3 Red Flags That Your Analytics Agency Might Be Doing More Harm Than Good

If you’ve outsourced your analytics setup to an agency or consultant, you likely expect a robust, compliant, and goal-driven implementation. But in practice, we’ve seen many examples where tracking strategies not only fail to deliver value — they actively put businesses at risk.

This article outlines three real-world scenarios (anonymised for confidentiality) that illustrate serious red flags you should look out for when reviewing your tracking setup or evaluating agency recommendations.

🚩 Red Flag 1: Analytics Agency Wanted to use GA4 E-commerce Events for Navigation and Forms

Scenario: An agency recommended using GA4 e-commerce events like add_to_cart, begin_checkout, and purchase to track routine website interactions — specifically:

• Clicks on navigation bar items (e.g., “Contact”, “Services”, “About Us”)

• Form submissions (e.g., general enquiries, contact forms, newsletter sign-ups)

  
  

These were logged as if they were transactional events in a checkout flow — despite having nothing to do with products or revenue.

Why it’s a problem:

1. E-commerce events have a specific structure and purpose — they’re designed to reflect commercial behaviour within a purchasing journey (product views, cart updates, checkouts, and actual purchases).

2. Using them elsewhere distorts reports — GA4’s monetisation reports will show inflated funnel activity, false conversion counts, and meaningless revenue figures.

3. Marketing platforms will optimise toward the wrong signals — if Google Ads or Meta think a form submission is a “purchase”, they’ll waste budget targeting the wrong audience types.

4. It pollutes your dataLayer and complicates QA — using complex schemas like purchase for basic interactions creates unnecessary risk and technical overhead.

5. It breaks trust in the data — internal stakeholders will quickly question inflated numbers and disengage from the analytics altogether.

   
   

A real-world consequence: We’ve seen cases where reporting claimed dozens of purchases per day — when in reality, they were just contact form submissions misclassified as conversions.

Better approach: Use GA4’s standard or custom events for non-commerce actions:

• generate_lead for form submissions

• select_content for nav clicks or CTA interactions

• Custom events like contact_form_submit if you need more specificity

These are clean, efficient, and correctly interpreted in GA4’s reporting models — without damaging the integrity of your e-commerce data.

🚩 Red Flag 2: Agency Suggested Capturing and Sending User Email Addresses to GA4

Scenario: A proposal was made to collect users’ email addresses from web forms and pass that data into the dataLayer — then send it to GA4 for tracking or audience building.

Why it’s a problem:

• Google’s terms explicitly prohibit sending personally identifiable information (PII) like emails to GA4.

• This practice violates UK GDPR and PECR if done without explicit consent and valid legal basis.

• Such data, if leaked or misused, creates serious regulatory and reputational exposure.

• Even if captured only in the dataLayer, the risk of accidental transmission (via GTM or other tools) is high.

Better approach: PII must never be sent to analytics platforms. Email addresses should only be handled within secure backend systems or platforms designed for identity resolution — and always under clear, explicit user consent.

🚩 Red Flag 3: Agency Pushed For Sending Analytics Pings After Consent Is Rejected

Scenario: An agency suggested firing lightweight, "cookieless" pings to analytics tools even if a user declined tracking in the cookie consent banner — under the logic that “we’re not setting cookies, so it’s fine.”

Why it’s a problem:

• The UK ICO (Information Commissioner’s Office) has stated clearly: analytics tracking of any kind requires consent, unless there is a valid legal basis (e.g. contractual or legal necessity).

• Whether or not cookies are set is irrelevant. If data is sent to a platform for behaviour monitoring, consent is needed.

• Doing this undermines the trust your users place in your consent banner and privacy notice.

• If discovered, it could lead to investigations, fines, or long-term damage to your brand’s credibility.

Better approach: If a user rejects consent, no tracking requests — even “cookieless” ones — should be sent to analytics platforms. End of story.

🔍 The Common Thread

Each of these red flags points to a deeper issue that businesses often miss:

• Advice that prioritises data volume over data quality

• Lack of understanding of privacy law and platform policy

• Junior-level execution wrapped in impressive job titles

• A focus on “what we can do” rather than “what we should do”

What You Should Expect from a Quality Analytics Partner

• Tailored tracking plans that match your funnel and goals

• Lean, meaningful event design — not dashboard bloat

• A privacy-first mindset rooted in actual law, not marketing spin

• Clear documentation of every signal, trigger, and purpose

• Willingness to push back when something feels legally or technically risky

  
  
  
  

Ask Yourself:

• Do I know what events are firing on my site — and why?

• Am I tracking anything after users decline consent?

• Is my analytics platform receiving email addresses or other PII?

• Could I defend my setup if asked by a regulator?

If you can’t confidently answer all four, you’re not alone. But it may be time for a second opinion.

Why Work with Metric Owl?

At Metric Owl, we specialise in building clean, compliant, and purposeful analytics setups for businesses who care about doing things right.

• We never send PII to analytics tools

• We honour consent fully — no grey areas

• We align tracking design with your real goals

• We bring senior-level expertise, not junior-level templates

• We’ll audit what you have, clean up what you don’t need, and make sure your data is safe, fast, and useful

Not Sure If Your Setup Is Safe?

We’ll review your GA4 or tag manager setup and flag anything that puts you at legal or performance risk. No pitch. Just clarity.

⚖️ Disclaimer:

This article is based on general industry experience and is provided for educational purposes only. It does not name or refer to any specific company or individual, and it does not constitute legal advice. For compliance questions relating to your own analytics setup, consult a qualified legal professional.