5 Easy Steps on How to Make Your Google Analytics GPDR & CCPA Compliant
How to Make Your Google Analytics GPDR & CCPA Compliant

Google Analytics (“GA”) is one of the most popular tools utilized by websites to obtain information regarding their site traffic. If you’re using GA, you should be aware of the data privacy requirements related to using this tool, and how you can set up your GA to avoid expensive GDPR and CCPA violations. In this post we will explain (with relevant screenshots) how to set this up in your Google Analytics account.

 

Using Cookies

As a general rule, if you have only necessary cookies and GA running on your site, you are not collecting the kind of personal information that requires consent (either explicit or implied) to collect, but you need to configure your GA in a specific way to comply with GDPR and CCPA. If you are running non-essential (e.g. advertising, performance or targeting) cookies, then you should be using a cookie consent management platform to ensure compliance.

 

When setting up GA, you will be asked if your GA setup in Google is in accordance with GDPR requirements for usage without consent, meaning you are not using any non-essential cookies. If so, GA will be configured with anonymized IP addresses. If you’re using non-essential cookies (e.g. plugins for Facebook, DoubleClick, YouTube, etc.), then the instructions below will not provide you with a compliant experience, and we suggest that you contact Clym for assistance.

 

Step 1 – Data Processing Terms

First, you have to sign GA’s Data Processing Agreement (“DPA”), which can be found in GA’s Account Settings. Once you’re in the DPA, you can click on “Review Amendment”. After reading the amendment, click “Done”.

 

Google Analytics Data Processing Amendment for GDPR
Google Analytics Data Processing Amendment for GDPR

Step 2 – Turn off data sharing

Turn off data sharing with Google. This is done by unchecking the Data Sharing Settings under Account Settings.

Google Analytics Data Sharing Settings to be compliant with the GDPR regulation.
Google Analytics Data Sharing Settings

Step 3 – Anonymize IP

IP addresses are considered personal information by most data privacy regulations, including GDPR and CCPA, so if you are taking this approach you must restrict Google’s access to process the entire IP address, which is referred to “Anonymize IP”. By adding an extra piece of code to your GA tracking code, the last part of the website visitor’s IP address will be deleted.

How to Anonymize IP Address in Google Analytics to be complaint with GDPR and CCPA?
How to Anonymize IP Address in Google Analytics?

 

When you are working with Google Tag Manager (“GTM”) you can also make some adjustments to get anonymized IP addresses. To do this, log on to GTM. Make a new variable with the type Settings of Google Analytics. Add a new field and fill in “anonymizeIp” with the value ‘true”.

 

Step 4 – Check if user ID function has been disabled

Check if the user ID feature is disabled. The ID feature allows you to link a website visitor’s behavior over different devices and multiple sessions, which is not allowed without obtaining consent. If you’re taking this approach, you must disable this feature in GA’s Property Settings, Tracking info, and then User ID.

How to disable User-ID in Google Analytics to be compliant with GDPR and CCPA?
How to disable User-ID in Google Analytics?

Step 5 – Disable sharing data for ad purposes

Disable data sharing with Google for advertising purposes. To do this, you should uncheck the options in Data collection under Tracking Info, which can be found in the property settings.

How to disable Data Collection for Advertising purposes in Google Analytics for GDPR and CCPA?
How to disable Data Collection for Advertising purposes in Google Analytics?

 

Key Takeaways

The instructions above provide a way to side step GDPR and CCPA compliance by not collecting personal information, however this can hurt your marketing team’s efforts by being overly restrictive, which can hurt your company’s bottom line. Clym can help! Our cost-effective, audit-ready platform provides you with an easy way to get your website compliant with GDPR, CCPA and other global data privacy laws. If you’d like to learn more, please book a demo or contact us to discuss.