What You Need to Know About Google Analytics and Privacy

It’s Privacy Awareness Week which means it’s the perfect time to review how to protect people’s privacy when you’re collecting data about their behaviour on your website, mobile apps etc. We’ll start by having a look at the steps Google takes to help ensure people’s data is kept secure and private and then we’ll run through a quick checklist you can follow to give your Google Analytics privacy a health check!

Cookies and staying anonymous

When someone visits your website or mobile apps, the Google Analytics tracking code automatically uses anonymous identifiers to collect data using browser cookies. This means if you’re using the standard Google Analytics tracking code (or Google Tag Manager) you’re already keeping people’s personal details private. However, there are ways to collect personal information and IDs in Google Analytics – so you need to consider how you are going to keep people’s information safe.

The Google Analytics terms of service

The first way Google protects people is with the Google Analytics terms of service. These state you can’t collect personally identifiable information (PII) into the tool. So what is PII anyway? Well, it’s really anything that’s readable within your reports that could be used to identify a particular person. Tracking email addresses into your reports, for example, would mean that you could see details about individuals within your reports easily.

One way to think of this is to ask yourself, “If someone from outside my company logged into Google Analytics, would they be able to identify people by looking in the reports?” If you answer “Yes,” that is, if you’re collecting names, addresses or emails into your reports, then it’s time to get serious about privacy and “Yes,” you’d also be in breach of Google’s terms of service.

What’s okay to track when it comes to personal information?

The things you can track with Google Analytics are transaction IDs and user IDs, which still need to be anonymous within Google Analytics but can be tied to people’s personal information outside of Google Analytics. For example, you can capture a unique ID like 543876321 into your Google Analytics reports and then export their data and make use of it in another tool or platform, for example inside your CRM, BI tools and other databases.

How is Google Analytics data kept private?

Google takes privacy and security seriously. They have controls and procedures to ensure that your Google Analytics data isn’t accessed by the wrong people (keep reading – we’re going to talk about the importance of passwords). Google also controls which of their employees can access your Google Analytics data – you even have control over this within your Google Analytics account.

Heading to your ‘Account Settings’ within the administration area of your Google Analytics account allows you to choose how your data is shared. For example, in order to get technical support for your account, you need to enable the ‘Technical Support’ option. You can even choose to enable this temporarily to get support and then disable it once the issue has been fixed.

What else is Google doing to keep data private?

Since late April 2016, Google Analytics now securely sends all data from your website to Google’s servers. This means that when someone accesses a non-secure page on your website, the data being collected will be transmitted using encryption. This makes it harder for people to intercept the data that’s being collected.

Aside from Google Analytics, Google is also putting a focus on getting people to secure their websites (moving from http to https). Google has said this is a potential ranking signal for search results but apart from organic optimisation, it also helps keep people’s information secure as they use your website. For example, when people complete a form or purchase a product, a secure website means their details can’t be hijacked along the way.

What can you do to increase the privacy of data being collected?

You can enable IP masking which increases the privacy of your users by removing the last number in each person’s IP address. Although you don’t see IP addresses within Google Analytics, this means that people’s details within the geographic reports will be less accurate and therefore more private.

You should aim to regularly review who has access to your Google Analytics account. It can be very common, especially in larger organisations to have lots of people with access to Google Analytics, so ensuring you regularly review who is granted access is important. You are likely to find that people who have left your organisation might still have access to your reports. One way to help streamline this process, is to use Google Apps for Work login details with Google Analytics. This ensures that when someone leaves, their login details are suspended in one place without you having to immediately remove their access to Google Analytics.

It’s pretty obvious but well worth reminding your users that the security of your Google Analytics data is only as good as your password. So commit to using a password manager (such as 1Password) and ensure you have a suitably secure combination to keep unwanted people out of your account. You can also take your security up a level by moving to two step authentication with your Google account.

Your website must have a privacy policy (it’s actually required by the terms of service to use Google Analytics, and in general by privacy commissions in many countries). It’s a privacy issue and a trust and confidence issue. Make sure it’s easy to read in terms of typeface and formatting and easy to understand in terms of what it means for users. Use plain English, there are plenty of examples online.

Your privacy policy should clearly state how people’s data is being collected and what it’s used for. It’s worth checking that your privacy policy (and other data privacy steps) meet any applicable local laws as this can vary dramatically depending on where your company is located. If you’re using advertising features, like remarketing or even the demographic reports in Google Analytics, then these details will also need to be included in your privacy policy.

You should let people know how they can opt-out of being tracked using the available browser plugins and in some cases (like in the EU) you should also give people the option to opt-out by providing a site-wide notification to your users.

Want these Google Analytics privacy checks in a handy PDF? Then grab the handy privacy checklist: