Impact of GDPR on Google Analytics and Google Tag Manager

Impact of GDPR on Google Analytics and Google Tag Manager

GDPR has taken the internet by storm and those endless emails spamming your inbox on data records and safekeeping are the proof. Ever since General Data Privacy Regulation (GDPR) came into effect on May 25th, 2018, most Internet services are still struggling to get in the GDPR compliance with the new standards and Google is no exception here.

Why should you care about GDPR?

For those of you who are new to this term, let me explain what GDPR is and why should it concern you. General Data Protection Regulation is a European data privacy regulation that puts the user in control. Users have to explicitly give permission to the website before any cookies are set on the website or any type of data is collected from them.

GDPR is considered to be one of the most significant changes in data protection in the past 20 years. There is no processing of sensitive personal data allowed without a user’s explicit consent. It has brought some major strict requirements on data handling procedures, transparency, documentation and user consent. As explicit consent of the user is required, pre-checked boxes or no action at all cannot be considered as consent.

GDPR is considered a vital step towards protecting the fundamental rights of privacy of the users. It provides the users with the right of data portability, the right to data access, and the right to be forgotten. GDPR not just provides the user with user consent but also asks the website to save the same as evidence for any future reference needed. Even in the case of loss of data or breach of data, the policy affirms there is an immediate notification sent to data protection authorities as well as the users.

If the rules of GDPR are not compiled by your organization, a penalty of 20 million or 4% of worldwide revenue is applicable.

Now that was about GDPR and how it affects all websites. Google too has constantly been updating its policies to match up to the rules of GDPR. If you are familiar with tools like Google Analytics and Google Tag Managers you would know that both these are managed by Google and are third-party services. Hence, both these face some effects by the impact of GDPR policies.

Making sure Google Analytics and Google Tag Manager is in compliance with GDPR

Google Analytics is a tool that allows you to get real-time insights into how a website is being used, when and by whom. It works by means of a tracking code that is added to pages of your website. Each user is given a unique ID so as to recognize them when they return to the website.

Google Tag Manager is another tool that allows placing pixels that can drop third-party cookies which allows to track the performance of promoted posts or double click conversion tags.

The functions of both tools are against GDPR rules as it states that prior consent of the visitor needs to be taken before assigning cookies that track them or collect their data. The following steps can be taken to make sure you are using both the tools as per GDPR terms:

Auditing Data

Auditing all the data collected is a good step to start as no personal information should be shared or transmitted without the consent and knowledge of the user. Filtering out personal data is not enough, it needs to be made sure that no data is sent to Google analytics in the first place.

Anonymizing your IP

IP Anonymizing is important as IP address may not be shared but Google uses them to get geolocation data. You can turn on the IP Anonymization feature of Google Analytics that will slightly reduce the geographic reporting accuracy.

In Google Tag Manager, the tag or Google Analytics settings can be adjusted in settings. Go to fields to set and add a new field named ‘anonymizelp’ and make its value true. This will serve the same purpose of IP anonymization.

This option once implemented will make the end portion of your IP zero, thus preventing Google from tracking your location.

Pseudonymous Identifiers

User Id, email address and transaction IDs are the most common pseudonymous identifiers used by Google Analytics. These are used to identify users and enhance privacy. These are mostly alphanumeric database identifier.

Transparency and Updating of Privacy Policies

The data processing on the website should be clearly stated in the privacy policy of your website. Clear instructions need to be given to the users for opting in and out of data being collected in plain and simple language. The privacy policies must always be specific and up to date for both Google Analytics and Google Tag Manager.

Thus we have discussed the impact of GDPR on Google Analytics and Google Tag manager and how to make it compliant with the same. Hope this article will help you properly maintain your website as per the GDPR laws.