Are you the kind of person that wonders ‘How many visited yesterday?’ instead of ‘Who visited yesterday?’ Keep reading. I’ll show you how to configure Google Analytics in compliance with the GDPR — and as a bonus, help you get rid of that cookie notice.
Recently I set up a cookie notice on my site, because I was under the impression that was necessary to comply with the new GDPR laws. So, after I published an update to CAOS and wrote a how-to for my users on how to use CAOS’ new Settings I found out that none of it was actually necessary. Because, basically, you only need to ask for permission if you want to re-use your visitors’ data (e.g. remarketing).
Table of Contents
- Configuring Google Analytics to be Privacy Friendly
- Configuring your Google Analytics tracking code to comply with the GDPR
- Conclusion
Configuring Google Analytics to be Privacy Friendly
If you use Google Analytics, technically you’re processing data of your visitors. The GDPR is all about asking permission to your visitors — prior consent. If you don’t (or don’t want to) ask for permission, these 6 steps will help you to configure Google Analytics to handle your visitors’ privacy responsibly so you can remove that Cookie Notice.
Disclaimer: all information in this post is translated or derived from guides provided by the Dutch Personal Authority. I can give you no guarantee that following these steps will make you compliant with the version of the GDPR where your business is located, although I’m pretty sure that these laws are practically the same in the entire European Economic Space (EES).
1. Accept the Data Processing Amendment
Wow… That sounds fancy, right? It basically means that you have to agree to the fact that Google will act as the processor of all your visitor’s personal data.
Here’s how you do it. Make sure you’re logged in to your Google Analytics-dashboard, and:
- Click ‘Admin‘.
- Click ‘Account Settings‘.
- Scroll down to a header, called ‘Data Processing Amendment‘.
- Click on ‘Updated Amendment‘. If you’ve already agreed to it, it’ll show ‘Review Amendment‘.
- In the pop-up, click ‘Done‘ and after the pop-up’s closed, click ‘Save‘.
2. Disable Data Sharing
By default, using Google Analytics means that you agree with Google using the data you provide for its own marketing and technical purposes. This includes benchmarking and improvement of Google’s services. To fully comply, you need to disable these settings:
- Click ‘Admin‘.
- Click ‘Account Settings‘.
- Scroll down to ‘Data Sharing Settings‘ and remove all checkboxes.
- Click ‘Save‘.
Sadly this doesn’t mean that Google will immediately remove all visitors’ data you’ve already sent. But at this point, they aren’t allowed to use it anymore — for technical and marketing purposes that is.
3. Disable Data Collection for Advertising Features
You told ’em once. Now tell ’em twice! You told Google to stop using your visitors’ data. But technically you only told them to stop using it for in-house purposes.
Apparently there’s a technical difference between using data and processing data. Using data for technical improvement, benchmarking or e.g. access by an accountancy team is different from processing data for advertising features.
In order to completely disable the usage of your visitors’ data and respect their privacy, you need to do the following:
- Click ‘Admin‘.
- In the middle column, underneath ‘Property‘, select ‘Tracking Info‘ and ‘Data Collection‘.
- If you’re using Adsense or Adwords, the two visible options will be enabled by default. Disable them.
- Click ‘Save‘.
4. Make sure the User-ID feature is disabled
The User-ID feature lets you associate engagement data from different devices and multiple sessions, so you can discover how users interact with your content over an extended period of time. Luckily, it can easily be disabled.
- Click ‘Admin‘.
- In the middle column, underneath ‘Property‘, select ‘Tracking Info‘ and go to ‘User-ID‘.
- If the toggle at the end of the page is turned off, you’re done. If not, disable it and click ‘Save‘.
After you’ve followed all of the above steps you’ve done everything you can to protect your visitors’ private data. It also means that you can almost remove that stupid Cookie Notice from your blog. Google Analytics will from now on respect your visitors privacy. You’ve used all options available in the Dashboard to protect your users’ data. But you’re not done yet. To fully comply to the GDPR you need to make some adjustments in your Analytics tracking-snippet.
Great job, Daan, thanks for the work! I am a treehunter myself 🙂
Only the link to your opt-out article seems broken.
Regards, Tez
Hi Tez, Thanks! It’s always good to meet a fellow treehunter!
Thanks for the heads up! I just realized I pulled this article back, because the information in it needed to be refreshed.
You’ve written and link to the how to add a snippet for users to opt out but you’ve removed the link. Can you link me here to that article part in adding the option to opt out?
Hi Randy,
I temporarily removed that link, because I am in the middle of rewriting that article. After publishing it I figured out new, and easier ways to implement an opt-out option. Because I also updated CAOS a lot in the meantime, it’s in need of serious revision. As soon as I re-published it, I’ll let you know.
Hi, does anyone know if this information is still up to date?
thanks in advance!
Hi Lorenz,
Yes, as far as I know it’s still up-to-date!
But, laws might differ per country. The rule of thumb is: as long as Google Analytics doesn’t track/save any information that can identify an individual, you don’t have to show a cookie notice.
Hi Daan. Can Google still access my analytics data for its own purposes if I disable the remarketing and data sharing options?
If you use the disable display features option in CAOS: No, because the data isn’t sent to Google at all. If you disable it from your Google Analytics dashboard: I’m not sure, as you’re still sending the data to Google, they’re just not processing it. But you never know what they’ll do with in the background.
Hello Daan,
I just installed CAOS on client site, if all goes well I will generalize on all my clients’ sites, great job.
I will focus on the French translation.
cordially
I don’t speak English and I use the Google translator, excuse the level of English 🙂