Simo Ahava: “Technology does not change the status quo, it’s about how technology is used”

Server-side tagging is often presented as the solution to issues surrounding the loss of third-party cookies. And while server-side could be a solution for many businesses, it may not be for the reasons you think it is. So says Simo Ahava, partner and co-founder of 8-bit Sheep and Lecturer at this year’s edition of Friends of Search. I had the opportunity to talk to him in advance.

We are very pleased to welcome Simo Ahava to Friends of Search in Amsterdam this year. Like many professional online marketers, we are big fans of his work and blog:, without a doubt an important platform for marketers with questions about Google Tag Manager or tracking. One of the main reasons we asked Ahava to speak on Friends of Search is the upcoming changes to data collection, third-party cookies and Google Analytics 4.

Ahava’s presentation on Friends of Search is therefore about server-side tracking / tagging and how this can help tackle the current “problems” in the EU related to data collection and processing. It is a very relevant topic for anyone working with digital marketing.

Simon, how nice to talk to you. To begin with, what have you been up to lately?

Ahava: “Lately, I’ve been completely engrossed in Simmer (, an online course platform that my wife, Mari Ahava, and I set up in the midst of the pandemic in late 2020. I work on new course material almost every day.

“Furthermore, I try to explore the possibilities of server-side data flows. It is certainly an interesting paradigm because it gives companies more control over upstream data, hopefully with the intention of respecting the rights and privileges of end users and customers.”

Do you think many marketers’ concerns about the upcoming changes are understandable? Are third-party cookies really that important these days?

Well, it’s done with third party cookies. It is important not to dwell too much on what we lose and especially to look at what we get back. I do not think they are essential for marketers, not at all. In addition, the display advertising itself has always been unreliable because there is no correlation between storing “impressions” associated with third-party cookies and correlating them with what is happening on the advertiser’s website or app. The chain is just too crazy.

Many ad platforms now offer new first-party options to replace third-party cookies, such as sending the user’s personal data (hashed) directly to the provider, so that they can then match it with what the user did on other platforms from the provider, or other sites that the provider directs traffic This is not a big improvement in my opinion, but being a first party gives the site, the user and the web stack more control over what kind of data is actually being sent.

“The fact is, personal data has been poorly handled in ad tech over the last 30 years.”

“The fact is that personal data has been abused in ad tech for the last 30 years. User data has been collected unhindered, without any restrictions and with very little aftermath. With the advent of privacy laws, tracking protection and a growing public understanding of this, things are changing now, hopefully for the better.

“Yes, it’s going to mean that marketers, analysts and advertisers can work with ‘less’ or ‘worse’ data, but that’s something we have to live with. And we can because there are a wealth of technological possibilities. to get into the dynamics. to explore this new world. “

Do you think the use of first-party cookies and server-side tracking will make the Internet more privacy-friendly?

“No, the technology does not change the status quo. That’s how the technology is used. You could argue that by removing third-party cookies from the mix, users’ data is now more” in the open “and therefore better protected, but it has been proven time and time again. at the time that “first party” is not a magically secure port for user data.

“For example, look at privacy laws, and they are often very technology-diagnostic. This is because no matter what technology is used, you still have the same opportunities to abuse and misrepresent users’ trust.

“But moving first-party data streams and using server-side proxies provides a wealth of tools to greatly improve the conditions for respecting users’ right to privacy. But the same tools can also be used to enforce those rights. So it’s up for companies to decide for themselves how they want to orient themselves in this world. “

The now widely used Google Tag Manager (GTM) solution is client-side GTM, which sends data via GA4 or other tool to the server-side container on the subdomain and does tagging from there. This means that in many cases we are still dependent on client-side tracking in GTM. Do you see this setup as server side tagging?

Server-side tagging does not depend on a client-side GTM. Server-side can work with any incoming data stream – it’s just really convenient to use client-side GTM for this, due to some built-in mechanisms that make the setup real smooth expiration.

“But you could trivially build a client-side JavaScript library to collect user interactions and send them to the server-side tagging endpoint and achieve the same result.”

How future-proof do you see this setup?

