English Posts

PII (Personally Identifiable Information): what is it?

PII (personally identifiable information) what it is and how to fix it in google analytics

You have often come across the acronym PII or Personally Identifiable Information and wondered what it is and how to fix it in Google Analytics.

PII are all the information that can give you the possibility to identify a user.

This topic is closely linked with Privacy and, especially for the EU, with the GDPR (General Data Protection Regulation).

In this post I’ll show you how to identify if your Google Analytics account is collecting and storing personal information or PII

- What information are covered by the PII?
- How do I know if I collect PII?
   - PII Collection: Event Category/Action/Label
   - PII Collection: Custom Dimensions
   - PII Collection: Pages
   - PII Collection: Search Terms
   - PII Collection: Data Import
- What to do if I collect PII?
- Conclusions

What Information are covered by the PII?

Here you can see a list of examples that is considered as PII and that has not to be collected by Google Analytics or Tag Manager.

  • Name and Lastname
  • Email
  • Credit Cards
  • Telephone number
  • Personal Information from the login page
  • Exact GPS coordinates
  • IP addresses

The collection of these information is strictly prohibited by Google Analytics and, in case of violation, can lead to permanent deletion of your account.

How Do I Know if I Collect PII?

Now you can have the following question: How can I know if I’m collecting personal information from my users in my Google Analytics account?

There are several possibilities to know if you’re collecting PII. Below I’ll show you some concrete examples which I check during my Google analytics audit.

PII Collection: Event Category/Action/Label

I suggest you to check the hierarchy Category/Action/Label into the Top Events Report and see if you’re collecting any type of PII information into the events you have set up.

Check if you collect email, telephone numbers or any other stuff by clicking in each event.

personally identifiable information google analytics

PII Collection: Custom Dimensions

You should check if the custom dimensions you created in the account do not collect PII.

Go into the Admin > Property and check the dimensions.

You can simply create a Custom Report with your custom dimensions and easily see which values are collected. If these values contain personal information you have to fix the issue asap.

personally identifiable information google analytics custom dimensions

PII Collection: Pages

Let’s continue your checklist by going in the All Pages report and control if there is any PII inside.

PII can be contained in the query parameters, so a way to check that information such as e-mail address is not processed in your Google Analytics account is to look for the @ symbol in the filter.

If the result is zero, no pages with the query parameter @ have been found. That’s good!

personally identifiable information google analytics all pages

However, it is possible to find some PII. A good way to find it, it’s by using the following RegEx (Regular Expression) as suggested from CardinalPath:


google analytics pii email addresses

PII Collection: Search Terms

You should also check the Search Terms Report. Here you can find the most searched terms typed by your users in the internal search engine of your website.

By checking this Report, you could find some personal information.

personally identifiable information google analytics searrch terms

PII Collection: Data Import

In Google Analytics you have the possibility to import set of data. Hence, it’s important to check what kind of data you want to import in order to avoid having PII imported.

So, remember to don’t skip this check!

personally identifiable information google analytics data import

What to Do if I Collect PII?

If I notice that I’m collecting personally identifiable information, what actions should I take? The advice I give you is to having a meet with your IT Department to find the best solutions to stop collecting personal information.

For some PII such as the IP address, Google Tag Manager can come to your rescue, especially if you’re using the Universal Analytics version of GA (Google Analytics 4 automatically provides to anonymize IP addresses)

But in general, it’s a good practice to better coordinate with developers to find the most robust solution!

Knowing which parts of the website are collecting certain information is a great starting point to be more effective and find optimal solutions.


The Privacy aspect is a very important issue, not only on a theoretical but also a practical level. As mentioned, if you do not respect the terms proposed by Google, you risk account suspension and other legal problems.

For this, the final tips that I share with you are the following:

  • Coordinate with your Legal Department to understand which data you can collect and which you cannot. At least, involve the legal department to make them aware of what is possible and cannot be done on Google Analytics (don’t take it for granted!);
  • Periodically perform an audit on your Google Analytics account. Remember: the audit is not just about the PII part but needs to be more structured. Personal information is an important area but there are other points as well;
  • Involve the IT Department. With the audit you can find the critical points in more detail; by involving IT, you will be able to find more qualitative solutions and understand if Google Tag Manager is enough for you to correct the collection of some data, or if you need a stronger solution.

You may also be interesting by the following articles:

  • How to Implement Content Group in Google Analytics 4
    Content Groups allow you to create sections of the website, grouping contents in a convenient way for your analysis. Let’s give some examples: I can create a specific group that shows me the most viewed Brands on my website or I can create Product categories to analyze, at a higher level, the interactions of users […]
  • Server-side Tagging: what is it?
    Update: October 5th. Google Tag Manager Server Side is officially out of Beta, as confirmed by Google, and has entered a new phase. Announced in August 2020, Google Tag Manager Server-side is still a tool / theme unknown to most. There are many doubts and questions on the subject and in this post I want […]
  • Content Grouping in Google Analytics
    Note: this article refers to the Universal Analytics version. If you want to know how to implement Content Groups in GA4 via Google Tag Manager, you can read this blog post. Analyzing the contents of a website, has it ever happened to you that you want to know what are the performances of the main […]
  • Google Tag Manager: Lookup Table Variable
    The Lookup Table variable in Google Tag Manager allows you to read the value of an input and, if this value matches certain requirements, it will return some output. There are several situations where this variable can help us: rename a web page, rename the Source dimension for a social (Instagram, Facebook LinkedIn etc.) and […]
  • What Virtual Pages are in Google Analytics
    Pageviews are one of the best known metrics, present in almost all web analytics reports. This metric is populated with pageview hits, which are sent to Google Analytics every time we view a page or refresh the page itself. However, in recent years a series of technologies have developed that improve user navigation on the […]
  • How to track Virtual Pages: Google Tag Manager and Google Analytics
    In this post, we see how to track Virtual Pages with the help of Google Tag Manager and Google Analytics. If you don’t know what Virtual Pages are and learn more about how they can help you especially if you are tracking a Single Page Application, I suggest you to read my dedicated post. To […]
  • Google Analytics 4: Cross Domain Tracking
    In this post I’ll show you how to implement cross domain tracking in the new version of Google Analytics 4. With GA4 cross domain tracking is much easier than the Universal Analytics version, in fact: in Universal Analytics you had to set everything up within Google Tag Manager In Google Analytics 4 you can do […]

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *