Google Analytics, Cookies & the GDPR

Metadata

• Author: maksim
• Full Title:: Google Analytics, Cookies & the GDPR
• Category:: 🗞️Articles
• Document Tags:: google analytics,
• URL:: https://www.cookiebot.com/en/google-analytics-gdpr/
• Finished date:: 2023-08-06

Highlights

from the other side of the screen – from the point of view of your website’s users – these JavaScript tags running Google Analytics set cookies on their browsers that harvest personal and sometimes sensitive data from them in return. (View Highlight)

Under the EU’s GDPR, you are required to ask for and obtain the explicit consent to run any kind of cookie or tracker on your website that processes personal data. (View Highlight)

This is probably UA. In GA4, IP anonymization is enabled by default. See the banner there that says: “In Google Analytics 4, IP masking is not necessary since IP addresses are not logged or stored”. https://support.google.com/analytics/answer/2763052?hl=en

Step 3 – turn on IP Anonymization in your Google Analytics account (View Highlight)

Summary Let’s sum up how to use Google Analytics in compliance with the EU’s GDPR. To ensure that Google Analytics – its cookies, trackers and statistics tools – run in full compliance with EU’s General Data Protection Regulation (GDPR), you need to:

1. Ask for and obtain end-user consent for all Google Analytics cookies on your website prior to their activation and operation.
2. Control each Google Analytics cookie in order to only activate them after your users have given their explicit consent to them.
3. Provide transparent information in your website’s cookie policy about the details of all Google Analytics cookies in operation – including their provider, technical details, duration and purpose. This is important as consent is only valid under the GDPR if it constitutes an informed choice on behalf of the users.
4. Compile detailed information in your website’s privacy policy about all Google Analytics cookies on your domain, and what personal data your website processes in general.
5. Turn on IP anonymization in your Google Analytics account and make sure that it uses pseudonymous identifiers. (View Highlight)

New highlights added 2023-11-04

If users don’t give their consent to statistics cookies, Google Consent Mode makes sure that you still get aggregate and non-identifying insights into your website’s performance, such as – • Timestamps • User agents • Referrers • Other basic measurements for modelling Google Consent Mode ensures full GDPR compliance simultaneously with optimized analytics data – respecting both end-user privacy and your website’s need for data and user insights. (View Highlight)