Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy compliant tracking #280

Open
4 of 5 tasks
webbertakken opened this issue May 19, 2022 · 1 comment
Open
4 of 5 tasks

Privacy compliant tracking #280

webbertakken opened this issue May 19, 2022 · 1 comment
Labels
help wanted Extra attention is needed question Further information is requested

Comments

@webbertakken
Copy link
Member

webbertakken commented May 19, 2022
edited
Loading

We've recently introduced GA4. We use it to learn how our website is used.

We'll keep track of measures we're taking or still have to take to make tracking compliant.
Note that we have no intention of tracking any personally identifiable information.

From this guide I understand the following:

ePrivacy Directive (EU “Cookie Laws”)

  • Don't store any cookie without consent.

General Data Protection Regulation (GDPR)

  • Don't track any personal information without
    1. providing the purpose
    2. having consent

It is possible to not track personally identifiable information (PII) at all.
Some features need to be configured for that:

  • disable Google signals data collection (get started button means it's disabled)
    image
  • disable Ads Personalisation
    image
  • Disable collection of user ip addresses (configured in Google Tag Manager)
    image

Quoting a piece that summarises GDPR compliancy:

Generally, if you do not have Google Signals data collection enabled within GA4, are not linking your Google Analytics 4 properties with Google Ads, and are only using the data in analytics for aggregate statistical reporting purposes, then it’s possible that no GA4 data will be classified as “personal data” and therefore the principles of GDPR will not apply. This also assumes you are not collecting any “personal data” in custom parameters associated with events, either.

California Consumer Privacy Act (CCPA)

Has a different (more strict) rule for what "personal information" is. This makes the anonymous client ID fall under "personal information" under the CCPA, meaning GA4 is always affected.

However, you're free to collect personal information as long as you don't sell it.

  • Do not enable Google Ads as that may mark it as "selling" personal information.

Quote from that article regarding CCPA:

Generally, if you are only using GA data for reporting purposes within Google Analytics, then you wouldn’t be “selling” any of this data.
@webbertakken
Copy link
Member Author

Any tracking experts in the community? Let me know if I'm somehow far off. It's a lot of information to sift through.

Ideas about how to most elegantly implement a cookie consent would be great. We use the docusaurus gtm plugin (not hard to understand)

@webbertakken webbertakken added help wanted Extra attention is needed question Further information is requested labels May 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@webbertakken