Future-Proof Your Google Analytics 4 Property for GDPR Compliance
With data privacy regulations like the UK GDPR becoming increasingly stringent, ensuring compliance with data protection laws is paramount for businesses operating in the digital space.
Recent developments have placed Google at the forefront of data regulation as a gatekeeper of the Digital Markets Act. In light of this, it's crucial for website owners to stay aware of tools and functionalities that help stay compliant while safeguarding user data.
In line with this, we want to highlight a crucial functionality in Google Analytics 4 that can help future proofing GA4 properties’ compliance with the UK GDPR law: the redact data functionality.
What is the Redact Data Functionality in GA4?
The redact data functionality in GA4 enables you to redact email addresses and URL query parameters containing visitors' personal identifiable information (PII) before it is sent from your website to your Google Analytics property. This way, you can ensure that you do not inadvertently send website visitors' personal data to Google's servers.
With this functionality, you can choose to redact any specific parameters collecting personal information that may be collected by your site. For instance, if a visitor's first name is collected in a contact page URL as they submit a form (e.g., example.com/contact?first_name=robert), you can instruct Google to redact this data before sending it to Google Analytics.
How to Check for and Redact Personal Identifiable Information (PII) Data in Google Analytics 4
1.Verify if your website sends PII data to your GA4 property:
- In Google Analytics 4, navigate to Engagement > Pages and screens.
- Edit the report by clicking on the pen icon in the top right corner
- Add a new dimension of page path + query string
- Save the report
- In the report, click on the drop-down arrow next to the primary dimension and select “page path + query string”
- In the search bar at the top of the table, search for “?”, this will enable all URLs including a query parameter to show.
- Increase the number of rows per page and review the URLs listed in the table. Keep an eye out for URL query parameters (which is what comes after the question mark in a URL, e.g. ?first_name) that include PII data such as first name, last name, address, date of birth, email address, etc.
- If you find PII data in your URLs, make a note of the URL query parameters collecting this data (e.g. first_name, last_name, email).
2.Redact email addresses and specific URL query parameters in Google Analytics 4
Whether you have found PII or not in your reports, we recommend redacting email addresses in your GA4 property to future-proof its compliance with the UK GDPR law.
- Navigate to the admin section of your GA4 property, click on Data Streams and then on your property's Data Stream.
- Scroll down to the Events section and click on Redact data.
- Enable email data redaction by clicking on the toggle button next to Email
- If you have found PII in your data in the previous step, enable URL query parameters redaction and add the URL query parameters collecting PII data
- Save the report
After this configuration, data collected by the specified URL query parameters or email addresses will appear as redacted in your reports (e.g., example.com/contact?first_name=(redacted)).
For more best practices on avoiding sending PII data to Google, refer to the official Google documentation: https://support.google.com/analytics/answer/6366371#zippy=%2Cin-this-article
If you have any questions or need assistance with your GA4 data, website's compliance with Consent Mode V2, or any web analytics needs, contact our team of Digital Analytics experts.