Why does gov.uk, a site all about allowing the British public to interact with the British government, use google analytics?
You are shipping all the data about all my interactions with my government off to a third party in another country. Another country that we know has not got the same legal data protection requirements, and one which has now been exposed as having massive internal spying problems.
And no, telling me "google aren't allowed to use the data" and then opening an outsourced helpdesk ticket with another US based company does not cut it.
Assuming they listen to your suggestion and act on it as you suggest, it seems the only option open to them is to design their own in-house (In UK for that matter) version of Google Analytics to do their own analysis. Regardless of the cost and time this would add to the project, it's unlikely that it would be anywhere as good as Google's offering.
The other, more likely, option would be to decide it's too expensive to implement a different, more complicated, solution; so they don't bother. They don't get the feedback and analysis on how to improve their services and the customer experience declines until you're back where you started with a poorly designed product offering hard-to-find information and people are posting angry comments on HackerNews about how bad gov.uk is and how they would never run a start-up like that... I'm almost certain someone would say "Why don't they use google analytics to improve things, like everyone else".
Instead, we need to be applauding a massive operation like Gov.uk for taking a dose of reality and thinking, "we're not doing anything amazingly special here, we're providing people with a quick way to check their council tax, or bin collection dates, or maybe pay their car tax. let's just get the job done as best we can."
That's not what I want from my government.
--edit-- I also didn't make any suggestions, I would have accepted a reasonable explanation of the legal and technological measures that were in place to protect my data from rampant proliferation through US corporate and government systems.
Instead I got (and this is a direct quote) "We don't allow Google to use or share our analytics data.", and a zendesk reference number. Fobbed off, basically.
And with the zendesk link, now my actual communication with a UK government team is being processed in the bay area.
This is unacceptable.
--edit 2-- Somehow other large UK web-based institutions manage without GA as well. The BBC for instance. Perhaps they could talk to each other.
Before you start the lynch mob, ask yourself this: what on earth can one do with non-person-identifiable data stored on a server?
"Next on BBC - Terrorist organisation finds out too many British people forget to update their MOTs"
That's not what I want from my government.
Be very very fortunate you can even get a somewhat usable site, much less a very user friendly site. There are citizens of the other nations that would kill for easier access to public information.
How do we know it's non-person-identifiable? It's certainly clear that the analytics data comes from a set IP address, and when correlated with all the other data that big G collect from all over the web, who knows what can come out of it.
>> Be very very fortunate you can even get a somewhat usable site, much less a very user friendly site.
1. It's not just an information site. 2. Why should Google (and by extension the US government) be informed that I'm looking up (for instance) legal advice, business law or anything else?
Again, this is my interactions with my government being published to another nation.
--edit-- removed accusations of laziness, I'm sure the gov.uk folks aren't that.
We have no framework for digital privacy, and until we see an emergent consensus there will not be one.
Here, on this site, we have informed, reasonable people disagree on fundamental definitions of online privacy.
I am unsure where to begin.
We already have data protection frameworks in the UK and at the EU level. I would like to see them adhered to in spirit, and I would also like to know that someone involved in the gov.uk has at least given this a moment's thought.
My view is that the spirit of the law needs to be codified for a new world, and it is healthier to have that clear (and so open for debate) than to say someone is violating my idea of what the law should be.,
My starter for 10:
* Privacy is merely a politeness, and does not actually "exist". The expectations of privacy are the expectation for data to not be exploited without our consent.
* All digital communications and associated metadata are made in a public domain, and should have very limited expectations of privacy.
* If digital communication is encrypted, or marked as anonymous, then it should be legally viewed as having an expectatin of privacy and similar penalties applied for interfering with that as with post.
* Any monitoring of digital activity that can be linked to an individual human must be publically acknowledged by the monitoring organisation and the data released / published unless the individual has given consent for identifying data to be stored and processed to that organisation.
Its a thought in progress.