DEV Community

Anja Beisel
Anja Beisel

Posted on

Your Cookie Consent Banner Is Probably Breaking Your Analytics

#privacy #react #analytics #webdev

Privacy-First Analytics for Modern Web Apps (Part 1)

How GDPR compliance causes data loss — and what modern web apps do instead

Most cookie consent banners quietly destroy your analytics.

If users decline cookies, tools like Google Analytics stop tracking completely.
For many websites, that means losing 30–50% of user behaviour data.

That creates a real problem for developers:

How do you respect GDPR and ePrivacy rules while still understanding how users use your product?

The real problem

Modern web applications depend on analytics to answer simple but critical questions:

  • Which pages do users visit?
  • Which features are actually used?
  • Where do users drop off?

But in the UK and EU, analytics intersects with:

  • GDPR
  • ePrivacy / PECR

These regulations require user consent before setting non-essential cookies.

And that’s where things break.

Basic vs Advanced vs Hybrid Analytics

What actually happens with basic cookie consent

The typical implementation looks like this:

User visits site
  ↓
Cookie banner appears
  ↓
Accept → Google Analytics loads
Decline → Google Analytics never loads
Enter fullscreen mode Exit fullscreen mode

In many React applications, the logic looks roughly like this:

if (userAcceptedAnalytics) {
  ReactGA.initialize(GA_ID)
}
Enter fullscreen mode Exit fullscreen mode

If the user declines, Google Analytics never runs.

That means for a significant portion of your users:

  • no pageviews are recorded
  • no navigation behaviour is tracked
  • no product usage data is captured
  • From an analytics perspective, those users effectively do not exist.

Why this breaks your analytics

Let’s say your site gets 1000 visitors:

1000 visitors
  ↓
40% decline cookies
  ↓
Google Analytics sees only 600 users
Enter fullscreen mode Exit fullscreen mode

That means:

  • you miss real user journeys
  • feature usage becomes unclear
  • conversion funnels are incomplete

Your data becomes:

  • ❌ incomplete
  • ❌ biased
  • ❌ misleading

This is especially painful when building:

  • SaaS products
  • developer tools
  • interactive apps

Why this is still the “safe” approach

Despite the drawbacks, this model is widely used because it is:

  • ✔ legally conservative
  • ✔ easy to implement
  • ✔ easy to explain

No cookies before consent → no legal ambiguity.

Important: this is a Google Analytics problem

This issue exists because of how Google Analytics works:

  • relies on cookies (_ga, _gid)
  • uses persistent identifiers
  • tracks users across sessions

That design conflicts directly with modern privacy requirements.

What modern apps do instead

Instead of relying on a single tool, many teams now use a hybrid analytics architecture:

Visitor arrives
  ↓
Anonymous analytics runs for everyone
  ↓
Cookie banner appears

Accept → Google Analytics enabled
Decline → Google Analytics disabled
Enter fullscreen mode Exit fullscreen mode

This setup combines:

1. Privacy-first analytics (for all users)

Tools like:

  • Umami
  • Plausible

These provide:

  • pageviews
  • referrers
  • device types
  • product usage events

Without:

  • cookies
  • persistent identifiers

2. Google Analytics (opt-in only)

Only enabled after user consent.

Provides:

  • funnels
  • campaign tracking
  • deeper engagement insights

Why this approach works

This architecture gives you:

  • ✔ visibility into real product usage
  • ✔ compliance with privacy regulations
  • ✔ a cleaner mental model

Instead of choosing between:

privacy OR analytics

you get:

privacy AND useful analytics

This is becoming standard practice

This hybrid approach is increasingly used in:

  • SaaS products
  • developer tools
  • modern web platforms

Where understanding product behaviour is essential.

Key takeaway

If you rely only on Google Analytics with cookie consent:

you are likely missing a large portion of user behaviour

Modern web apps solve this by combining:

  • privacy-first analytics for all users
  • Google Analytics only after consent

What’s next

In the next article, we’ll go deeper into:

👉 Google Consent Mode

  • what it actually does
  • Basic vs Advanced Consent Mode
  • how to implement it in React + TypeScript

Final thought

Analytics is no longer just a marketing tool.

For modern web applications, it’s a product development tool.

Understanding how users move through your app helps you:

  • improve onboarding
  • identify friction
  • build better features

The challenge is doing that without violating user trust.

That’s exactly what this series is about.

Series: Privacy-First Analytics for Modern Web Apps

  1. Why Cookie Consent Breaks Your Analytics (this article)
  2. Google Consent Mode Explained (React + TypeScript)
  3. Ads, Tracking, and the Legal Reality in the EU and UK
  4. The Hybrid Analytics Architecture

About this series

This series is based on real-world work building CSSEXY, a visual UI platform where understanding user behaviour is essential for improving the product.

All articles are also available on CSSEXY and there in the Gallery.

Top comments (0)