Protect Your Brand from Tag Piggybacking Risks

April 3, 2017 | by Mike Hagerty, Regional Manager of Solutions Consulting, Ensighten
What is Tag Piggybacking?

Tag Basics

Tags are the technical mechanism for collecting data from a digital property, typically requiring that a small snippet of code be placed on the website/app . Tags serve a variety of purposes such as collecting data from web browsers, setting cookies, extending audiences between multiple websites, incorporating 3rd party technologies into a website, etc. Data that is collected from these tags power marketing campaigns, personalization, advertising, web analytics systems and a host of other important marketing responsibilities.

This data can either be passed to a server owned and managed by the current website owner or to another company entirely. Tags themselves can them be categorized in two ways: first-party tags which collect data on the same domain, and third-party tags which collect data on a third-party domain, giving them insights into your internet browsing behavior across multiple web properties. For example, when visiting XYZ.com a tag passing information to “data.XYZ.com” would be considered first-party while a tag from “data.ABC.com” would be third-party because the top level domain, “ABC.com”, is different.

What is Tag Piggybacking?

The most basic definition of tag piggy-backing, also referred to as daisy-chaining or chaining, is when one tag invokes another tag. Piggybacking can add dozens or hundreds of additional tags and introduce services that the digital property owner may not be aware of. This is often encountered when a container-like tag (ex: DoubleClick Floodlight) is placed on a site for marketing purposes, and then overloaded with tag calls for additional vendors.  In the following example, we can see an AppNexus tag piggybacking off a standard DoubleClick Floodlight tag:

Tag Piggybacking Example

In the following extreme example, we can see piggybacking resulting in multiple tag-to-tag instantiations:

Multi-level Tag Piggybacking Example

Without constant monitoring/auditing, this type of multi-level tag handoff is extremely difficult to manage. Ensighten completed a recent industry audit of almost 1500 digital properties and on average there were 49 piggybacked tags, with the worst offender having 144! When a tag is invoked via piggybacking, you don’t have visibility or control over what information it receives, but you may be legally responsible for it.

Risks, Limitations and Issues Related to Piggybacking

There are several items to be aware of when dealing with piggybacked tags:

  • Data leakage – Your valuable customer data (including PII) can be passed to a piggybacked tag without your knowledge or consent. If the data in question is available in-session, it can typically be captured via tags.
  • Poor website performance and data loss due to tag loading issues – Every tag that loads has an impact on your site performance. Slow loading tags at the top of your page can block the page from loading, decrease time to interactivity or impact data collection.
  • Malicious code installation – Malicious code can be installed on your site or on your customer’s device via tag piggybacking, granting access to any personal information users give you.
  • Inability to comply with privacy regulations When a piggybacked tag fires, you don’t have visibility over what information it receives, which immediately puts you out of compliance with global privacy regulations like the EU’s GDPR.
  • Breaks in security/SSL – A tag that violates your website security will throw a glaring warning to your end-users and potentially break checkout flows and impact revenue.

Next Steps: Protect Your Brand

For the best approach to protecting your brand, we recommend using a real time blocking tool that allows the brand to protect against unauthorized data collection across all tags (even tags deployed outside of a TMS). One of the best options on the market for complete protection is our own Ensighten Privacy. It includes complete control, insight and risk assessment into your tags and what we consider to be key areas:

  • How many unique tags are on your website?
  • How many of those tags are loaded via tag piggybacking?
  • How many of those tags are sharing your customer’s data and violating brand privacy and security policies?
  • Blocking of all tags with one line of code
  • Monitoring real user interaction to catalogue data collection points
  • Notification when even a single user sees a new data collection point

If you’d like to learn more about tag piggybacking, how Ensighten can help protect your brand, or how Ensighten can make your global digital properties compliant with the EU GDPR, contact us today.

(Visited 6,235 times, 2 visits today)
Mike Hagerty

About Mike Hagerty

Mike has been deeply involved in the digital analytics industry before it was called the "digital analytics industry" (i.e. when tags didn’t exist and web logs were king).  He has a breadth of experience in the digital marketing ecosystem across all verticals, and ...

Read more about Mike Hagerty »

Data Governance & Protection

Use our patented solution to stop unauthorized website trackers from firing, assess privacy risk and easily comply with GDPR website mandates.

Related Posts

Schedule demo

Time to update your browser.

For the best experience of the ensighten.com website, please download one of these free, up-to-date browsers.

Choose from one of the following browsers: