Attribution 21 min read

What Are The Alternatives to GA4?

By Laura Imrie 19 October, 2022

When we ran our recent webinar about the legality of analytics products we got a real push to understand the alternatives that exist to GA4.

And that was the genesis for this webinar – Exploring GA4: What are the alternatives? – where our CEO, Chris Liversidge, walked us through:

So why did we get so many questions about GA4? As Chris explained on the webinar, that is probably the best place to start our analysis.

Watch the full webinar here: Exploring GA4: What are the alternatives?

Google Analytics illegal ruling – a quick recap

The interest in the topic initially came off the back of data privacy concerns and something called the Schrems II ruling – which relates to GDPR.

As marketers, GDPR is something we’re all relatively familiar with. But just for a quick recap, it’s a privacy initiative and UK and European GDPR are essentially identical.

The particular area of concern for analytics packages, when it comes to GDPR, is highlighted in the blue box below.

This states that any data that’s being processed, and anything that could be either PII information (which is Personally Identifiable Information) or could be used to retrospectively work out PII, must have these values of integrity and confidentiality.

And companies must be able to demonstrate adherence to those principles.

Mainly, accountability.

The problem for Google was that both of those were thrown into question by the initial Schrems II ruling by the European Court of Justice in 2020.

Up until that point, those two particular parts of GDPR had been handled by something called the Privacy Shield. Which was an EU/US agreement, to find a way to allow – for example, in Google’s case – registration in Ireland. And the use of that legal entity to support its GDPR commitments.

However, that was found to be not an effective solution.

Essentially. because Google (and indeed, US analytics and data processing companies generally – especially if they’re processing the bulk of their data in the US) are unable to prevent data access by law enforcement in the US states. An issue that was highlighted very strongly in the case.

So, on that basis, most recently, Italy but also Sweden, France and Austria – and an increasing number of countries are joining this group – have actually ruled on the illegality (in their view from their data protection authorities) of Google Analytics.

Related: Are Your Web Analytics Illegal?

What does Google’s illegal ruling mean for GA4?

And that is not just Google Analytics Universal, which is the version of Google Analytics that is being sunset on 1st July 2023.

The ruling also applies to GA4, which is the latest iteration of Google Analytics. And that’s because there is no data portability between Universal and GA4.

Source: noyb

So, there is a fundamental challenge here to the legality, or otherwise, of Google Analytics. And that is something that fundamentally has driven a push to understand what risks we’re incurring as businesses when we deploy analytics tags on our websites.

Google Analytics is obviously the most popular and most widely adopted analytics package on the internet. So, what does that mean for us as businesses? And what alternatives are there?

Related: The Rise of GA4 – And The End of Retargeting As We Know It

A quick note on Cookies, GDPR and the ePrivacy directive

Before we dig deeply into the questions above, we should also touch on cookies, as they are an associated part of the legal question here.

The cookie directives, or the ePrivacy directive, actually predates GDPR. So those of us who have been around long enough to remember the internet both before – and after – cookie banners, will remember there was a fairly abrupt change. And that was a result of the 2002 ePrivacy directive.

So, it’s actually that directive which is extending an older European directive called the DPD (the Data Protection Directive from 1995).

The ePrivacy directive asserted that we all have a right to privacy in the electronic communication sector. And so that’s what actually has driven the rise of the cookie banner.

That’s not to say it’s an entirely separate part of GDPR. But cookie banners are not a result of GDPR.

And within GDPR, it is entirely lawful to process cookie data, particularly first party cookie data – where it is deemed as necessary for performance of reasonable business operations.

Such as improving your media spend, so that you’re not wasting money on advertising to the wrong people.

There’s often a little bit of misunderstanding in that space. So, as Chris explained, it’s important to ensure clarity on that – and the role of the cookie – before diving into any more detail.

So now a quick summary, from a legal point of view.

Any US organisation that is processing data, falls foul of GDPR, under the Schrems II ruling. And that becomes problematic for us, as customers.

What about tag management?

Tag managers are used to simplify the tagging process for deploying analytics.

If you’re not familiar with them, you can think of it as a single tag that you deploy. And then you use that tag to deploy other tags. That’s the use case for tag managers.

