How to make Google Analytics GDPR compliant

I just published a new post on the Plausible Analytics blog in which I list all the steps you need to take to make Google Analytics GDPR compliant so you don't need to ask for visitor consent. There are many steps! Here's the summary:

Is Google Analytics GDPR compliant?

Google Analytics is not GDPR compliant out of the box. This is what Google says about what you need to do if you’re using Google Analytics:

“You must ensure that certain disclosures are given to, and consents obtained from, end users in the European Economic Area along with the UK. If you fail to comply with this policy, we may limit or suspend your use of the Google product and/or terminate your agreement”.

You must obtain legally valid consent from your website visitors to:

• the use of cookies or other local storage
• the collection, sharing, and use of personal data for personalization of ads

How to make Google Analytics GDPR compliant

So what if you don’t want to remove Google Analytics and you don’t want to worry about obtaining consent from your visitors but you still do insist on using Google Analytics?

You can try to make Google Analytics GDPR compliant. Go into the “Admin” section of your Google Analytics account and take these steps:

• In “Account Settings”, disable all the data sharing options. Stop sharing your visitor data with Google products & services, for Benchmarking purposes, for Technical support, to Account specialists and Google sales experts.

• In “Account Settings”, review and accept the Google Ads Data Processing Terms.

• In “Property Settings”, disable all the Advertising Features including Demographics and Interest Reports.

• In “Property Settings”, disable User Analysis including Users Metric in Reporting.

• In “Tracking Info” click on the “Data Collection” section and disable all the Data Collection for Advertising Features. Disable Remarketing and Advertising Reporting Features.

• In “Tracking Info” click on the “Data Collection” section and within “Advanced Settings to Allow for Ads Personalization” disallow all regions from Ads personalization.

• In “Tracking Info” click on the “Data Retention” section and reduce the “User and event data retention” to the minimum amount of time possible (14 months).

• In “Tracking Info” click on the “Data Retention” section and disable “Reset on new activity”.

• In “Tracking Info” click on the “User-ID” section and disable the User-ID feature.

• In “Product Linking” section, disable all the product linking including Google Ads linking, AdSense linking and Ad Exchange linking.

• Update your privacy policy with clear information on how and why you use Google Analytics.

• Enable Google Analytics IP anonymization feature by adding this to your Google Analytics code: ga('set', 'anonymizeIp', true);

• Disable Google Analytics cookies. Disabling cookies leaves Google Analytics with a broken functionality. Pretty much every pageview will be counted as a unique visitor.

• You need to replace Google Analytics cookies with your own storage mechanism such as localStorage or a service worker in order to fix the breakage of unique visitor counting. Here’s a guide from Google on how you can do that.

What's the alternative?

You could save yourself all this hassle and time by using a web analytics tool that doesn't use cookies and doesn't track any personal data. We've built Plausible Analytics with GDPR in mind and it works out of the box.

• It's quick, simple to use and understand with all the metrics displayed on one page
• Lightweight script of <1 KB so sites load fast. Our script is 45 times smaller script than the Google Analytics one
• Doesn't use cookies so there's no need to worry about cookie banners
• Doesn't track personal data so it's compliant with GDPR out of the box and you don't need to worry about ask for data consent
• It's open source with the code available on GitHub

Take a look at our live demo to see the traffic stats from our own website!

Read also my full post: Web Analytics, GDPR and is Google Analytics compliant?