“Depends on what you secure against the future :). From a data flow control point of view, it is an excellent and sustainable solution. It is a logical choice to prevent vendor JavaScript from sending data directly to the advertising platforms and tracking parties. Adding a server-side container as buffer allows the company that collects the data to validate and enrich the data streams before they are sent to, for example, advertising platforms.

“If you’re wondering if this setup is future-proof when it comes to privacy law or tracking protection, the answer is ‘no’. First, I do not think there is a need to ‘protect’ you from any of them. Understand “why privacy laws exist and what browsers are trying to do with tracking protection so they can find a way to work on the server side in a way that helps achieve these goals instead of bypassing them.”

“I think every business should look at server-side tagging as an option for their marketing stack.”

Is this GTM solution the right one for most companies? Or do you want to approach this differently for SMEs, for example?

“I do not think it is the solution for every business. Firstly, it has a price tag. The cost is not very high, but it requires an investment.

“It also requires some understanding of cloud / server technologies and some effort to design it so that it actually delivers benefits rather than just an alternative stream of data from the user’s browser to the servers where the data is stored.

“I think every business should look at server-side tagging as an option for their marketing stack. You can configure it at no cost as a test and see if it has the right resources and opportunities to work with.

“The biggest problem I see with server-side tagging is its maturity. Even if you understand the technology perfectly, you may still be tempted to use server-side as a way to circumvent privacy laws or satisfy users’ desires. To block invasive data. collection of browser extensions, so it’s more about understanding what the server side is really trying to solve for the end user, rather than what companies want to use it for. “

Recently, we’ve seen companies use server-side tagging to set up the Facebook Conversion API from the server, for example, without a visitor knowing it. The GDPR is regularly circumvented because it appears to be out of control. What do you think about that?

“Like I said, privacy law is not stack-based. There is nothing in server-side tagging that forces you to do illegal things or circumvent user desires. It is a decision you make when implementing server-side tagging. the way.

“Of course you can do illegal things, but you have to be aware of the risks associated with these tactics. By moving to the server side, you do not escape this responsibility.

Take the Facebook Conversion API, if you have a legal basis for collecting personal data for Facebook, you can of course do so. The user does not actually need to see the data stream in the browser. But you need the legal basis If you collect data for Facebook without a legal basis, you are violating the GDPR as much as if the data collection took place on the client side.

“I personally have not seen that the GDPR can deal more with server-side technologies than it used to be. If it can, it is a shame and also a gross misunderstanding of how the GDPR works. If the user requests rights from involved parties sends them to a platform so they can easily see that their data was collected on the site, and the site should explain their legal basis for doing so. “

How do you expect rules, transparency and enforcement to be implemented?

“I believe and hope that regulation will remain technology diagnostic, because it is the only way technology can be sustainable. However, I am convinced that interpretations of regulation, legal practice and case studies will become more and more accurate in the future. server-side technologies will outline, also because it is an inexpensive and scalable means of processing data. “

“I believe and hope that regulation will remain technology diagnostic because it is the only way technology can be sustainable.”

Is there or will there be a good tool in the future that can control this, or will there be another way of transparency?

“I think it’s crucial that web technologies are developed to shed light on server-side flows because server-side is shielded and that shielding can not be broken from the browser. I always quote the familiar Vegas saying: ‘What happens in the server, stays in the server ”.

“This is a technology puzzle that we have not yet solved from the market. Maybe we should revise the Internet’s current client-server architecture or make it mandatory for organizations that use server-side tools to build transparency control.

“I hope that companies that implement server-side settings will voluntarily introduce transparency into their privacy policies and communication to their customers.”

Is there anything else we should know about Google Analytics 4 (GA4)?

“A lot! 🙂 GA4 has a lot in common with server-side tagging, so if you are considering setting up a simple client-to-server data flow, implementing GA4, either via gtag.js or Google Tag Manager, is a good idea. just do not actually send the data to the Google Analytics servers from your server-side tagging container. You can even use this inbound GA4 stream to collect for Facebook or even another analytics provider like Amplitude, the Mix panel, or Snowplow! “

Thank you for your insight and we look forward to seeing you in Amsterdam!

“I’m looking forward too! See you in Amsterdam!”

Simo Ahava is a partner and co-founder of 8-bit sheep. On June 14, he takes the stage as a lecturer during the Dutch edition of Search friends at Kromhouthal in Amsterdam.

Leave a Comment