They are extremely powerful and effective tools. They also simplify things greatly, especially if you’re using multiple different systems on your site.

Under the Schrems II ruling, tag managers (which are US based entities and which therefore process their data in the US) are also uncompliant under GDPR rulings.

What does that mean? Well, we have to give consideration to the Tag Manager we use – not just the analytics system that we’re deploying with that tag manager.

What are the alternatives to GA4?

So why do we care about GDPR?

We care about it because it has potentially very significant fines associated with it. They are actually stated to be either a 20 million euro fine or 4% of turnover, whichever is higher.

And, clearly, we don’t want to fall foul of that.

So, there are two different ways that we can now start to take action which Chris explored during the webinar:

Option 1: CNIL’s Proxy Suggestion

One way is to continue using US based analytics platforms.

That process was addressed in the recent ruling in France that found that GA was illegal under their data processing agreements.

What CNIL (Commission Nationale Informatique & Libertés – the French Data Protection Agency) has put forward is a speculative approach called Analytics with Proxy. Which is outlined below and which we have annotated in the blue box.

Source: CNIL

You can see within the blue box, that essentially what is being proposed by CNIL is that all of the data that is collected and processed in the typical operation of an analytics package.

So, when that pixel is served, and it’s collecting:

  • parameter data
  • data about the device you’re on
  • other unique identifiers
  • IDs from cookies

That all of that data is held before it is then passed or anonymised and passed on to the analytics tool that you’re using.

So, this is a use case to describe how they could receive a legal basis for the use of something like GA4 now.

In terms of actually implementing a process of proxying all of your data before passing it to an analytics tool, Chris suggested that this is a theoretical approach.

And one that, for the first part of a response to what the alternatives there are to GA4, we thought we’d try and address.

The practicalities of CNIL’s suggestion

This proved to be the quickest option to address because, fundamentally, it requires you to set up, configure and troubleshoot your own analytics collection.

It also requires you to maintain a cloud environment or on-prem tenancy and host your own boxes.

You have to manage all of the security involved in that process, which is not inconsiderable.

Either the racking cost of your on prem – or the ingress egress cost if you’re in the cloud – can very quickly become very large.

If you’re running native advertising, you might have over 40 million impressions a day to be coping with. Also, DPO, the data privacy management side of things, would be your legal responsibility which gives you direct legal exposure. So, if anything goes wrong in your custom setup, it’s all on you.

You have to match your analytics pipeline to what you are going to pass over to your ‘outside-of-proxy’ analytics package. This is presumably to get access to their reporting suite.

So, you’d have to make sure you’re giving them all the data required for that to actually function. Which is a massive question mark and we don’t think that would actually work with GA.

So, in essence, what the CNIL is proposing is you build your own analytics system. And then you pipe that into something to visualise it. So, a Power BI template or similar.

At this point in the webinar, Chris said:

speaking as someone who has been involved in the practicalities of analytics data collection for nearly a decade or so, that is an extremely complex and expensive process. And I’m not convinced that it is a practical option for the vast majority of us.

Option 2: Avoid US data transfer

The second and final option is to try and find an analytics package, if we want an alternative to GA4, that avoids US data transfer entirely.

And there are a few options for this:

As a team who have been fairly familiar with the analytics ecosystem for well over a decade, we’ve picked three tools which we think exemplify three different approaches to finding an analytics package.



Fathom is something that may be familiar.

It’s focused principally on privacy and it really has no cookie requirements whatsoever.

So, you do have the option, if you’re using Fathom, to have no cookie banner at all.

It has sophisticated EU and US routing which it does for the purposes of speed.

So, if the visitor is coming from the US, it will route it through the US. If visitors are coming from anywhere else, it will route it from a European based data centre (Germany). And it will remain in there and remain processed there.

Which is significantly different from how GA manages that.

However, there is a trade-off here. The insight is extremely limited and there’s no integration to help you understand what’s happening with the ads that you’re running. And support is limited, in comparison with the other packages that are available out there.

Piwik Pro

Piwik Pro

Piwik Pro is something that people with long memories may remember from the original pilot version, pre-Google Analytics.

