actively present users' experiences across the web, outside of any referral link at the point of entry to a website. We understand that all third party advert or analytics services (eg Google Analytics) inherently track user behaviour and data across many sites - not just ours - but only present data to us for the site we administrate. But until viable analytics solutions arise with guarantees against use of this fact, we can only strive to never take advantage of cross-site tracking ourselves, and select services that claim to effecively anonymise and securely protect user meta-data from third parties.
• Not use analytics tools that have a user journey "replay" functionality (eg hotjar.com), unless they can demonstrate they can effectively anonymise users data as they enter and interact with forms. Replay tools are incredibly useful for interpreting the real-world experience of a website at a scale not available in user-testing, revealing our misconceptions and increasing our empathy for users. However, watching users enter personal details into a form as part of a replay is too high a price to pay for the potential benefits.
• Analytics raw data will not be shared with third parties outside of the team involved in the production of a product or service (including other contractors employed by the Stendahls or the client to work on the project), and will always be shared with a statement that makes the limits of sharing clear to all readers [NB - what should that be? a statement that is on a "cover page" (or similar depending on what doc type) in a certain colour?]
• To evaluate or re-evaluate any new, upgraded or existing tools for their ethical use. If anyone internally or in the public finds a method or service in website partially responsibility by Stendahls that doesn't comply in essence with this policy, please contact xxxxxxxxx and we will investigate, take a decision and inform you of any potential change to the services or the policy that arise.
• Secure connections to analytics services are essential to the privacy of user meta information and prevent it's interception. All anaytics services used by Stendahls and clients should be over a modern SSL connection.
• Personal information will not be transmitted to analytics systems. The definition of "personal" is troublesome, but should be judged as contributing to meta-data that can locate or identify. eg, Transmitting granular location or postal codes for purely analytics purposes is not permitted as it not only locates a user, but can be used to cross reference against other meta data. But transmitting a user's electricity consumption is acceptable because it is not in the public domain and so of limited use to identify a person. [NB - does this reasoning hold up?]
• The use of analytics cookies as storage or indicators will be limited by domain (to prevent cross-site tracking), and have time limits that are relevant only to their purpose, defaulting to a session length unless specific use requires it to be longer.
• Collection of usage and behaviour statistics inside of offline applications that are sent back once they come back online (eg, native apps, service-worker js controlled websites) is accepted as ethical - as long as they abide by all the other policy rules while both online and offline. This may not apply when the user has a clear reason to expect off-line behaviour to be private.
• One loop-hole in many of the above statements is where internal commercial systems are built and/or run on behalf of clients. If users on intranets or internal systems have accepted the terms of use of a private password protected system, the details of their experience and behaviour within the site (even down to tying it to a user id) is within ethical borders.

AD-BLOCKERS

Stendahls policy on dealing with consumers that use advert/tracking blocking software is:

• It's the consumer's perogative to use adblockers if they wish to, and Stendahls should respect that choice. It's Stendahls repsonsibility to test web products in these environments and make sure that the core user experience isn't degraded simply because analytics tracking isn't functioning as expected.
• Work-arounds and pressurised messaging to encourage users to "white-list" a particular site will be judged on a case-by-case basis, but should be judged by a simple criteria - is the core user experience under threat by not being able to track this user?
• Stendahls does reserve the right to measure the basic size of the audience that use adblockers (and so are excluded from normal analytics), if it can be done in an way that does not involve third parties and sends no more than uncookied HTTP header information about the user back to the server.

LIMITS OF RESPONSIBILITY

This policy only covers the use of consumer data in terms of analytics. Collection, transmission and storage of user data for other purposes should be covered elsewhere.

As only part owners of responsibility for the services provided through Stendahls, we intend to uphold this policy as far as we can, by influencing collective decisions and providing ethical solutions. But there is a limit to Stendahls influence in a product, especially as it develops over time or with multiple stakeholders having access to a product. This is - of course - an undefined loop-hole in this policy, but the intent is not to widen the safety-net for less ethical usage, but to provide a realistic check on our efforts to tighten it.

THE FUTURE

The definition of "the right thing" is a moving target as techniques evolve and understanding of their use and mis-use changes. This policy should and will be re-defined in the future, but it (and the products and services produced under it) should be judged on the acceptable limits of the point in time it was written.

LAST EDITED

Feb 2018

This is something I’ve been working on for a couple of weeks - analytics/tracking steps on lots of ethics land-mines and I’m detecting tremors against lots of techniques that might blow up in 2018. There are lots of positive, uncynical, uncreepy reasons to use analytics that we should be able to justify to everyone involved. The flip side of that is that we should understand where the acceptable line is and back up our actions with thought, not just pile on more tracking tools at the cost of user trust.

So I’ve started to write a policy to keep our use of analytics on the “righteous” side. It needs ruthless sub-editing and more input from across the company (as well as a non-web perspective). It could effect (or at least question) some services we use today - but it’s a first draft and a high goal.

I understand that we might not be able to always win an argument against being requested to add x tracking or y tracking (see the para on "limits of responsibility"), but not having any argument to offer is not an option. We need to have a strategy we can get behind to back up our advice to internal teams, clients and users.

To be clear - this is a first-draft that is meant to start the conversation - loaded with my opinions - come at me with your comments (there are no dumb questions or comments, all are welcome) and we can discuss what the company wide policy should eventually be.