Articles
Interviews
Can you collect analytics without user consent? (Iron Brands, Simple Analytics)
Interviews
new

Can you collect analytics without user consent? (Iron Brands, Simple Analytics)

Published  

3/31/2025

8
min read

Published  

March 31, 2025

by 

Thierry Maout

10 min read
Summary
In our interview series, we meet with data privacy leaders from various industries, learning about their experiences, projects, and opinions.

Do you have an interesting perspective you’d like to share? Contact us at blog(at)didomi(dot)io.

Iron Brands is the co-owner of Simple Analytics, a privacy-first alternative to Google Analytics based in the EU. The company is focused on providing the most analytics value possible for its customers without invading the privacy of users tracked on its platform. 

We sat down with Iron for a fascinating conversation about what it means to run a privacy-first company, how analytics and privacy can co-exist, which organizations can benefit from privacy-first analytics, and how much analytics data can be collected without consent.

Building a privacy-first company and product

Starting our conversation, Iron explains how he joined Simple Analytics and how the company’s privacy-first approach shapes everything they do.

How did you get involved with Simple Analytics, and what drew you to privacy-focused analytics?

Iron Brands: I met Adriaan [van Rossum, founder of Simple Analytics], and he told me about this privacy-friendly analytics tool that he built as a competitor to Google Analytics. 

I didn't have any appetite for privacy before I met Adriaan, but it is really built into him as a person, and I got so much respect for him taking on Google Analytics that it felt like something I wanted to be part of to help him succeed.

How does being privacy-focused impact your approach to business?

We operate with complete transparency. We don't do ads, cold emails, or use Google's ecosystem. It makes my job in marketing harder sometimes, but we have a strong stance, and since we have no investors and the company is 100% owned by me and Adriaan, we can build a company that truly reflects our values.

How do you help companies showcase their privacy commitment?

We have a Simple Analytics badge that companies can put on their website. A lot of companies now use it because they want to show they're doing something positive, and some clients even like to feature a  “we're proud to protect your privacy” banner to gain a competitive advantage.

How much data do you really need? Quality over quantity in analytics 

Getting into the topic at hand, Iron breaks down how Simple Analytics’ vision of data challenges the perception that collecting more data is always a good thing, which type of organizations can benefit from a privacy-first approach to analytics, and the impact of data privacy regulations.

In your opinion, what's wrong with the current approach to web analytics?

If you look at people who want to be data-driven, especially in marketing, they often think everything needs to be tracked. But what are you actually doing with that data? What decisions does it drive? If you really look into it, you’ll see that people track 100% of the data but only use 10% to base their decisions on. 

It's a problem created by this narrative that being 'data-driven' is inherently good without questioning the purpose.

Take attribution tracking, for example. Yes, there might be valid reasons to track certain things, but you should start with the reasoning first, not the data. The current approach is backward: companies collect massive amounts of data and then try to figure out what to do with it. This can even lead to misguided decisions. For instance, if someone sees an ad, doesn't click it, but later searches for your product on Google and buys it, the attribution goes to Google SEO. You might conclude 'SEO is working great!' when actually, it was the ad that created the awareness.

People are becoming too reliant on being 'data-driven' instead of thinking critically about what information they actually need to make decisions.

How do you approach analytics differently?

A lot of users only need 5% of what they see in Google Analytics. They may just want to see how many people were on their website last month compared to this month or where they're coming from. 

If you open Simple Analytics, the interface and data provided are sufficient for most users to base their decisions on, rather than hundreds of custom dashboards they don’t need.

Who are the ideal users for privacy-first analytics?

We see two main groups:

  • Very small companies, often a founder and a small team who are more privacy-conscious and only need simple analytics because they don't have complex requirements.
  • Big organizations that need to care about privacy because they want to be GDPR-compliant, with legal teams pushing to move away from Google Analytics because they want to be best-in-class.

How have regulatory and digital news affected the adoption of privacy-first analytics?

Two events were really important for us: Google switching from Universal Analytics to GA4, because everyone hates GA4, and when the CNIL launched their campaign saying Google Analytics is illegal, which caused a big influx from France. 

We're often best friends with legal people in companies!

Privacy-first analytics in practice: How to collect data analytics without user consent

Next, Iron shares some practical aspects of adopting a privacy-first analytics solution, the type of data companies can obtain without consent, and some examples of implementations by some clients.

What specific metrics can you collect without using cookies or requiring consent?

We can collect several key metrics in a privacy-friendly way:

  • Referral domains and UTM tags
  • Page views and aggregated data of pages visited
  • Country-level location
  • Browser type
  • Basic traffic metrics like visitor counts 

We collect all this without using any trackers or cookies. We don't store IP addresses, use any cookies, track at city level (only country), use fingerprinting, create individual user profiles, or track complete user journeys.

This means we can't identify individual users or track them across multiple pages, but we provide aggregate data that gives meaningful insights without compromising privacy.

How do you handle visitor counting without cookies?

If someone comes from Google to the homepage, we see this as a new visitor because they came from outside our website. If that person then goes from the homepage to our blog, we count it as a page view, not a new visitor, because it's on the same domain. 

We can only track one step back in the user journey, but this gives us accurate visitor vs. pageview counts without compromising privacy.

What are the trade-offs of this approach?

We can't track a user's complete journey from Google to checkout because we don't use cookies or fingerprinting and can only look one step back. This is why some e-commerce companies that rely heavily on paid ads tracking might find it challenging to use only Simple Analytics.

How do you collect analytics data without using cookies?

We have to think about privacy-friendly ways to get metrics. 

For example, with country tracking, most analytics tools check countries from the IP address. Since we don't process or store IP addresses, we look at the user agent's timezone. From Central European Time Amsterdam, we can derive that the user is from the Netherlands. This is why we can only show metrics at the country level, not the city level.

How can companies transition from Google Analytics to more privacy-friendly analytics?

You can try to use them together and actually benchmark your data. This will help you see what types of data you're getting from Simple Analytics versus Google Analytics and what you might be missing. 

A lot of people think it would slow down your website to add two analytics solutions, but our script is not even a tenth of how big the Google Analytics script is. The good thing is that if you remove Google Analytics, your website loads faster.

How do you ensure data accuracy without tracking individual users?

We focus on providing really accurate data in terms of page views. We have features like custom domains to bypass ad blockers, which can block up to 30% of your audience. We also offer advanced robot blocking. 

Companies that care about accurate analytics can still get what they need with us, even though we're privacy-friendly. The trade-offs might not be as big as you think.

Can you share a practical example of how companies use Simple Analytics alongside traditional analytics tools?

Many companies that care about privacy and compliance use a Consent Management Platform like Didomi to collect user consent before tracking. While this is great for privacy, it means they can't collect any analytics data until users interact with their consent banner.

One of our clients, Hearst, faced exactly this challenge. They were using Google Analytics but could only track consented data after users made their choice in the cookie banner. This meant missing important insights about how users discovered and initially interacted with their website.

The team at Hearst found a solution by implementing Simple Analytics before the cookie banner. Since our solution doesn't require consent, they can collect privacy-friendly analytics from the moment users land on their website. Then, for users who consent to data collection on the consent banner, they collect additional detailed data via Google Analytics.

This complementary approach shows how powerful the combination of Didomi and Simple Analytics can be: Companies can ensure compliant consent collection while maintaining complete visibility of their website performance with privacy-friendly analytics.

It's also a perfect example of how privacy-focused and traditional analytics can work together.

How do you differentiate from other privacy-focused analytics tools?

We build everything with a true privacy perspective, thanks to Adriaan, who has instilled his values into the product.

I dare to say that we are the most privacy-friendly analytics tool out there. Most of our competitors still use identifiers, although anonymized. According to the CNIL, identifiers are just mixing up an IP address into a puzzle: if I can figure out the puzzle, it's still personal data.

The future of privacy-first analytics

Finally, we wrap up our conversation with Iron’s and Simple Analytics’ vision for the future of web analytics and data privacy and his opinion on Europe’s status as a leading software provider.

What's your vision for the future of web analytics in Europe?

Europe needs to promote EU-based tools because we need to be self-sufficient in technology. 

Companies like Didomi and Simple Analytics can play a role in educating companies that there are European alternatives for the tools they're currently using. Whether it's Adobe Analytics or Google Analytics, there are alternatives that can give you the information you need while supporting European companies.

How do you see privacy regulations evolving?

The current approach of only fining big companies isn't effective. It would make more sense if every company knew they could be randomly checked, like with tax authorities. If Meta gets a €600 million fine, why would smaller companies care? They think authorities only focus on the big ones. We need better education about why privacy matters beyond just avoiding fines.

What's next for Simple Analytics?

We're focused on building and improving features based on user feedback. Growth-wise, we're looking at more partnerships. As a small company that doesn't use paid ads or traditional marketing, most of our users come through word of mouth. Partnering with companies that share our values helps us bundle forces and reach more privacy-conscious businesses.

-

To learn more about Iron and his work at Simple Analytics, follow him on LinkedIn and visit simpleanalytics.com/ to start your free trial.

The author
Thierry Maout
Lead content manager at Didomi.
Managing content at Didomi. I love reading, writing, and learning about data privacy, technology, culture, and education.
Access author profile