Chris mentioned it’s a package he used pretty regularly before Urchin (which then got turned into GA). However, it has actually been forked. And Matomo is a fork of what is now Piwik Pro.

So, they’re both from the same back-end infrastructure. And they’ve had robust development, essentially over a couple of decades now.

Now a very quick summary on Piwik Pro. It has a:

  • rich feature set
  • huge variety of reporting
  • range of connectors
  • really well integrated privacy management panel which means you can actually manage all of your obligations under GDPR
  • tag manager (so it does address the tag management challenge)

So, you can go all in one shot with Piwik Pro. And even if you’re willing to fork out a bit more, it has CDP capabilities.

However, if you compare it to Matomo, the dependency on cookies for functionality with Piwik is very heavy.

So, we know that first party cookies will remain in use. But first party cookies without additional processing are very device siloed.

We know for example that 80 odd percent of journeys are multi-device. And so, these cookie dependencies make the actual accuracy of the data you’re looking at very poor.

So that richness is a trade-off. And when you then integrate that into AdTech, you also typically get bad results when it comes to attribution.



Matomo is an interesting one.

It’s very widely adopted with over a million sites using it.

It is robust and you have an ability to access increasing amounts of enterprise features and support – which are paid for features. And that can become quite expensive as a platform.

It’s ‘hit based’ only which means it’s not really trying to do anything clever with cookies. And so therefore, it’s focusing on the accurate data that it can provide to you.

However, as a result of that, it’s reporting is quite siloed.

Attribution is quite limited within analytics platforms

The options above are not the only analytics options in the market.

But what does come out as you review them is that attribution, as with all of the analytics platforms, is limited.

This is because it is only ‘hit level’ data that you are seeing. You’re getting no real view of a longer conversion path than the single device touchpoint – which might only have one or two interactions on it.

And, also when you do try and drill into the campaigns a little bit more (the image below is from a Matomo demo account and it doesn’t have huge volumes here), it’s quite light in terms of the information it’s bringing back.

The positive side of this though is – if you want to have complete confidence in your analytics platform and that hit level data – there is rich data available across the board in the platform.

And, as Chris explained, that’s really what you should be looking for in any analytics platform: one that gives you a bit of confidence about the validity and accuracy of your data.

However, marketing optimisation is really absent from pretty much all of the analytics platforms.

And that fundamentally comes down to the issue that cookie-based measurement systems aren’t going to provide you with good quality attribution.

The role for AI over cookies

When you have AI to stitch together multiple hit points, which means you don’t have to rely on cookies, you are able to see those longer conversion paths.

This provides you with significantly more meaningful data compared to what you are being told by your analytics package – from an attribution perspective.

So, you can begin to see the difference between what your channel partners are telling you (such as Facebook in the example below – in the teal colour) and what an AI-driven attribution platform tells you.

And with +95% accuracy, using AI instead of cookies, you get quite a different story.

Source: Corvidae

On one hand, Corvidae, the attribution tool that we’ve built, is entirely focused on marketing performance optimisation. Allowing you to get much better conversions and much more accurate ads in front of the right people.

And it is using AI to do that.

And then an analytics package like Piwik Pro (which Chris suggests is, from the tools discussed, the one which probably has the fullest feature set) would be effective for analytics use cases. Although, it’s important to remember that it does suffer from its reliance on cookies.

What does ad optimisation plus analytics look like?

Our strong advice is to start that consideration process for finding an analytics package that gives you what you need for analysis of your site and sales itemisation.

And then consider riding it alongside an attribution platform like Corvidae. One which uses AI to replace the cookie side of that measurement and allows you to do actual marketing optimisation.

As the legal side of the issues with GA fully shake out into the consciousness – and as legal cases across Europe begin to conclude – there will be decisions to be made. Especially for any company that is getting traffic from the likes of Italy, France and Austria and so on where that legal risk is relatively high.

The Complete Guide to Marketing Attribution

To find out more about the role of attribution in marketing optimisation, and why it’s so important, download a copy of our Complete Guide to Marketing Attribution.

The Complete Guide to Marketing Attribution

Identify wasted spend with our ROI calculator

Own your marketing data & simplify your tech stack.

Have you read?

See all articles