Hmmm… where to start.
Is it a perfect storm, a Venn diagram or just the way of the world?
Yeah, it may take a minute to get to the tip. Lately I have been working with a few customers who stumbled on some PII they accidentally captured in Google Analytics (GA) and are desperately wanting to get deleted. At the same time I have been researching GA’s ‘Consent Mode‘ as one of my predictions was there would be consequences for not abiding by privacy regulations.
And then, boom, Forbes claims (maybe) ‘Google Analytics is Illegal.’ Okay, maybe that is hyperbole.
But the reality is there is a lot of misinformation out there about analytics, ‘tracking,’ cookies, et. al. And I don’t think the intention is to scare folks. Okay, maybe it is. But if you understand what is really happening, maybe it won’t seem so creepy. (Or maybe it will:). Anyhow, I will just tackle Google Analytics on this post. Feel free to reach out to chat about all other ad-tech opinions:)
Google Analytics has (and always has had) very strict rules about what data you can capture, store and report on in GA’s privacy policy. To paraphrase, you can’t capture any data point that could result in Google being able to identify the ‘physical’ person (e.g. email address, phone number, etc.) who you actually are.
The problem is Google doesn’t have any way to completely oversee how companies implement GA. So the rules state you can’t capture PII. But there are many ways, technically, to capture – purposely or inadvertently – personally identifiable information.
But there are things you can do. First, I recommend reading Google’s response to the Forbe’s article. Yeah, I think Google has it covered. I believe they get GDPR and other regulations and will certainly comply with them.
Also, okay -here comes the tip – I think the onus is on companies who use/implement GA to abide by these rules and regulations. So, it may be time to think about IP Anonymization and start thinking about Consent Mode.