How to configure Google Analytics in Compliance with the GDPR
Are you the kind of person that wonders ‘How many visited yesterday?’ instead of ‘Who visited yesterday?’ Keep reading. I’ll show you how to configure Google Analytics in compliance with the GDPR — and as a bonus, help you get rid of that cookie notice.
Recently I set up a cookie notice on my site, because I was under the impression that was necessary to comply with the new GDPR laws. So, after I published an update to CAOS and wrote a how-to for my users on how to use CAOS’ new Settings I found out that none of it was actually necessary. Because, basically, you only need to ask for permission if you want to re-use your visitors’ data (e.g. remarketing).
Table of Contents
Configuring Google Analytics to be Privacy Friendly
If you use Google Analytics, technically you’re processing data of your visitors. The GDPR is all about asking permission to your visitors — prior consent. If you don’t (or don’t want to) ask for permission, these 6 steps will help you to configure Google Analytics to handle your visitors’ privacy responsibly so you can remove that Cookie Notice.
Disclaimer: all information in this post is translated or derived from guides provided by the Dutch Personal Authority. I can give you no guarantee that following these steps will make you compliant with the version of the GDPR where your business is located, although I’m pretty sure that these laws are practically the same in the entire European Economic Space (EES).
1. Accept the Data Processing Amendment
Wow… That sounds fancy, right? It basically means that you have to agree to the fact that Google will act as the processor of all your visitor’s personal data.
Here’s how you do it. Make sure you’re logged in to your Google Analytics-dashboard, and:
- Click ‘Admin‘.
- Click ‘Account Settings‘.
- Scroll down to a header, called ‘Data Processing Amendment‘.
- Click on ‘Updated Amendment‘. If you’ve already agreed to it, it’ll show ‘Review Amendment‘.
- In the pop-up, click ‘Done‘ and after the pop-up’s closed, click ‘Save‘.
2. Disable Data Sharing
By default, using Google Analytics means that you agree with Google using the data you provide for its own marketing and technical purposes. This includes benchmarking and improvement of Google’s services. To fully comply, you need to disable these settings:
- Click ‘Admin‘.
- Click ‘Account Settings‘.
- Scroll down to ‘Data Sharing Settings‘ and remove all checkboxes.
- Click ‘Save‘.
Sadly this doesn’t mean that Google will immediately remove all visitors’ data you’ve already sent. But at this point, they aren’t allowed to use it anymore — for technical and marketing purposes that is.
3. Disable Data Collection for Advertising Features
You told ’em once. Now tell ’em twice! You told Google to stop using your visitors’ data. But technically you only told them to stop using it for in-house purposes.
Apparently there’s a technical difference between using data and processing data. Using data for technical improvement, benchmarking or e.g. access by an accountancy team is different from processing data for advertising features.
In order to completely disable the usage of your visitors’ data and respect their privacy, you need to do the following:
- Click ‘Admin‘.
- In the middle column, underneath ‘Property‘, select ‘Tracking Info‘ and ‘Data Collection‘.
- If you’re using Adsense or Adwords, the two visible options will be enabled by default. Disable them.
- Click ‘Save‘.
4. Make sure the User-ID feature is disabled
The User-ID feature lets you associate engagement data from different devices and multiple sessions, so you can discover how users interact with your content over an extended period of time. Luckily, it can easily be disabled.
- Click ‘Admin‘.
- In the middle column, underneath ‘Property‘, select ‘Tracking Info‘ and go to ‘User-ID‘.
- If the toggle at the end of the page is turned off, you’re done. If not, disable it and click ‘Save‘.
After you’ve followed all of the above steps you’ve done everything you can to protect your visitors’ private data. It also means that you can almost remove that stupid Cookie Notice from your blog. Google Analytics will from now on respect your visitors privacy. You’ve used all options available in the Dashboard to protect your users’ data. But you’re not done yet. To fully comply to the GDPR you need to make some adjustments in your Analytics tracking-snippet.
Hi, do you know how people are getting around the ‘essential cookies’ default and not being able to use Google Analytics? Is there some sort of plugin to get around this limitation?
Hello,
according to the new (april 2nd 2021) CNIL post and my understanding, users should have the choice to refuse cookies, period, cookiewall might be not forbidden.
Links:
French: https://www.cnil.fr/fr/nouvelles-regles-cookies-et-autres-traceurs-bilan-accompagnement-cnil-actions-a-venir
Translated by Google: https://translate.google.com/translate?hl=en&sl=fr&tl=en&u=https%3A%2F%2Fwww.cnil.fr%2Ffr%2Fnouvelles-regles-cookies-et-autres-traceurs-bilan-accompagnement-cnil-actions-a-venir
Any answer appreciated
Thank you for bringing order to this cookie and analytics choas.
Or in other words: Thanks for bringing caos to chaos?
That’s what I do! I try to bring order in the chaos, by bringing CAOS to the chaos!
Makes sense? I think it does… :/