This post mainly answers the question how and why you have to include a privacy policy on your website for Google Analytics.

Ganalytics_privacy_policy

Let's assume you have a website, you run Google Analytics on it and you are thinking about including a privacy policy. What do you have to do?

Quick Start Guide for iubenda with Google Analytics

  • Sign up/Sign in and choose our clause called "Google Analytics";
  • Generate the self-updating privacy policy with a few clicks;
  • Add French, German, Italian, Brazilian Portuguese or Spanish if you need it, it automatically duplicates the clauses from the English version;
  • Add the privacy policy to your site by embedding or linking to it;
  • Do you use Universal Analytics and User ID? See this.

1) Do I have to include a privacy policy when I use Google Analytics?

There are two sides to this question from a legal perspective. But actually only one answer: YES.

  • There is the legal side of it: Depending on where you are you may fall under European, American (Californian) or Australian privacy laws. The list could go on since most countries have some sort of privacy regulations that extend onto the web - and hefty penalties for non-compliance. Check out our Bonus for anonymizeIP
  • For analytics services in general: analytical services collect some sort of personally identifiable information as a rule of thumb, which is why you have to disclose this fact to people via something like a privacy policy: More information about the legal framework can be found here.
  • There is the company policy side to it as well: Does Google require me in their terms to have a privacy policy when I use their service? See the answer in the next paragraph (II).

2) