Personally Identifiable Information (PII) is a concern for marketers because Google considers it a no-no when collecting analytics data. Collecting PII is against Google’s strict privacy guidelines mandating the protection of user privacy and that no personal data be passed to them. It can also violate Federal or European Union (EU) legislation protecting the privacy of individuals online.
Keep in mind that PII is a different categorization of data from the General Data Protection Regulation (GDPR). Data that can be excluded from Google’s interpretation of PII, can still be considered personal data under GDPR, Canadian Centre for Policy Alternatives (CCPA), and other privacy legislation.
If Google discovers you’re collecting PII, whether it is intentional or not, your Google Analytics account could be terminated and data permanently deleted. Because privacy laws and regulations vary across different countries, and depends on where you/your users live and the type of breach, you may be violating other laws that could result in fines. Consider contacting your legal team to get more clarity on your specific privacy situation.
If you discover PII in your Google Analytics data, resolving the issue should be your number one priority. This blog will help you identify:
- What's Included In PII
- Google’s Best Practices In How To Avoid It
- How To Audit Your Google Analytics Account For PII
- What To Do If You Find PII In Your Google Analytics Account
What Is Included In PII?
Google interprets PII as information that could be used to directly identify, contact, or precisely locate an individual. Google considers the following list of personal information PII:
- Email addresses
- Mailing addresses
- Phone numbers
- Precise locations (i.e. GPS coordinates)
- Full names or usernames
- SIN or credit card information
What Google Excludes From PII?
The following list of information is not considered PII, according to Google. For example, if an IP address is sent with an ad request, that transmission will not breach any prohibition on sending PII to Google.
- Pseudonymous cookie IDs
- Pseudonymous advertising IDs
- IP addresses
- Other pseudonymous end user identifiers
Google’s Best Practices To Avoid Sending PII
Refer to Google’s PII best practices to ensure different aspects of your page design are not sending PII. Here are different ways to reduce the risk of PII being collected on the following aspects of your website:
Website Element | Auditing For PII | Solution |
---|---|---|
Page URLs & Titles | Remember the basic Analytics tag collect page URLs and page titles for every page view on your website. PII can be inadvertently sent to Google from both the URL or title of a page. Check for PII around your site where the URL string could include:
|
Use a unique site-specific identifier (background) or a UUID instead of sending PII. Ex: site.com/settings/[email protected] could be changed to site.com/settings/18492, where 18492 is a number that uniquely identifies the account with the email address [email protected]. |
Forms | Check the form method of your form submissions. HTTP protocol allows a GET or POST form submission method. If GET is defined, the URL including the form’s parameters can be sent to Google Analytics containing values that are PII. | Update form submission method to method=”post” . If no method is defined, the default is get . |
Email links | Test your website’s account sign-up link to see if the verification/confirmation email URL includes your email address or other PII. | The solution under URL schemes can apply here as well. Remove PII from any URLs on your website and use identifiers or tokens to associate the verification email with the user account. |
Keywords For Targeting Purposes | Parameters from ad targeting can include key-values and keyword targeting that may contain PII depending on how you configured your targeting. Check your ad reports for any key-values in the targeting field to make sure there are no parameters with PII. | Remember to remove any targeting parameters from your ad tags and the ad server so that PII is not passed into the ad request. |
How To Audit Your Analytics?
As a Google Analytics owner, it’s important to audit your account for PII on a regular basis. There are a few different ways you can check if PII is being sent to Google through your Analytics account.
One way is to download the chrome extension, PII Viewer for Google Analytics. This application will allow you to map the user ID’s stored in your Google Analytics account to PII (i.e. name and email address) stored locally. Instead of requiring a custom integration to map the data together, this locally stored CSV file will let you reference this information easily and comply with Google’s privacy policy.
Another way to audit your analytics account is by manually going through your Google Analytics account. Check the following elements for PII using the following examples:
Where To Check For PII In Google Analytics | Step 1 | Step 2 |
---|---|---|
Pages | Navigate to Behaviour > Site Content > All Pages | PII can be found in the query parameters to see if email addresses are being collected. Search “@” in the filter. |
Event Dimensions | Navigate to Behavior > Events > Top Events | Check your Top Events Report for the following:
And make sure there’s no PII |
Custom Dimensions | Navigate to Admin > Custom Definitions > Custom Dimensions | Create a custom report that pulls custom dimensions and check to make sure there’s no PII in the values that are being collected. |
Search Terms | Navigate to Behavior > Site Search > Search Terms | Check if there is any PII in your Search Terms Report to find the most searched terms using the internal search engine of your website. |
Data Import | Navigate to Admin > Property > Data Import | Before importing a set of data into your Google Analytics account, make sure there is no PII. |
Steps to Take When PII is Discovered
If you conduct an audit of your Google Analytics account and find that there is PII being collected it is important to determine:
- The type of PII being collected;
- How it is being collected;
- Where it is being stored;
- How to dispose of the PII;
- And possible privacy violations for each type of PII
It goes without saying, that if you find PII in your Google Analytics account, the GDRP violation has already occurred. Adding filters to your Analytics views won’t solve your problems.
The first step after finding PII in your analytics data is to find the source and remove it. Its best practice to coordinate with developers to find the best solutions to stop collecting PII. Knowing where your website is collecting PII is a good starting point to be more effective in finding an optimal solutions. The process can look similar to this:
Remove the source: coordinate with your development team to find the source collecting PII and remove it. For PII such as IP addresses, Google Tag Manager can help anonymize users’ IP addresses.
Create a new view in Google Analytics: now that the site is not actively collecting PII data this new view should be clean of all PII.
Back up the existing view: use Google Data Studio dashboards to visualize all of your important data and export it. Ensure there isn’t any PII accidentally stored in the backup because continuing to store the data elsewhere can still violate other international privacy laws.
Delete the corrupted view: you can’t retroactively remove the PII data from a Google Analytics View so you’ll need to delete the corrupted view entirely and start over with a new one.
Conclusion
Privacy is a very important issue and should not be taken lightly. As we mentioned earlier, not complying with Google’s terms and conditions can risk getting your account suspended or worse, legal problems. Coordinate with your legal teams to understand what data you can collect and what you cannot. Don’t forget to periodically perform audits on your Google Analytics account and include your development team if there are any issues that arise.