7 Ways to Protect User Data in Google Analytics

7 Ways to Protect User Data in Google Analytics

Website owners who analyse user insights rely on Google Analytics. It’s free, easy to understand, and provides powerful data.

This means more than half of all websites track user activity every day. Now imagine Google collecting all that data and becoming a true behemoth of information.

Is it a bad thing? Not really. But when talking about user privacy, that’s where you draw the line.

It’s not the Analytics customers — or website owners like you — that need to worry.

It’s your site visitors.

Users may be handing Google more information than they’re aware of. And as responsible site owners, it’s our duty to uphold their privacy.

In this article, you’ll learn how Google collects information, how to secure user data, and less invasive analytics tools to try.

How does Google collect information?

How does Google collect information?

Google’s data collection starts with a snippet of Javascript tracking code — also known as the Google Analytics tag.

This code covers the website pages where you want to collect data. It tracks almost every type of user interaction on your site, like the time they spend visiting a page to the size of their screen resolution.

Google collects as much information from its users as it can. It helps them tailor the user experience and better their services. But when it comes to Analytics, Google puts the onus on its customers to make sure user information remains private.

So what information does Google actually collect and present on Analytics?

Cookies

As stated in Google’s Help section:

Google Analytics mainly uses first-party cookies to report on visitor (aka. user) interactions on Google Analytics customers’ websites.

Cookies help websites track user visits and activity. This includes page views, events (like downloads, mobile ad clicks, and video plays), social interactions, and screen tracking.

Measurement protocol

Measurement Protocol is a Google feature that allows developers to collect user interaction data from any internet-connected device. One of its main uses is to “tie online to offline behaviour.”

Through this feature, users hand out data from off-site events, like website clicks, email opens, QR code scans, and even their smart home use.

Adwords

Even if you don’t use Google Adwords to leverage your Analytics insights, Google still holds a ton of user data to create targeted ads for Adwords customers.

7 Safe and Secure Ways to Use Google Analytics Data

We all agree on one thing: Google collects massive amounts of user data — even going beyond what’s necessary. And for anyone who values privacy, this sets off all kinds of alarms.

So, what can you do about it?

  1. Audit users with account access

  2. Audit users with account access

    If you’re using Google Analytics for your business, you may have given access to employees.

    Regularly check who has access to your account. You’ll see how many emails are on the list — and how many of them don’t need to be. They’re usually previous employees or third-parties that had account access in the past.

    You may install an identity management tool or manually create a file that contains a list of emails with access to Google Analytics.

    Another way to protect your Analytics data is to create company accounts for employees or third-parties that need access. It makes it much easier to keep track of your permissions.

  3. Remove PII from data

  4. Remove PII from data

    Google warns customers not to send Personally Identifiable Information (PII) through Analytics. Remove PII from your website data to abide by Google’s rules.

    The most common PII includes names, phone numbers, email addresses, and other sensitive user information.

    The simplest way to find PII is to navigate to Behavior > Site Content > All Pages. Next, add a filter using the ampersand (@) to display any pageviews with common emails. Then you can redact PII from the URL before the information is sent to Google.

  5. Hide the user IP

  6. Hide the user IP

    The General Data Protection Regulation (GDPR) considers IP addresses as PII. So you need to take extra steps to hide your users’ IP from Google.

    Analytics uses the entire user IP address to create geographic reports. As countermeasure, turn on its IP Anonymisation feature. This removes the last octet of an IP address before Google stores and processes the data.

    There are several ways you can hide your users’ IP:

    • Adding a line of code in your Analytics tracking code for analytics.js
    • Inserting a line of code for gtag.js
    • Enabling IP anonymisation via Google Tag Manager

    But heed this word of warning: hiding user IP can slightly reduce the accuracy of geographic reporting.

    Help customers to fully trust your website. Secure it with an SSL certification.

  7. Enable two-factor authentication

  8. Enable two-factor authentication

    Keep user data out of the wrong hands by enabling two-factor authentication on your Google Analytics account.

    You can use the Google Authenticator app, which generates a time-limited code each time you log into your account. You can only access it if you have your smartphone with you.

    Another method is activating the 2-Step Verification on Google Tag Manager.

  9. Customise data sharing settings

  10. Customise data sharing settings

    Google states that real people (Google employees) have access to customers’ Analytics data.

    Security-dedicated engineering teams at Google guard against external threats to data. Internal access to data (e.g., by employees) is limited by strict access controls (both internal policy controls and automated technical controls such as authentication, SSL, and security logs) to only those with a business need to access it.

    However, website owners also get to decide who to grant access to their account’s data.

    On your Analytics account admin area, go to Account Settings and tweak the Data Sharing Settings to your liking.

    Google Analytics Data Sharing Settings
    Customise your Google Analytics data sharing settings.
  11. Display a privacy policy

  12. Display a privacy policy

    One of Google Analytics’ terms is for customers to post a privacy policy on their site.

    Your privacy policy should disclose the following:

    • Your use of cookies to collect user data
    • Your use of Google Analytics and how it collects and uses data

    Make sure to also ask for consent to the storing and accessing of cookies and other visitor data. It’s important to get their consent as it’s required by law.

  13. Disable tracking

  14. Disable tracking

    You can disable user tracking on certain pages. Doing so, you offer site visitors the option to opt out of the feature.

    There are two ways users can opt out from Analytics:

    • Using a browser plugin
    • Offering an opt-out link in your privacy policy

    For the second solution, use this script for your opt-out link.
    opt out script

    Make sure to inject the script in the text editor to ensure the HTML code works.

    Learn more about the procedure through the Analytics developer forum.

Google Analytics alternatives

Privacy is a major reason marketers look for other alternatives to Google Analytics. And there are also other features from competitors that Google lacks. Here are some that are worth trying out:

  • Kissmetrics — best for SMEs who want to get a better understanding of their client base. It lets you choose what data to collect from users.
  • GoSquared — provides straightforward insights into your visitor behaviour on websites and mobile apps. It’s fully GDPR compliant, so it has heightened privacy features.
  • Open Web — one of the most popular free Google Analytics alternatives. It provides excellent tracking features like heat maps, ecommerce transactions, and custom site actions.
  • Matomo — another GDPR compliant tool that gives you complete ownership of your data. Aside from visitor activity reports, it also displays your search engine performance.

Protect Your Customers’ Personal Information

It pays to take data privacy seriously — especially when customers confide in you to protect their personal information. Google is a trusted information authority, but it’s on your hands to anonymise your users’ data, keep them informed, and hand them the choice to opt out altogether.

Want to take your cybersecurity up a notch? Check out Vodien webGuard.