Drücke „Enter”, um zum Inhalt zu springen.
Hinweis zu diesem Datenschutz-Blog:
Anscheinend verwenden Sie einen Werbeblocker wie uBlock Origin oder Ghostery, oder einen Browser, der bestimmte Dienste blockiert.
Leider wird dadurch auch der Dienst von VG Wort blockiert. Online-Autoren haben einen gesetzlichen Anspruch auf eine Vergütung, wenn ihre Beiträge oft genug aufgerufen wurden. Um dies zu messen, muss vom Autor ein Dienst der VG Wort eingebunden werden. Ohne diesen Dienst geht der gesetzliche Anspruch für den Autor verloren.

Ich wäre Ihnen sehr verbunden, wenn Sie sich bei der VG Wort darüber beschweren, dass deren Dienst anscheinend so ausgeprägt ist, dass er von manchen als blockierungswürdig eingestuft wird. Dies führt ggf. dazu, dass ich Beiträge kostenpflichtig gestalten muss.

Durch Klick auf folgenden Button wird eine Mailvorlage geladen, die Sie inhaltlich gerne anpassen und an die VG Wort abschicken können.

Nachricht an VG WortMailtext anzeigen

Betreff: Datenschutzprobleme mit dem VG Wort Dienst(METIS)
Guten Tag,

als Besucher des Datenschutz-Blogs Dr. DSGVO ist mir aufgefallen, dass der VG Wort Dienst durch datenschutzfreundliche Browser (Brave, Mullvad...) sowie Werbeblocker (uBlock, Ghostery...) blockiert wird.
Damit gehen dem Autor der Online-Texte Einnahmen verloren, die ihm aber gesetzlich zustehen.

Bitte beheben Sie dieses Problem!

Diese Nachricht wurde von mir persönlich abgeschickt und lediglich aus einer Vorlage generiert.
Wenn der Klick auf den Button keine Mail öffnet, schreiben Sie bitte eine Mail an info@vgwort.de und weisen darauf hin, dass der VG Wort Dienst von datenschutzfreundlichen Browser blockiert wird und dass Online Autoren daher die gesetzlich garantierten Einnahmen verloren gehen.
Vielen Dank,

Ihr Klaus Meffert - Dr. DSGVO Datenschutz-Blog.

PS: Wenn Sie meine Beiträge oder meinen Online Website-Check gut finden, freue ich mich auch über Ihre Spende.
Ausprobieren Online Webseiten-Check sofort das Ergebnis sehen

Server-side tracking: Difference from client-side tracking and data protection aspects

0
Dr. DSGVO Newsletter detected: Extended functionality available
More articles · Website-Checks · Live Offline-AI
📄 PDF for this post
📄 Article as PDF (only for newsletter subscribers)
🔒 Premium-Funktion
Der aktuelle Beitrag kann in PDF-Form angesehen und heruntergeladen werden

📊 Download freischalten
Der Download ist nur für Abonnenten des Dr. DSGVO-Newsletters möglich

In contrast to client-side tracking or tagging, user recordings take place indirectly at server-side tracking. A tracking event from the user's browser is sent to a separate server and then on to its actual destination. This raises interesting questions about data protection.

Introduction

Server-side tracking or server side tracking is occasionally also referred to as server-side tagging. This synonym likely comes from Google supporting the server approach of tracking with a so-called Tagging Tool. Tagging means enriching with information. Tracking on the other hand refers to tracking users in order to learn about their behavior.

What is server-side tracking?

The protocol logging of user actions takes place indirectly in contrast to traditional tracking. Instead of sending data directly from the browser to Google Analytics, for example, this data transfer occurs via an intermediary. This intermediary collects the log data and then sends it on.

In contrast, there is the classical tracking, which is also referred to as client-side tracking. The Client is for example the Browser of a visitor to a website. It can also be an app.

At Server Side Tracking, a tracking event is typically sent from one's own website to one's own server and then forwarded more or less unchanged to the actual endpoint. At Tagging , however, information from the tracking event is first enriched on one's own server before being forwarded to one or more endpoints.

Client-side and server-side tracking

Server side tracking has always been possible, but was not particularly emphasized and was not popular due to previous possibilities. The growing threat of sanctions for data sinners like Google (and all who use services of third parties unreflectively) has brought about a paradigm shift.

The following diagrams show the differences between traditional and modern tracking, as well as the various possibilities. As an example, the Google Tag Manager (GTM) is used to reload Google Analytics (GA). This is a common case on websites. Instead of Google Analytics, other tools are often reloaded by the Tag Manager.

The conventional tracking relies on loading GTM and GA each from a special Google server. This approach is called client-side tracking.

Client-seitiges Tracking (Quelle: Dr. DSGVO).

The green highlighted server is the one that is less critical from a data protection perspective, namely the server on which the website currently being visited is operated. The yellow highlighted servers are Third-Party Servers (Third-Party), here Google servers. Google is only mentioned as an illustrative example. Possible are servers of all possible providers.

The red arrows show the Data transfers. Loading the GTM requires two data transfers. The first is a retrieval, so a request. The second transfer is the response to the request. For Google Analytics, it's analogous. So four data transfers result from loading GTM and GA together. The fifth depicted data transfer is the logging of user action by Google Analytics.

Client-side tracking is well-known easily verifiable. For this, one only has to look at which servers (addresses) a website establishes a connection to. Everyone immediately sees that a call to the address google-analytics.com has something to do with Google Analytics.

Now one can use a so-called Underpass or Proxy to load Google Analytics indirectly and/or send tracking events to Google Analytics. The advantage here is that the final tracking can be the same for all end devices and platforms (Apps, Web pages). Technically it looks like this:

Server-seitiges Tracking mit Standard Google Tag Manager und Third-Party Tunnel für Google Analytics (Quelle: Dr. DSGVO).

Data protection-wise, not much has happened, because the tunnel that Google Analytics is accessed through is located on a third-party server. Google currently offers such servers free of charge in the Google Cloud. The benefit of the Google Cloud Platform (GCP) should be given to few people, since the implementation is not quite simple. The Tag Manager is loaded in this variant initially in a conventional way, which, by the way, is not allowed without consent .

With the transport tunnel, the call of Google Analytics could be obscured to a certain extent. One should not get caught in this case, however. The danger of being exposed is quite large anyway. Even the Tag Manager could be loaded over this tunnel. In the example I have not taken this into account. Further below this case will be considered.

Next is a variant of the model mentioned earlier. Here everything is identical, only the Transport Tunnel is its own server. Ideally, the transport tunnel has the same address as the website just visited.

Server-seitiges Tracking mit Standard Google Tag Manager und First-Party Tunnel für Google Analytics (Quelle: Dr. DSGVO).

Google Analytics is accessed completely via a_own tunnel server_.

In this model, the Google Analytics-Script

Read full article now via free Dr. GDPR newsletter.
More extras for subscribers:
Offline-AI · Free contingent+ for Website-Checks
Already a subscriber? Click on the link in the newsletter & refresh this page.
Subscribe to Newsletter
About the author on dr-dsgvo.de
My name is Klaus Meffert. I have a doctorate in computer science and have been working professionally and practically with information technology for over 30 years. I also work as an expert in IT & data protection. I achieve my results by looking at technology and law. This seems absolutely essential to me when it comes to digital data protection. My company, IT Logic GmbH, also offers consulting and development of optimized and secure AI solutions.

Logging of IP addresses in server logs: allowed or not?