Google Analytics is an incredibly powerful analytics tracking tool at the heart of being able to evaluate marketing data and making decisions based on what’s working to improve SEO performance over time on Google Analytics GDPR.
However, the introduction of the GDPR in May of 2018 imposed a number of restrictions on the extent to which data can be collected and processed without consent – significantly affecting Google Analytics tracking data.
- What Is Google Analytics GDPR & Why It Matters?
- 1. Install and Activate Rank Math PRO
- 2. Enable Rank Math’s Analytics Module
- 3. Enable Cookieless Tracking and Anonymize ID Address
- Alternative Method WordPress: GDPR-Compliant Google Analytics
- * How To Make Google Analytics GDPR-Compliant On Non-WordPress Websites
- 1. Review and Accept The Data Processing Amendment
- 2. Disable Data Sharing
- 3. Disable the User-ID Feature For Your Analytics Property
- 4. Disable Data Sharing for Ads
- Google Analytics – Frequently Asked Questions
What Is Google Analytics GDPR & Why It Matters?
Basically, the GDPR – General Data Protection Regulation – is a guideline in EU law concerning information insurance and security in the EU and the EEA (European Economic Area). In any case, it likewise addresses the exchange of actually recognizable data and information outside of the EU and EEA territories which implies it influences practically every business with a site that is available to a worldwide crowd.
Cookies and Personally Identifiable Information:
BEFORE: How Google Analytics Adds Tracking Cookies By Default (This Is Not GDPR-Compliant)
The GDPR has led to unusable and inescapable cookie & consent notices that many would classify as a UX nightmare on almost every website – with them really failing to do anything to actually protect our privacy.
Individuals have the right to know the entirety of the actually recognizable data that organizations are gathering about them and approach it when they need.
A piece of the information that is influenced is Google Analytics following information. Out of the case, Google Analytics isn’t GDPR-agreeable which implies that utilizing it on your site must be done whenever assent is given. This implies that to stay consistent with the security guideline, you would have to introduce extra modules that let guests give assent and possibly add the investigation following code if and when individuals concur.
Not only is this a hassle to set up, but it also leads to analytics data that is grossly misrepresentative of real-world data – meaning it becomes virtually impossible to rely on when making decisions as a business. And not doing anything, continuing to collect information from your visitors that’s protected by the GDPR without collecting consent can lead to penalties and significant fines.
So, in this guide, we’re going to walk you through how you can make Google Analytics GDPR-compliant (no consent required)
How To Make Google Analytics GDPR-Compliant (No Consent Required)
The first and simplest arrangement is one that is accessible to you on the off chance that you use WordPress as your substance the board framework (which we strongly suggest as it’s trusted by organizations including Bloomberg, the BBC, and TechCrunch just to give some examples).
1. Install and Activate Rank Math PRO
Each WordPress site needs a WordPress SEO module – in a perfect world one that allows you to assume total responsibility for your site’s specialized and on-page SEO. Luckily, that is by and large what we do here at Rank Math.
So, as you might’ve guessed, the first step – if you haven’t already – is to go ahead and install the Rank Math WordPress SEO plugin:
- Download Rank Math & Rank Math PRO
- Follow Rank Math’s Setup Guide
- And that’s it! Keep reading…
Note: Rank Math’s Analytics module is available in the free version of Rank Math, but the functionality that allows you to install Cookie less Google Analytics so that no consent is required is only available in Rank Math PRO.
2. Enable Rank Math’s Analytics Module
In order to use Rank Math to automatically make Google Analytics GDPR-compliant, you need to enable the Analytics Module available by navigating to Rank Math > Dashboard > Analytics – as shown below:
Once enabled, you’ll be able to connect your Google Account by clicking the Settings button. Go ahead and make sure that you connect the account that has access to the Google Analytics property for the site that you’re currently working on.
3. Enable Cookieless Tracking and Anonymize ID Address
- The final step is to navigate to Rank Math’s General Settings > Analytics.
- This is where you’ll be able to enable the Install analytics code option.
And once that option is enabled, you’ll see an additional four options, including Enable Cookieless Tracking (No Consent Required) which is the option that allows the Google Analytics tracking code to be added without collecting consent from your website visitors before doing so.
You will also need to ensure that the “Anonymize IP addresses” option is enabled. This option is required for GDPR Compliance as well.
Rank Math also lets you further tweak your analytics tracking implementation, including:
The ability to exclude logged-in users (to avoid users on your team from inflating and skewing your analytics tracking data)
The ability to self-host the JavaScript tracking file (host Google Analytics locally, often helpful when accelerating site speed as an external request no longer needs to be made)
Note: Once you’ve enabled this option in Rank Math – please ensure that you disable and remove all other tracking plugins and or scripts added manually.
At the point when the above choices are empowered, Rank Math PRO introduces the Google Analytics following code utilizing an alternate strategy to create an interesting ID for every guest that doesn’t need a treat (implying that no assent is needed as no delicate, actually recognizable data is gathered or shipped off Google Analytics).
In the background, the way that this execution works is by producing a scrambled ID (progressively on page load) by hashing and joining a customer’s IP address, site space, client specialist, and program language.
Alternative Method WordPress: GDPR-Compliant Google Analytics
If you aren’t already using Rank Math, this simple & free Google Analytics plugin also makes use of the same implementation to install the Google Analytics tracking script in a way that ensures that consent is not required.
* How To Make Google Analytics GDPR-Compliant On Non-WordPress Websites
Only websites that run on WordPress are able to use the Rank Math WordPress SEO plugin and benefit from the easy implementation of all of this & much more.
