You must post a Privacy Policy, and that Privacy Policy must provide notice of Your use of cookies, identifiers for mobile devices (e.g., Android Advertising Identifier or Advertising Identifier for iOS) or similar technology used to collect data. You must disclose the use of Google Analytics and how it collects and processes data.
The above requirements are specified by Google's Terms of Service.
Google Analytics is by far the most popular web traffic analysis tool.
It helps track how your website is doing overtime, which pages are getting the most traffic and how visitors are moving around your site.
But it can be used to collect information about your customers, which could go against your privacy policy.
As stated below, both Google itself & the privacy laws (According to international privacy rules, if you gather personal information from website visitors, you must post a Privacy Policy on your website and make it available through your mobile app.) require you to add a privacy policy into your website, if you are using Google Analytics.
What Is Google Analytics and How Does it Collect data?
What is Google Analytics? If you're reading this, chances are you already know what analytics is.
But some of you might be in the dark on what exactly it is.
Google Analytics is one of the world's most famous pieces of free website-analytics software.
There are many tools out there for collecting website analytics, but Google Analytics is the one that is used most often.
This is because it can provide a lot of valuable insights about your visitors, from the pages they visit to their geographic location.
The thing is, people don't always fully understand what goes on behind the scenes or how Google Analytics collects data.
Google Analytics collects information about your website visitors, app users, and their online habits through a technological instrument called cookies.
Cookies are used by Google Analytics to remember a user's behavior and to share this information with you.
Google Analytics and Privacy Policy Requirements
Transparency is critical for data privacy, and Google Analytics is no exception.
It is common for an Internet user to look for a privacy policy when visiting a website since she may want to see whether or not the site in question processes personal data.
Because Google Analytics tracks users and collects data about their behavior, website owners must disclose such data processing action to their visitors.
In addition, the law requires that website owners provide a comprehensive privacy policy to inform users about the types of data they collect and how they use it.
Google Analytics Terms of Service
The Google Terms of Service include a particular paragraph stating that to utilize the program and its monitoring functions lawfully, you must publish a privacy policy to consumers.
You will have and abide by an appropriate Privacy Policy and will comply with all applicable laws, policies, and regulations relating to the collection of information from Users. You must post a Privacy Policy, and that Privacy Policy must provide notice of Your use of cookies, identifiers for mobile devices (e.g., Android Advertising Identifier or Advertising Identifier for iOS), or similar technology used to collect data. You must disclose the use of Google Analytics and how it collects and processes data."
Google's Privacy Policy
First, let's look at Google's Privacy Policy and which data they collect and store.
See the details on their official Policies page.
Google Analytics Terms of Service
The Google Terms of Service include a particular paragraph stating that to utilize the program and its monitoring functions lawfully, you must publish a privacy policy to consumers.
For example, the below statement is from Google's Terms of Service document:
Google clearly stated in the "Privacy" section of the legal document that you should:
- Comply with all applicable laws & regulations as well as the Google Terms
- Clearly state HOW you are using cookies to collect personal data from visitors
- Clearly mention in your webpage that you are using Google Analytics
- Show the users how to consent, withdraw consent, and other data collection methods such as cookies.
We must all make sure we have a privacy policy and enforce it.
It tells our audience about the cookies we'll use, as well as other identifiers. We aren't allowed to assume that our audience knows about these or consents to them, so you still need one even if you don't use cookies.
Privacy Policy for Google Analytics Advertising Features
As an advertiser, you have the option to purchase Google Analytics Advertising Features such as AdWords remarketing and conversions tracking.
However, as a user of Google Analytics Advertising Features, your privacy policy must include explicit provisions explaining how these advertising features acquire additional data from advertising cookies.
You may use Google Analytics Advertising Features to enable components that aren't accessible in regular implementations. The following are some of the advertising features:
- Google Analytics for remarketing.
- Impression Reporting on the Google Display Network.
- Demographics and Interest Reporting in Google Analytics.
- Integrated services that rely on Google Analytics to acquire data for advertising purposes, such as data collected via advertising cookies and IDs.
Let's also see the below screenshot taken from Google's Policy requirements for Analytics Advertising features:
Therefore, you should inform users about:
- Which advertising features are you using on your website.
- How you and/or third parties are using first-party cookies.
- How users can withdraw from the features you use.
Google Analytics and Cookies & Identifiers
We all know what they are, and we use them every day. Before the GDPR, many people didn't really give much thought to cookies.
A cookie was just a helpful feature of your favorite websites – it could tell whether you're logged into an account on that site, keep track of your top articles read on a blog, or show you customized ads based on your browsing habits and location.
Google Analytics cookies are used to store information about how visitors interact with your website.
To comply with the General Data Protection Regulation (GDPR), you need to disclose your use of cookies in your privacy policy and provide more information about what data you collect, why you collect that data, and who you share that data with.
Google Analytics also gathers Internet Protocol (IP) addresses to offer and maintain the service's security, as well as to provide website owners an idea of which country, state, or city their visitors are from throughout the world (also known as "IP geolocation").
You can read more about the detailed version of the data collection by Google Analytics on their support page.
Privacy Policy Guide: Draft your own Privacy Policy
What do you need to build your Privacy Policy? Well, let us summarize the barebones of a privacy policy's legal needs:
- Mention who is the website/app owner.
- Mention what and how the data is being collected.
- Mention why you collect the data. (For example; email marketing)
- Mention which third parties will have access to the information: if yes, how they will collect these data.
- Mention the users' rights: if they can access the information you collected, they can block their data.
- Mention the date of effectiveness of the Privacy Policy.
The good news is that creating an adequate Privacy Policy is simple: remember to be transparent and opt-in with your users.
They are much more likely to allow you to use their data if they feel informed about the how's and why's of data collection.
And with that, you should be well on your way to satisfying the legal requirements of the GDPR, other privacy laws, and Google's Terms of Service and Analytics contracts.
FAQs
Can you use Google Analytics in Europe?
For breaking GDPR standards, Austria's Data Protection Authority has prevented Google Analytics from being used on European websites.
European businesses must now decide whether or not to remove Google Analytics from their websites or face a fine for breaking the GDPR.
Either the United States' surveillance rules must be changed, or US companies must host data of European customers in Europe.
Do you need a Privacy Policy if you use Google Analytics?
Yes, if you wish to utilize Google Analytics, you must provide a Privacy Policy to your audience.
Does Google Analytics require cookie consent?
Yes. Google Analytics is not GDPR compliant by nature. When you use Google Analytics on your website, you must first acquire an end-user agreement to use the Google Analytics cookies and declare any personal data processing in your privacy policy.
What Should We Do To Keep Track of Google Analytics Updates?
Google analytics constantly updates policy so it's hard to follow and can be manipulated. You can track the older versions of the policies by years.
Suggested Content:
