My real point is, if you use a service to provide your own service, you give them your blessing to do whatever they want with your brand. This includes facebook and their tracking scripts.
Thus we need to audit what our service providers are doing and limit their impact once we've completed the evaluation, making sure they don't alter the deal later.
Also tracking ad conversions is as simple as using a unique parameter per campaign, when buying the add. Just append `?campaign=facebook_campaign-name_202202` to your link and that's enough to measure the ads effectiveness. No need to attach unique ID's to users, sessions etc... Aggregates keep the users anonymous and give you enough actionable insight.
As for your second point, yes, that is precisely what I referred to in my original post - that we could deal with the end of IDFA / that we just want to make sure ads are effective - SKAN which provides aggregated statistics is mostly ok for us.
While I agree, that a full audit would be difficult for smaller operations, it took me 2-5 minutes to do a quick check on what is being stored client-side and to come to a logical conclusion if individual users are being tracked or not.
It's a decision, one that you can (probably) make. For me, in the EU, it's no longer a choice and I personally think regulation(GDPR) was needed because, without it, no one took user-privacy seriously.
> As for your second point, yes, that is precisely what I referred to in my original post - that we could deal with the end of IDFA / that we just want to make sure ads are effective - SKAN which provides aggregated statistics is mostly ok for us.
GDPR would also apply here. If there's an option to process less data and achieve a similar result, one should use that option and using a more invasive method(identifying individuals) for tracking would be illegal. It's called "the data minimisation principle"
