Skip to main content

The Secret Life of the User ID: What It Is, Why It Matters, and When You Can’t Use It

· 5 min read
Pacing Agency
Pacing Agency
Digital Marketing Agency

If you're not using User IDs, do you really know what your website users are doing? Prob not

The Secret Life of the User ID: What It Is, Why It Matters, and When You Can’t Use It

Do you really know what your website users are doing? Many organisations think they're tracking everything, but often they're not.

They have Google Analytics, Meta Pixel, cookies, and consent banners all set up. However, when we take a look, we often find that half their sign-ups have no source and their ad clicks aren't turning into sessions. Their data resembles a Jackson Pollock painting; messy.

That’s when we ask, “Do you use a User ID?”

Cue the blank stares.

What is a User ID?

Think of the User ID as a discreet name tag for each visitor. It's a unique, anonymous code allowing you to see their activity on your site, and when they return.

It's not their name, email, or phone number, just a string of characters like a9f67x12. This tells you, "Hey, this is the same browser as before."

That little ID is the backbone of proper analytics, helping you connect the dots between different actions that would otherwise look like disconnected visits.

When a visitor accepts cookies, your analytics setup can create and store a User ID. From there, you can:

  • Track their journey: See how they move through your site. Perhaps they land on your blog, click on your “Sign Up” page, and then revisit two days later to sign up.
  • Attribute actions properly: Know that the Facebook ad they clicked last week did lead to a sign up today.
  • Understand behaviour: How many pages do people visit before converting? Which journeys lead to drop-offs? Our clients love this.

In other words, it connects the story. Without it, you just get isolated blips of traffic with no context.

Real User Journey Example

Here’s what that looks like in real life:

Day 1: Someone clicks your Google Ad. They scroll, watch a video, but don’t sign up. Day 3: Same person comes back via a Facebook retargeting ad, reads your About page, but still doesn’t convert. Day 5: They return directly, fill in your contact form, and book an appointment.

Without a User ID, that’s three random visits from “different” people. With it, you see one person, three visits, one conversion.

That’s pretty powerful.

When You Can’t Use It (and Why GDPR Cares)

Here’s the tricky part; GDPR doesn’t care that it’s “anonymous” to you. The law treats a User ID as personal data because it’s an “online identifier” potentially identifying someone if combined with other data.

That means you can’t just use it however you like.

If a user rejects cookies, you can’t use that User ID for analytics or marketing. You can still create one for legitimate interests, but the purpose must be strictly functional, for things like:

  • Preventing fraud or spam submissions
  • Deduplicating form entries
  • Maintaining site security

You cannot later say, “Oh, we’ll just link that same ID to their form submission data now that they’ve consented.”

No. GDPR’s purpose limitation rule means you can’t use data collected for one reason (security) for a completely different one (analytics).

If you want to track behaviour for marketing or analytics, you need clear consent at the point of tracking.

How You Apply It (Practically)

  1. Set up your consent management: Use something like Termly or CookieYes to ensure the User ID only fires when a visitor says “yes” to cookies.
  2. Generate the ID: Only when consent is given (or under legitimate interest for functional use).
  3. Store data separately: Keep User ID tracking data (for analytics) separate from personal data like names or emails.
  4. Don’t mix purposes: If a User ID was created for security, don’t use it for marketing later.

That’s your GDPR-safe zone.

When the User ID Doesn’t Work

Even with a perfect setup, there are blind spots.

  • Different devices: If someone visits on their phone and later on their laptop, those are two different IDs unless they log in or identify themselves.
  • Cookie deletion: If they clear cookies or use incognito mode, poof, new ID.
  • Rejected cookies: No analytics tracking. You can’t follow that journey beyond the functional basics.

And that’s fine. It’s about doing it right, not doing it creepily.

Why It’s Worth It Anyway

When it works, a User ID gives you the clearest possible view of how people interact with your site.

It bridges the gap between “ad clicks” and “real-world actions”. It helps you understand intent, not just numbers.

It does this in a privacy-first and compliant way.

The truth is, you don’t need to track everyone.

You just need to track honestly.

Because accurate, ethical data beats more data every single time.

TL;DR:

  • The User ID connects user journeys across sessions.
  • It’s personal data under GDPR, so you need consent for analytics use.
  • You can still use it for legitimate interests like security or form deduplication, but never for marketing without consent.
  • It breaks on new devices, cookie deletion or cookie rejection.
  • Done right, it’s the key to understanding your users without crossing the line.

If you don't have User IDs and want to have User IDs, give us a shout, we can help.