Google Analytics and privacy: What you need to know

Google Analytics is reportedly used by more than half of all websites. This means during any given browsing period, it’s likely that at least some of that user’s activity is being tracked by website owners and data is being sent to Google.

The popularity of Google Analytics is no surprise given it comprises a powerful suite of tools, is fairly simple to get started with, and is free. As useful as this service is for business owners, it’s also powerful for Google itself. It drives the collection and reporting of massive amounts of data and contributes to Google’s position as a data powerhouse.

When we’re talking data, we also need to talk privacy. Of course, it’s not really Analytics customers (website owners) that need to worry. Rather it’s the users (website visitors) who are being tracked. While privacy policies are in place, it’s widely known that these are not always adhered to by website owners. As such, the vast majority of users may be giving up more information to Google than they’re aware of.

In this article, we’ll delve into Google Analytics and the associated privacy policies and guidelines. We’ll take a look at how information is being collected and used. Finally, we’ll offer insight into what site owners can do to ensure they abide by policies, and what website visitors can be doing to protect their information.

An introduction to Google Analytics and data privacy

The basic way in which Google Analytics works is that customers collect data through their website and it is sent to Google for analysis. Then data is returned to the customer to provide insights into their website traffic (e.g. geographic region and what type of device is being used) and user activity (e.g. page views and link clicks).

Google Analytics User Explorer interface.
A Google Analytics dashboard showing data per user.

When it comes to privacy, there are of course potential concerns for website visitors. Many are providing personal information, such as email addresses and billing information, to the website owner. And they might wonder if Google is receiving that information. After all, Google collects as much personal information as it can about as many users as possible. In fact, its whole business model revolves around this. Under the premise of serving customers better, it’s essentially building a detailed profile of each internet user in order to sell advertising.

Google is very explicit about this in its blanket privacy policy (there’s no separate one for Google Analytics) where it details how information is collected and what it’s used for. However, when it comes to Google Analytics, the tables appear to be turned. Google states that it doesn’t want access to personal information about users through customers. Additionally, customers should not store or track such data themselves through the Analytics platform. This is necessary to comply with various regulations (country-dependent) surrounding the storage of personal data.

The onus is on customers

Instead, Google tells customers (website owners) to make sure they don’t send any Personally Identifiable Information (PII) via Analytics. As such, it’s the owners who bear the brunt of the responsibility when it comes to anonymizing information:

“You will not and will not assist or permit any third party to pass information to Google that Google could use or recognize as personally identifiable information.”

Google provides various tools to help them do this and lays out rules in its terms of service. One of the most significant guidelines maintains that every Google Analytics customer must have a privacy policy on their site that includes a mention of the fact that the site uses analytics.

“You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect data. You must disclose the use of Google Analytics, and how it collects and processes data. This can be done by displaying a prominent link to the site “How Google uses data when you use our partners’ sites or apps”, (located at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time).”

The Google Analytics Privacy and Terms section.
The webpage that Google suggests site owners link to in their privacy policy.

Of course, the stipulation is largely ignored or not even read in the first place, which is not a great start.

Customers can do several things to stop personal information being revealed, including masking IP addresses and disabling tracking on certain pages.

Again, most don’t actually do this and may not even read through enough documentation to know their options. It’s possible that Google relies on the fact that owners are negligent, as this means it has access to more personal information while the burden of responsibility lies with another party.

If Google didn’t want access to the data, it could enable privacy controls such as IP masking and disabled tracking by default. This way, owners would have to manually turn off such controls, which would likely drastically increase compliance. By telling owners what they can and can’t do and providing the tools to do it, Google absolves itself of responsibility and can continue to collect user information.

In the Data sharing settings section of the policy, it’s clear that real people have access to user data sent by owners: “All Google representatives that can access account data, including vendors, must agree to internal access policy terms and conditions. Data access requires appropriate authentication; all access is over SSL and is logged for security review, and representatives can only use Google-approved computers when accessing customer data.”

While Google has a lot to say when it comes to the topic of owners not sending PII, there is not much to say what happens when Google inadvertently receives such information. Its policy states that storage of such information by site owners could result in the termination of their accounts. But given the reportedly low compliance, it’s unlikely this happens all that often. Plus, it still doesn’t reveal what Google might do with the information. This lack of commentary about the consequences of noncompliance is probably the most worrying thing about it.

Google Universal Analytics

Google Universal Analytics brings the concept of a user profile to website owners. It basically means that owners will gain insight into users based on multiple sessions to get a better view of how each individual customer is interacting with their business. This is not supposed to be tied to any PII, but a user ID (not considered PII) can be assigned instead.

What this means for users is, once again, a profile is being built about them. This is a double-edged sword. While it can help businesses to serve users better, for example by creating a more personalized site experience, it can also feel like an invasion of privacy.

The types of information being collected

So what exactly are owners and Google seeing when you’re on a site that uses Google Analytics? Here we’ll explain what information users are giving up and how it’s being collected.

Cookies

As stated in the Safeguarding your data answer section, “Google Analytics mainly uses first-party cookies to report on user interactions on Google Analytics customers’ websites.” Cookies are small pieces of data that websites use to track visits and activity by specific users. The cookies used by Google Analytics track user IDs and campaign information about each user.

Here are some of the items that are tracked:

  • Page tracking: Customers can track pageviews on an overall or user-specific basis
  • Event tracking: Events might be things like downloads, video plays, and mobile ad clicks.
  • Social interactions: This is a more specific version of event tracking that focuses on social media elements, such as Facebook “Likes”.
  • App/screen tracking: This tracks which part of the content users are viewing.

Overall, user activities on a particular site may be tracked to a very specific level.

The Google Analytics cookies are just one of several types of cookie used by Google. Advertising cookies are another type to potentially be concerned about. These cover things like previous Google searches and interactions with ads. When customers use Google’s Advertising features, they agree to have these cookies on their site. Again, they’re supposed to disclose this in their privacy policies, but we wouldn’t hold our breath.

Measurement protocol

Google also offers the use of the Measurement Protocol. This involves sending HTTP requests of raw user interaction data from any environment. One of the applications of this is to give customers the ability to “tie online to offline behavior.” How so? Well, in the age of the Internet of Things (IoT), it’s not just your desktop, tablet, and smartphone that are connected to the internet.

The Measurement Protocol goes beyond websites and mobile apps to send Google data about off-site events like email opens, URL clicks, QR code scans, and offline purchases. And it doesn’t stop there. Everything from TVs and sound systems to microwaves and washing machines might also be connected.

Data could be sent from any of these devices through Google Analytics via the Measurement Protocol, meaning that businesses could really learn about your offline behavior. Those with so-called ‘smart homes’ could have their entire day mapped out, from what time they brew their coffee to which day they launder their delicates. Perhaps a little too creepy.

What’s more, Google boasts in one of its case studies that the Measurement Protocol helped “by capturing traffic coming from mobile devices that don’t support (or have disabled) JavaScript.” Ironically, one of the main reasons for disabling JavaScript on a mobile device is to prevent being tracked in the first place.

How it all comes together

Google is a data powerhouse and although this industry is going through some changes, it doesn’t show signs of slowing. The company’s main revenue stream is advertising, and it utilizes user information to propel its highly lucrative Google Adwords. The vast amount of data it has collected helps businesses target their ads at a very specific level, thus making Google some seriously huge profits.

Analytics is free to use and offers the perfect compliment to the Adwords model, enabling customers to see how effective their ads are. You don’t have to be an Adwords customer to use Analytics (and vice versa). But if you’re already using Analytics and you’re looking to run paid ads, chances are Adwords will seem like a natural progression. The two can be easily integrated and accessed via the same interface.

Integrating AdWords and Google Analytics.
Analytics and AdWords can be linked with just a few clicks.

Google already has so much information about your site’s users that it has the power to help you run highly targeted ads. Plus, even if a user doesn’t graduate to Adwords, Google still has access to a ton of aggregate data about the site that it can use to benefit other Adwords customers.

Within AdWords, Google offers a remarketing feature. This helps customers retarget past website visitors by pushing out ads across all of that user’s devices. This means when you visit a website on your desktop, the simple fact you’ve accessed that site could mean you start seeing ads for that business popping up everywhere, on your desktop and mobile devices.

This can feel seriously invasive. It’s not only inconvenient and annoying but it can pose privacy issues, especially if you share some devices with others. Want to surprise your girlfriend with a wedding proposal? Then definitely avoid looking at rings online or your secret won’t stay safe for long.

How to protect your privacy

Thankfully, you don’t have to do a ton of digging and tweaking to make sure your data is as safe as possible. Whether you’re a Google Analytics customer or a website visitor, there are controls available to help you.

Customers (site owners)

We mentioned some of the options available earlier, but we’ll go into a bit more detail about them here. Again, the onus is on Google Analytics customers to make sure personal information doesn’t get to Google.

Display a privacy policy

When you become an Analytics customers, you agree to terms that include that you post a privacy policy on your site. This doesn’t just involve a mention of the fact that you use Analytics. You also have to explain what features are used and what happens to the data. If you’re using Advertising features, you’ll have to disclose this too.

Remove PII from data

Although it can be a cumbersome task, removing PII from your website data is a must if you want to abide by the rules. Whatever data is collected from your site, be it names, email addresses, or phone numbers, it should be removed before the data is sent to Google.

Anonymize IP

If a site owner requests IP address anonymization, Google will set the final part of each user IP address to zeros so that the full address is never stored. However, since the IP address if used for geographic reporting, masking the IP may make this less accurate.

Disable tracking

There is the possibility of disabling tracking on certain pages or for certain users. This means owners could potentially offer their users the option to opt out (or opt in if it’s set up that way) of Google Analytics tracking.

Users (site visitors)

Since it’s clear from studies that many owners can’t be trusted to follow the guidelines in place, users would be prudent to put their own measures in place to prevent their information being tracked and collected.

Google Privacy Controls

Google has set up an entire privacy control section to help you decide things like what information Google collects, the type of data associated with your account, and what ads are shown. While this is great, there are a couple of problems. First, you have to be a Google account holder (e.g. Gmail or G Suite customer) to access the controls, which means you could end up handing over more personal information. Second, by default, the settings are pretty much set to the least private options. You have to go into each section manually and change everything if you have any hopes of maintaining some privacy.

Google Analytics opt-out browser add-on

If it’s just Analytics you’re concerned about, you can use the Google Analytics opt-out browser add-on. This will prevent your site activity being monitored by Google Analytics. However, it doesn’t stop site owners gathering information via other methods.

Third-party extensions

If you want a more comprehensive browser add-on, there are plenty of third-party extensions available. These will help block tracking form Google Analytics as well as other common tracking sites.

Use a Virtual Private Network (VPN)

Finally, one of the best ways to browse worry-free is to use a Virtual Private Network (VPN) like ExpressVPN or CyberGhost. These provide IP masking by giving you an entirely different IP from a server location of your choice. This way, you don’t have to rely on site owners to anonymize your data for you. Plus, VPNs have plenty of other benefits, including securing open wifi connections and unblocking geo restricted content. With some prices starting at under $3 per month, it’s worth the peace of mind.

Final Comments

In today’s landscape, it would be difficult for many businesses — particularly online ones — to compete without the use of analytics software. Indeed, the success of many companies hinges upon their ability to track how customers interact with their sites. Therefore, the collection of at least some anonymized data can be considered crucial.

With that being said, privacy continues to be a real and valid concern for consumers. As such, it’s increasingly important for businesses to strike a balance between tracking consumer activity and being respectful of their privacy. As outlined above, this is possible by being clear about exactly what information is being collected, taking measures to anonymize data, and explaining how one might opt out altogether.