However, to keep things nice and simple for those of you that don’t use WordPress – here’s how you can make Google Analytics GDPR-compliant:
Add the following JavaScript code to your page’s HTML head section (just before the closing tag).
<script>
const cyrb53 = function(str, seed = 0) {
let h1 = 0xdeadbeef ^ seed,
h2 = 0x41c6ce57 ^ seed;
for (let i = 0, ch; i < str.length; i++) {
ch = str.charCodeAt(i);
h1 = Math.imul(h1 ^ ch, 2654435761);
h2 = Math.imul(h2 ^ ch, 1597334677);
}
h1 = Math.imul(h1 ^ h1 >>> 16, 2246822507) ^ Math.imul(h2 ^ h2 >>> 13, 3266489909);
h2 = Math.imul(h2 ^ h2 >>> 16, 2246822507) ^ Math.imul(h1 ^ h1 >>> 13, 3266489909);
return 4294967296 * (2097151 & h2) + (h1 >>> 0);
};
let clientIP = "{$_SERVER['REMOTE_ADDR']}";
let validityInterval = Math.round (new Date() / 1000 / 3600 / 24 / 4);
let clientIDSource = clientIP + ";" + window.location.host + ";" + navigator.userAgent + ";" + navigator.language + ";" + validityInterval;
let clientIDHashed = cyrb53(clientIDSource).toString(16);
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://time-tips.com/wp-content/cache/busting/google-tracking/ga-4507839525a19180914799b08fb5fa5b.js','ga');
ga('create', 'YOUR-GA-TRACKING-CODE', {
'storage': 'none',
'clientId': clientIDHashed
});
ga('set', 'anonymizeIp', true);
ga('send', 'pageview');
</script>Note: You will need to replace YOUR-GA-TRACKING-CODE with your actual Google Analytics tracking code. And if your web server isn’t able to run PHP, you’ll need to find another way of embedding the client’s IP address – in which case replacing {$_SERVER[‘REMOTE_ADDR’]} with whatever is required by your platform in order to be able to parse the client’s IP address.
Google Analytics Data Processing Settings
To be completely consistent with the GDPR, as well as changing your following code utilizing the techniques depicted above – there are additionally a couple of pertinent settings that should be set/checked in your Google Analytics account:
1. Review and Accept The Data Processing Amendment
In the first place, you need to consent to the handling arrangement of Google. This can be found in the Google Analytics the executives climate under Account Settings. Under Data Processing Agreement you should tap on Review Amendment.
In the wake of perusing, click Done. Learn more here.
2. Disable Data Sharing
Turn off data sharing with Google. This is done by unchecking the Data Sharing Settings under Account Settings.
3. Disable the User-ID Feature For Your Analytics Property
The User-ID feature lets you associate the engagement data from different devices and multiple sessions so you can measure how users interact with your content over an extended period of time.
This is not something you can track without permission so in order to use Google Analytics without collecting consent, disable this in your Google Analytics Property Settings > Tracking Info > User ID, as shown below:
Disclaimer: If you are adding Custom Variables with sensitive data, collecting User ID or other pseudonymous identifiers, you’ll need to gain consent from the user.
To protect user privacy, Google policies mandate that no data be passed to Google that Google could use or recognize as personally identifiable information (PII). PII includes, but is not limited to, information such as email addresses, personal mobile numbers, and social security numbers. Because laws across countries and territories vary, and because Google Analytics can be used in many ways, consult an attorney if you are in doubt whether certain information might constitute PII or not.
4. Disable Data Sharing for Ads
Turn off data sharing with Google. This is done by unchecking the Data Sharing Settings under Account Settings, as shown below:
Google Analytics – Frequently Asked Questions
Is Google Analytics GDPR-Compliant?
No, Google Analytics isn’t GDPR-compliant by default. However, with the help of the Rank Math WordPress SEO plugin, you can easily make it compliant thanks to features including generating unique encrypted IDs using client IPs, user agents, language, and more.
What Personally Identifiable Information Does Google Analytics Collect?
By default, Google Analytics collects various personally identifiable information which would require consent from website visitors, including IP addresses, generating unique IDs and clientIDs – all of which can be used to track and identify an individual across the web (and even across devices, hence the need for consent when configured in this way).
Do I Need To Show A Consent Notice for Google Analytics?
Yes, you do need to show a consent notice prior to inserting the Google Analytics JavaScript tracking file and generating cookies as per the GDPR – unless you take advantage of Rank Math’s Cookieless Google Analytics tracking.
What Happens To My Google Analytics Code If I Disable Rank Math?
If you used Rank Math’s built-in Google Analytics integration to insert your tracking script & subsequently remove Rank Math, the tracking script will be removed meaning that data will no longer be sent to Google Analytics as a result.
Summary: Rank Math + Google Analytics = An Analytics Powerhouse
As Clive Humby broadly said back in 2006, “information is the new oil” and this keeps on getting all the more obvious over the long haul. We as a whole use, need, devour, and require information both by and by yet much more so in business. Also, to prevail in your SEO and advertising endeavors, you need information.
At what cost however? With Rank Math and the technique we’ve canvassed in this post ensuring your guest’s security doesn’t need to be a bit of hindsight or something you disregard doing essentially due to how complex the execution is. All things being equal, it’s something you can set and forget in a matter of snaps.
2 thoughts on “Google Analytics GDPR Compliance Guide, Make Google Analytics GDPR-Friendly?”