Verified Data Logo

Note, this post relates to version 1 of Verified Data. Please refer to Version 2 by using the FAQ page.

As per Google Analytics Terms of Service, Personally Identifiable Information (PII) must not be collected – even if you have explicit GDPR permission from your visitors. Essentially, Google does not want PII data as that puts a huge legal responsibility on it.

What defines personal data…?

The obviously culprits:

name, email address, street address, telephone number, national ID number, driver’s license number etc.

See the PII Reference Guide for further examples.

The not-so-obvious culprits:

gender, age, language preference, type of car owned, etc.

These are harmless in isolation. However just like a jigsaw, when stitched together you can pretty soon build up the identity of who that person is.

 

Why a Google Analytics filter is not sufficient for PII

After your PII audit you may think that a simple Google Analytics filter can solve your PII problems:

 

But this makes no difference from a privacy perspective. The issue is that PII has already been collected and passed around the internet – including Google Analytics and potentially many other routers and servers in between. Google Analytics filters do not delete the data itself – it remains on Google’s servers – only that it has been removed from the report interface.

Essentially all routes to fixing a PII collection issue lead to the deletion of data. At present this remains very blunt from Google (go to your property settings to make a data deletion request). That is, Google deletes ALL data for the date range effected. For example, for a small volume of PII breaches happening each day, a deletion request will remove ALL of your data – there is no selection only to select the bad PII stuff:

PII comes in many shades, but for blatant abuse detected by Google i.e. deliberate collection of personal information, expect the possibility of Google permanently removing your Google Analytics property – and with very little advanced notice!

 

Always ask: Why do we need this data…?

As a good general rule, collect only the data you need in order to segment your visitor traffic into your marketing personas. If you find the business is asking for the not-so-obvious personal types of information, ask your stakeholders to justify their request in terms of the GDPR risk. Then put that proposal to your Data Protection Officer (DPO).

For a website that legitimately collects PII into your back-end sales or CRM system e.g. a contact form or transactional website, contact your web development team to ensure personal information is NOT being sent to Google Analytics (or elsewhere). Hopefully, you will get a reassuring answer, but GDPR compliance means you must to have a process in place to verify and confirm that.

Audit for PII Using Verified Data

Verified Data uses Google Cloud algorithms to be smart about finding well hidden PII issues. It checks the myriad of different types (see the PII Reference Guide), does this in multiple languages, and is fully automated. All potential Google Analytics dimensions are checked for signs of any personal information:

  • PII Within URLs
  • PII Within Events
  • PII Within Campaign Parameters
  • PII Within Custom Dimensions
  • PII Within E-commerce Affiliation

 

Have an existing problem with PII?

Follow these steps:

  • Do not setup a filter in Google Analytics! Adding a filter does not delete the PII data – it simple hides it from view. The information has already been sent to Google server and most likely logged by other routers/servers along the way.
  • The best fix by far is to go to your web development team, show them the PII data and request a fix to be applied “at source” i.e. to prevent the issue happening in the first place.
  • In addition, if your analytics is deployed via GTM, consider using use the customTask method described here: stop any PII being collected. The emphasis here is stopping any PII being collected in the first instance – not trying to hide it later on. That can be a real career saver, though note this only impacts Google Analytics data collection – not any other tracking pixels you may have.
  • For GDPR compliance and because of the significant risk of Google closing down your property due to the data breach, once you have followed the previous steps set up a new clean property within Google Analytics. This will be your “analysis” property moving forward. Although it can run alongside the PII polluted property, prepare to delete the polluted property asap.

Anyone can make a mistake and the GDPR is not there to police the internet – rather it is there to ensure organisations have a process in place to spot mistakes and fix them quickly. The key is for you to regularly audit your data so that small mistakes do not become major catastrophes.