The industry does not agree and data privacy policies can leave some room for interpretation.
A company is entitled to use session recording or session replaying as long as their marketing and analytics needs require so. However, as enticing the recording of everything the user does at all times can be, even within the existing regulations, there is a high chance that doing so will quickly push the data towards a non-compliant realm. And even in cases where regulations may not be explicit on the matter, we see more and more how the industry is leaning towards discouraging these practices. So, how do you make sure you get the data you need without having to worry about breaching data protection laws and not end up spending more time/money?
Spoiler: avoid Session Recording.
Let’s start by clarifying the concepts at hand here to make sure we are all on the same page.
In both cases, the recording can be played and replayed at will by whoever owns and/or shares the recording.
For example, if you have a banking app and your provider has enabled session recording, the bank will theoretically be able to see everything you did in the app from the moment you opened it until you closed it, including if it was left open in the background. This means that all your interactions with the app are visible, ranging from obvious actions, like making a transaction or reviewing your statements, to perhaps more high-risk actions, such as entering your personal tax information or typing your password when logging in.
Those “high-risk actions” bring us the case built around data privacy and the protection of personal identifiable information (PII). Regulations like GDPR have provisions guiding and limiting the access to and usage of data from end-users, and how such users must be aware of why and for what their data is used. Now, what happens when passwords or PII are visible on session recordings and available to everyone with access to them to replay it? Would that not be putting data at risk in case it falls into the wrong hands?
Aside from the subject of compliance with regulations regarding what is being recorded and tracked from any given user, ethics and return over investment come into play. Ethics because we are talking about people’s data; and return over investment because, at the end of the day, the objective of most businesses is to generate profit.
Ethics can have a level of subjectivity to it, obviously, but they have a reflection in the moves being made by the industry and its own level of self-regulation. And lately, we have seen major and bold moves from the industry to move towards a privacy-conscious approach to user data, including Apple’s iOS 14.5 privacy changes and Facebook’s decision to ditch Facebook Analytics. We have yet to see an actual change specifically banning session recording, but maybe we do not have to if it ends up not adding up from a budget perspective.
You see, session recording may seem beneficial for the investment of having a product analytics solution, because among other things:
But at the same time,
Session recording has benefits, but it also has costs. And with data privacy growing and user awareness growing, what is the solution to getting the detail you can in a session recording but keeping privacy in mind?
What works better than session recording? A solid strategy and the right tech stack.
Trying to harness too much data of the wrong kind will most likely end up being more of a curse than a blessing. The truth is that better insights can be achieved by deploying the right strategy with the right features. To keep it short and simple, let’s refute those benefits mentioned earlier:
Aside from getting way more actionable insights, staying away from features like session recording also puts you in the safe zone when it comes to being compliant with data protection policies. Plus, if the industry’s key players seem to be already trying to have a more ethical approach to user data, basing your product analytics strategy on screen recordings may backfire and end up costing you more time and money to fix the damage.
Therefore, choosing a solution with abundant features that are not only powerful but also let you combine them in different ways for a more holistic strategy, is your way to go.
Get that strategy going with a privacy-first product today by reaching out to us, booking your demo. Or you can see for yourself the wide variety of features you too can combine at will and that is always privacy-focused, which is why you will not see session recording in Countly.