Google Analytics, GDPR, and user data privacy compliance

Last Updated on March 25, 2018 by Chris Christoff

On 25th of May 2018 the new General Data Protection Regulations (GDPR) will come into force. EU GDPR is the most important change regarding data privacy in over 20 years, causing all web data controllers and processors to re-consider how they manage, store, and transmit user data.

As many other web applications, Google Analytics is subject to these new regulations. Since Google Analytics Dashboard for WP (GADWP) is one of the most popular Google Analytics solutions for WordPress, in this documentation page we will try to guide you through some essential privacy features available on GADWP and some Google Analytics aspects. You may find these useful while preparing for GDPR compliance or other user privacy regulations. Please note that professional legal advice should always prevail any of the followings and that the information contained within this guide does not constitute and should not be taken as legal advice.

About EU General Data Protection Regulations (GDPR)

If you’re interested in specific details regarding GDPR or GDPR in general, we highly recommend visiting www.eugdpr.org. The FAQ section of the above mentioned website would be a pretty good starting point.

Things you should know about Google Analytics

According to Google Analytics terms of service (TOS), Analytics customers are prohibited from sending personal information to Google.

By default, the GADWP plugin doesn’t send this type of data to Google. If you customized the plugin or have extended its functionality to send any kind of personal information you should be aware that you are subject to account termination or data deletion. Personally identifiable information (PII) includes and is not limited to: names, social security numbers, email addresses, data that permanently identifies a particular device (such as a mobile phone’s unique device identifier if such an identifier cannot be reset), or similar data.

Regarding IP addresses (which can also be considered PII in certain circumstances), Google Analytics reports don’t include nor display such information.

You should also be aware that Google has now updated their Data Processing Amendment (DPA) to account for the General Data Processing Regulations (GDPR). To read and accept the DPA, follow these steps:

  • open analytics.google.com
  • click on the Admin button; the Admin button has a gear symbol and can be found at the bottom left of your screen
  • select Account Settings
  • at the bottom of the screen review and accept the amendment accordingly

Google Analytics Data Processing Amendment

In addition, you should know that Google Analytics provides a browser extension that will allow users to opt-out tracking across all websites. If you want to include this option in your privacy policy, here’s the link. Some of your users may find it useful.

Data Privacy features in Google Analytics Dashboard for WP

In the following paragraphs we’ll describe features that are available on GADWP and which are related to data privacy.

The IP anonymization feature

While Google Analytics is not revealing IP addresses on reports, this doesn’t mean the IPs are anonymized by default.

GADWP provides such a feature, which you should probably enable. In order to anonymize the user IP using GADWP follow these steps:

  • in your WordPress Administration area select Google Analytics from the left menu
  • click on the Tracking Code sub-menu
  • select Advanced Settings at the top of the screen
  • enable the anonymize IPs while tracking option

The Do Not Track (DNT) feature

Some browsers will send a Do Not Track header while the user navigates your website. If you would like to regard that as a user choice you can enable this feature on the plugin. If the feature is enabled on plugin’s settings and the user has DNT switched on, the plugin will stop sending data to Google Analytics. To enable DNT support on GADWP follow these steps:

  • in your WordPress Administration area select Google Analytics from the left menu
  • click on the Tracking Code sub-menu
  • select Advanced Settings at the top of the screen
  • enable the option called exclude tracking for users sending Do Not Track header

Please note that DNT is not an industry standard, so certain browsers may not have this feature available.

The User Opt-Out feature

The latest version of Google Analytics Dashboard for WP plugin provides full support for user opt-out. To use this feature follow the steps below:

  • in your WordPress Administration area select Google Analytics from the left menu
  • click on the Tracking Code sub-menu
  • select Advanced Settings at the top of the screen
  • enable the option called enable support for user opt-out

Once enabled, a special script will be inserted above the tracking code. Afterwards, to allow users to opt-out, you can create a link as:

<a href="javascript:gaOptout()">Click here to opt-out of Google Analytics</a>

The plugin also provides a dedicated shortcode. You can use this shortcode to generate an opt-out button or link. By clicking the generated button, users will be able to disable tracking with Google Analytics.

To create a user opt-out button simply add this shortcode where needed:

[gadwp_useroptout html_tag="button"]Google Analytics Opt-out[/gadwp_useroptout]

If you omit the html_tag or use html_tag=”a”, an opt-out link will be created instead.

Final Notes

While any idea and related feature suggestions are welcome, let’s not transform the comments in a GDPR or other regulation debate!