Data privacy and personalization

Data privacy and personalization have been considered a paradox. But when relying on first-party data, personalized customer experience can help drive data-driven marketing that respects personal data privacy.


Altis’ personalization fully relies on first-party data captured via Native Analytics. It securely collects and processes traffic while keeping all user data private. This simplifies compliance with privacy and data laws and regulation like GDPR and CCPA.

  • Altis takes a minimal approach to collecting data for personalization.
  • Altis’ Native Analytics uses pseudonymous online identifiers, so by default, all personal data remains anonymous; however, it is possible for a person to become identifiable within the platform in certain edge cases.
  • By default, none of the data collected by Altis Analytics is shared with any third party.
  • Read our FAQ on data privacy and personalization.

Data privacy and personalization – a paradox?

Data privacy and personalization seem difficult to align because in order to personalize the user experience, websites need to identify information that is, well, personal. First-party data such as a visitor’s browser language, device type, location, or current time of day have to be collected and applied in real-time to present different content for different audience segments.

As long as a visitor stays at one touch point, e.g. a web page, those data points don’t have to be tied to any individual, unique identifier. But as soon as that same visitor moves on, the personalization engine needs to be able to recognize them in order to enable a consistent user experience along the customer journey.

Protecting privacy: anonymized personal data

‘Personal data’ in the definition of the GDPR covers a broad range of data, namely: “any information relating to an identified or identifiable natural person”.

Two examples of personal data according to the GDPR are location data and online identifiers (e.g. an IP address).

Privacy-aware personalization, powered by anonymous first-party data

In order to enable granular audience segmentation, Altis’ Native Analytics does collect some personal data about a website visitor, such as:

  • Country
  • City
  • Locale (i.e. the language set in a person’s browser)
  • Browser and version
  • Device operating system and version

However, Altis Analytics does not, by default, record a visitor’s IP address. Instead, it creates a pseudonymous identifier for each visitor. So all of the personal data listed above, by default, remains anonymous.

Pseudonymous unique online identifiers can take many formats; a common one would be an alphanumeric string. They enhance data privacy because they don’t expose any personal identifiable information in their pseudonymous form. However, under GDPR they still count as personal data because if they’re linked to another unique online identifier, such as a user ID or an email address, they can be used to identify a natural person.

Can pseudonymous personal data compromise a person’s data privacy?

Short answer: yes, it can, but it is unlikely it will in practice.

Here are two examples of how a pseudonymous identifier could be de-anonymized and link to a natural person:

Visitor signing in as registered user

  • A previously anonymous visitor signs into their Altis user account.
  • Their unique pseudonymous ID is now tied to their user ID.
  • The previously anonymous data collected by Altis Analytics can now be linked to an identifiable individual person.

Registered user with a unique profile

  • As a site administrator you happen to know your site has only one registered user in Luxembourg.
  • Based on the country property tracked by Altis Analytics, you can now find their unique pseudonymous ID.
  • Once you have their pseudonym, you can link the data associated with it to their identifiable individual user account.

Both of these examples are quite hypothetical in the context of every-day business, and they would require access to the Altis Analytics database. So unless an administrator or developer specifically de-anonymize a pseudonym, the risk of personal data being leaked seems reasonably low.

Yet it remains a fact that under GDPR even anonymized pseudonymous identifiers count as personal data, no matter how practically unlikely it seems for them to be de-anonymized.