There has been a lot of concern about the use of Google Analytics in the EU as the Data Protection Authorities are now ruling against it. GDPR still has many gray areas, so it’s difficult to predict how things will develop. At the moment though, the trend is moving towards stricter restrictions on the use of personal data.
The key issue can be summed up in three parts:
- The default setup of Google Analytics tracks the user’s personal data
This includes the user’s IP address and other information that may be used to identify the user (e.g. Client ID or Device information). Some of this can be removed from tracking by adjusting your script or Google Tag Manager settings, but the only way to hide the user’s IP from Google is through server-side tagging.
- User data in the EU is protected by GDPR
GDPR requires an adequate level of data protection when transferring data outside the EU. Google Analytics doesn’t currently offer this level of protection.
- Google is a US company and is subject to US law
The US public authorities may order Google to disclose the personal data of EU citizens. This is clearly in conflict with GDPR’s requirement for data protection.
There are three different approaches to solve this issue:
- Wait and see what Google plans to do next
Google has already commented on this issue and is promising to share more information soon. We can expect further control over what data is being gathered but so far, the solutions that have been offered (IP Anonymization and Consent Mode) have not provided data protection high enough.
- Switch to server-side tagging
Switching from default Google Analytics to server-side allows you to keep using Google Analytics as a designated analytics tool. The setup will require technical skills but the end result will be fairly close to the default Google Analytics tracking. The notable difference is that location, device and demographic information will be missing from the analytics. The client ID will also have to be changed so that it won’t be considered personal information. This will change the calculated amount of users and sessions compared to the default setup.
- Switch to an EU-based analytics platform
The most known EU-based Google Analytics alternatives are Matomo and Piwik Pro. Changing your analytics platform to either of these will of course require a complete renewal of your analytics setup and reporting.
Before deciding what to do with your analytics, you should go through your current analytics setup and evaluate how well it fits your needs. If personal data is not necessary for your analytics, then anonymized server-side tagging is a great option. If you need to track personal data, something like Matomo might be right for you.
It is important to remember that these rulings of the Data Protection Authorities will apply to all tools that transfer personal data from the EU to the US, not just Google Analytics.
If you have any questions about Google Analytics or GDPR compliance, contact us and we’ll help!