Google analytics cookies the gdpr

![rw-book-cover](https://www.cookiebot.com/en/wp-content/uploads/sites/7/2022/03/Google-Analytics-GDPR-Cookiebot-.jpeg) ## Metadata - Author: [[maksim|Maksim]] - Full Title:: Google Analytics, Cookies & the GDPR - Category:: #🗞️Articles - Document Tags:: [[Google analytics|Google Analytics]], - URL:: https://www.cookiebot.com/en/google-analytics-gdpr/ - Finished date:: [[2023-08-06]] ## Highlights > from the other side of the screen – from the point of view of your website’s users – these JavaScript tags running Google Analytics **set cookies on their browsers** that harvest personal and sometimes sensitive data from them in return. ([View Highlight](https://read.readwise.io/read/01h75hv350pxghc3mdj65m7x7e)) > Under the EU’s GDPR, **you are required to ask for and obtain the explicit consent to run any kind of cookie or tracker on your website that processes personal data**. ([View Highlight](https://read.readwise.io/read/01h75hv7te2mwacx5wn5ph97sg)) This is probably UA. In GA4, IP anonymization is enabled by default. See the banner there that says: "In Google Analytics 4, IP masking is not necessary since IP addresses are not logged or stored". https://support.google.com/analytics/answer/2763052?hl=en > **Step 3 – turn on IP Anonymization in your Google Analytics account** ([View Highlight](https://read.readwise.io/read/01he0n2w8jpyyps34mrrv6g7sx)) > **Summary** > Let’s sum up how to use Google Analytics in compliance with the EU’s GDPR. > To ensure that Google Analytics – its cookies, trackers and statistics tools – run in full compliance with EU’s General Data Protection Regulation (GDPR), you need to: > 1. Ask for and obtain end-user consent for all Google Analytics cookies on your website prior to their activation and operation. > 2. Control each Google Analytics cookie in order to only activate them *after* your users have given their explicit consent to them. > 3. Provide transparent information in your website’s cookie policy about the details of all Google Analytics cookies in operation – including their provider, technical details, duration and purpose. This is important as consent is only valid under the GDPR if it constitutes an informed choice on behalf of the users. > 4. Compile detailed information in your website’s privacy policy about all Google Analytics cookies on your domain, and what personal data your website processes in general. > 5. Turn on IP anonymization in your Google Analytics account and make sure that it uses pseudonymous identifiers. ([View Highlight](https://read.readwise.io/read/01he0n3bn2c8aa7w2sa1sp87se)) ## New highlights added [[2023-11-04]] > If users don’t give their consent to statistics cookies, [Google Consent Mode](https://www.cookiebot.com/en/google-consent-mode/) makes sure that you still get aggregate and non-identifying insights into your website’s performance, such as – > • Timestamps > • User agents > • Referrers > • Other basic measurements for modelling > [Google Consent Mode](https://www.cookiebot.com/en/google-consent-mode/) ensures full GDPR compliance simultaneously with optimized analytics data – respecting both end-user privacy and your website’s need for data and user insights. ([View Highlight](https://read.readwise.io/read/01hed34n0r856xj6xzg2jv2fxv))