Stape
EN
ES
FR
DE
NL
IT
PT
TR
RU
UA
JA
ZH
KO
Search
Contact salesTry for free
Contact salesTry for free
Updates

Data tracking risks: what recent privacy cases teach us

Published
Aug 12, 2025
comments
Join the conversation

European privacy regulators are paying more attention to how websites track people. Two recent cases show that old tracking methods, like using tracking pixels, can be risky. If users don't give consent, you can't track them, and failing to respect that can lead to serious consequences. They also show how server-side tracking can be a safer option.

Tracking users without their consent can be risky
Tracking users without their consent can be risky

Case 1: six websites in Norway broke privacy rules

Case: the Norwegian Data Protection Authority found that six websites, including a children's help service, an online pharmacy, and medical sites, sent sensitive personal data to third parties without permission.

They also:

  • Told visitors they were anonymous when they weren't.
  • Collected data about children.
  • Tried to push visitors into saying "yes" to tracking.

Outcome: a fine of NOK 250,000 (approximately $24k)

Case 2: Google Tag Manager needs consent in Germany

A German court ruled that Google Tag Manager sends personal data (like IP addresses) to Google right away. Because of this, websites must get consent before loading GTM at all.

Outcome: the court did not fine the company but ordered it to obtain valid user consent for GTM or remove it entirely, highlighting that activating GTM without consent can lead to legal issues and enforcement actions.

Why server-side tracking is a safer option

As privacy laws tighten globally, relying on traditional browser-based tracking faces increasing challenges, from blocked scripts to unauthorized data leaks. Server-side tracking moves data collection from the user's device to your own servers, which gives you direct control over what information is captured and shared.

How server-side tracking helps comply with privacy laws and regulations:

  • Higher data control. Unlike third-party tracking scripts (e.g., GA or GTM snippets) that may collect sensitive data without your oversight, server-side tracking lets you decide exactly what information to capture.
  • Remove or hash sensitive data. Especially important in regulated industries like healthcare, you can strip or encrypt PII (e.g., email, phone, medical terms) before sending data to external platforms.
  • Modify PII in URLs. Server GTM can clean URLs by removing parameters or replacing restricted keywords, ensuring compliance with platform policies (e.g., Facebook) and privacy rules.
  • Use anonymization tools. Features like Stape's Anonymizer help automatically remove or anonymize data from Google Analytics 4.

Why server-side tracking isn't a way to bypass consent mode

Server-side tracking can support privacy compliance, but it doesn't remove the need for user consent. Under the ePrivacy Directive and related laws, any collection or storage of personal data requires explicit permission.

To stay compliant, you must still enable consent mode in server GTM, display a legally compliant cookie banner, and work with your legal team to ensure all requirements are met.

When implemented correctly, together with a proper consent mechanism, server-side tracking can help protect user privacy, support compliance with data protection laws, and maintain reliable analytics despite evolving privacy standards.

Want to start on server-side?Register now!

Subscribe for updates:

we don’t spam!

Comments

Related to this post

Google Consent Mode V2
Dec 13, 2023

Blog

Google Consent Mode V2

Learn about Google Consent Mode v2 platform and whether it impacts server-side tracking.

Cookies, the GDPR, and the ePrivacy Directive
May 28, 2024

Blog

Cookies, the GDPR, and the ePrivacy Directive

What cookies do and why they matter. How cookies are affected by the GDPR, CCPA, ePrivacy Directive and ePrivacy Regulation. Cookie compliance best practices.

How global data privacy laws affect user tracking strategies
Sep 20, 2024

Blog

How global data privacy laws affect user tracking strategies

Read how global privacy laws like GDPR, CCPA, and others affect user tracking strategies. Learn how server-side tracking with Stape can help with complaint tracking.

Try Stape for all things server-sideright now!