Google Analytics (GA) is a powerful tool that provides companies with data and valuable insights. However, many companies may unknowingly be in violation of the General Data Protection Regulation (GDPR) by accidentally submitting personally identifiable information (PII) to their GA platform.
Google’s policies aim to protect users’ privacy by requiring that no PII be passed on to their platform. However, PII often gets on GA through titles or URL strings when a visitor views your web pages, fills out a form, or uses the search feature on your website.
If Google identifies PII in your analytics account, it may remove all or part of your data. Fortunately, there is an easy and quick way to eliminate PII from your GA.
» Are PII and personal data the same? Discover the difference between PII vs personal data
How to Identify PII in Google Analytics
PII is defined as any information that, on its own, has the potential to directly identify, contact, or accurately locate an individual. It includes, but is not limited to:
-
- Names
-
- Emails
-
- Physical addresses
-
- Phone numbers
Bulleted List
Navigate to Google Analytics > Behavior > Site Content > All Pages to locate any PII on your GA platform quickly. To check if any emails have been stored, filter with “@”.
If you need to filter the list further, enter the following regex on the filter field:
-
- Names (fn|ln|lastname|firstname|name|fullname) These regexes can also be used to look for PII in reports like all pages and events reports.
-
- Email Addresses Use this to find emails in the full format, or “email@domain.com”. ([a-zA-Z0-9_.-]+)@([da-zA-Z.-]+).([a-zA-Z.]{2,6})
-
- Social Security Numbers Use this for social security numbers in the format “111-11-1111”. (d{3}-?d{2}-?d{4})
-
- Physical Addresses This helps search for addresses using typical address elements. You may have to specify it according to your requirements. (drive|street|road|dr.|po box|rd.)
-
- Phone numbers This helps search for phone numbers in this format: 000-000-0000. (d{3}-?d{3}-?d{4}) The “–” can also be removed. It should look like this: (d{3}d{3}d{4})
Bulleted List
» Should you check GA cookies too? Learn how to make GA cookies GDPR compliant
How to Remove PII From Google Analytics
There are two recognized solutions. One is an extensive guide using Google Tag Manager (GTM)’s custom task feature by Simo Ahava, and the other is an extension of it by Brian Clifton. JavaScript and GTM skills are required.
Alternatively, you can use the Google Analytics data deletion request feature to get rid of fields that have PII on specific dates. Head over to Admin > Property > Data Deletion Requests.
Conclusion
While eliminating PII from your GA account may seem like a big task, not doing it may result in the termination of your account and even further legal consequences.
» Not sure your information is protected sufficiently? Explore additional methods to protect sensitive information
Discussion
Related Posts
If you enjoyed reading this, please explore our other articles below: