You have often come across the acronym PII or Personally Identifiable Information and wondered what it is and how to fix it in Google Analytics.
PII are all the information that can give you the possibility to identify a user.
This topic is closely linked with Privacy and, especially for the EU, with the GDPR (General Data Protection Regulation).
In this post I’ll show you how to identify if your Google Analytics account is collecting and storing personal information or PII
Content: - What information are covered by the PII? - How do I know if I collect PII? - PII Collection: Event Category/Action/Label - PII Collection: Custom Dimensions - PII Collection: Pages - PII Collection: Search Terms - PII Collection: Data Import - What to do if I collect PII? - Conclusions
- Name and Lastname
- Credit Cards
- Telephone number
- Personal Information from the login page
- Exact GPS coordinates
- IP addresses
The collection of these information is strictly prohibited by Google Analytics and, in case of violation, can lead to permanent deletion of your account.
Now you can have the following question: How can I know if I’m collecting personal information from my users in my Google Analytics account?
There are several possibilities to know if you’re collecting PII. Below I’ll show you some concrete examples which I check during my Google analytics audit.
I suggest you to check the hierarchy Category/Action/Label into the Top Events Report and see if you’re collecting any type of PII information into the events you have set up.
Check if you collect email, telephone numbers or any other stuff by clicking in each event.
You should check if the custom dimensions you created in the account do not collect PII.
Go into the Admin > Property and check the dimensions.
You can simply create a Custom Report with your custom dimensions and easily see which values are collected. If these values contain personal information you have to fix the issue asap.
Let’s continue your checklist by going in the All Pages report and control if there is any PII inside.
PII can be contained in the query parameters, so a way to check that information such as e-mail address is not processed in your Google Analytics account is to look for the @ symbol in the filter.
If the result is zero, no pages with the query parameter @ have been found. That’s good!
You should also check the Search Terms Report. Here you can find the most searched terms typed by your users in the internal search engine of your website.
By checking this Report, you could find some personal information.
In Google Analytics you have the possibility to import set of data. Hence, it’s important to check what kind of data you want to import in order to avoid having PII imported.
So, remember to don’t skip this check!
If I notice that I’m collecting personally identifiable information, what actions should I take? The advice I give you is to having a meet with your IT Department to find the best solutions to stop collecting personal information.
For some PII such as the IP address, Google Tag Manager can come to your rescue, especially if you’re using the Universal Analytics version of GA (Google Analytics 4 automatically provides to anonymize IP addresses)
But in general, it’s a good practice to better coordinate with developers to find the most robust solution!
Knowing which parts of the website are collecting certain information is a great starting point to be more effective and find optimal solutions.
The Privacy aspect is a very important issue, not only on a theoretical but also a practical level. As mentioned, if you do not respect the terms proposed by Google, you risk account suspension and other legal problems.
For this, the final tips that I share with you are the following:
- Coordinate with your Legal Department to understand which data you can collect and which you cannot. At least, involve the legal department to make them aware of what is possible and cannot be done on Google Analytics (don’t take it for granted!);
- Periodically perform an audit on your Google Analytics account. Remember: the audit is not just about the PII part but needs to be more structured. Personal information is an important area but there are other points as well;
- Involve the IT Department. With the audit you can find the critical points in more detail; by involving IT, you will be able to find more qualitative solutions and understand if Google Tag Manager is enough for you to correct the collection of some data, or if you need a stronger solution.
You may also be interesting by the following articles:
- How to Implement Content Group in Google Analytics 4Content Groups allow you to create sections of the website, grouping contents in a convenient way for your analysis. Let’s give some examples: I can create a specific group that shows me the most viewed Brands on my website or I can create Product categories to analyze, at a higher level, the interactions of users […]
- Server-side Tagging: what is it?Update: October 5th. Google Tag Manager Server Side is officially out of Beta, as confirmed by Google, and has entered a new phase. Announced in August 2020, Google Tag Manager Server-side is still a tool / theme unknown to most. There are many doubts and questions on the subject and in this post I want […]
- Content Grouping in Google AnalyticsNote: this article refers to the Universal Analytics version. If you want to know how to implement Content Groups in GA4 via Google Tag Manager, you can read this blog post. Analyzing the contents of a website, has it ever happened to you that you want to know what are the performances of the main […]
- Google Tag Manager: Lookup Table VariableThe Lookup Table variable in Google Tag Manager allows you to read the value of an input and, if this value matches certain requirements, it will return some output. There are several situations where this variable can help us: rename a web page, rename the Source dimension for a social (Instagram, Facebook LinkedIn etc.) and […]
- What Virtual Pages are in Google AnalyticsPageviews are one of the best known metrics, present in almost all web analytics reports. This metric is populated with pageview hits, which are sent to Google Analytics every time we view a page or refresh the page itself. However, in recent years a series of technologies have developed that improve user navigation on the […]
- How to track Virtual Pages: Google Tag Manager and Google AnalyticsIn this post, we see how to track Virtual Pages with the help of Google Tag Manager and Google Analytics. If you don’t know what Virtual Pages are and learn more about how they can help you especially if you are tracking a Single Page Application, I suggest you to read my dedicated post. To […]
- Google Analytics 4: Cross Domain TrackingIn this post I’ll show you how to implement cross domain tracking in the new version of Google Analytics 4. With GA4 cross domain tracking is much easier than the Universal Analytics version, in fact: in Universal Analytics you had to set everything up within Google Tag Manager In Google Analytics 4 you can do […]