Data Privacy

Introduction to Google Analytics Getting Started with Analytics
4 minutes
Share the link to this page
What is data privacy and why should you care? What is PII and how should you track it? We'll also review what GDPR and CCPA are and how they might apply to your website.


In this video, I want to talk about data privacy considerations. It's really important that you think through how you're handling the data that you're collecting and storing particularly any data that is sensitive or could be linked back to a particular individual. So as you start thinking about data privacy, one of the terms you're going to come across is PII. PII stands for personally identifiable information. And it's just what it sounds like. It's any data that can be connected back to a unique individual person, right?

If you have my name, if you have my email address, if you have my phone number, then you can connect any data associated with my name, email, address, phone number address back to me. So that's personally identifiable. Now, there's legitimate reasons to track personally identifiable information might at some point you need to know the names of your customers, you need to know the names of the people you're working with. That's fine to track PII. You want to be careful with tracking that now the Another thing to keep in mind is that not all data is PII, a lot of data, including everything that's in Google Analytics. And everything we're going to talk about in this course, is anonymized and aggregated data.

So what that means is, you might know, as you look at Google Analytics that somebody visited your website from Denver, Colorado, you might know that they use a smartphone device, you might know that they came to your website from an organic search result, you might know what pages they looked at, but you don't know that that person who visited your website was me. And you don't have my name. You don't have my email address, you don't have my phone number connected with that information. And so that's the difference between PII and non PII. Again, there's legitimate reasons to track PII. But you really don't want to have any PII in Google Analytics.

That way you can keep all of that sensitive information stored in places that make more sense. Google Analytics is not the right place to store that kind of sensitive information. Now the other reason you want to think about pi is that there are laws that govern how you can store this personally identifiable information. One of those laws is the general data protection regulation, or GDPR. And that is a set of laws passed in the European Union that applies to the European Economic Area went into effect in 2018. If your business operates in Europe, if you have customers in Europe, consult your lawyer, see if GDPR applies to you.

And if it does apply to you, make sure you're in compliance. In the United States, there's another law that you may need to pay attention to called the California consumer Privacy Act, or ccpa. This went into effect just at the beginning of this year in January of 2020. And if your business operates in or has customers in California, particularly if you're a larger business, collect a lot of PII. And you should consider consulting your legal team here as well, just to make sure you're in full compliance if the law does apply to you. Now there are some other privacy considerations.

To keep in mind, right, even if GDPR and ccpa, don't apply to you, you want to make sure that your website has a privacy policy. And you want to make sure that that privacy policy is accurately representing all the data that you're collecting PII or otherwise, as well. The other thing to keep in mind from a privacy standpoint is their data retention settings in Google Analytics for any custom reports that you're tracking. So within those data retention settings, you can set expirations if things are supposed to expire after 14 to 15 months, or you can set it to not automatically expire. What those expirations should be depends on which laws apply to you. So here again, talk to a lawyer figure out what makes the most sense for you based on the laws you need to comply with.

So what do we do here? Well, check if your website has a privacy policy. If it doesn't have a privacy policy, add one to your website. If you do have a privacy policy, go back review it, make sure that's still accurate. Make sure that's still up to date, as well check it GDPR ccpa Are any other similar laws apply to you, and how you have to handle the data that you're storing and track. If any of those laws do apply, then adjust your practices as needed.

Next up, let's talk about how you set up and start verifying that Google Analytics is working on your website.

Sign Up


Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.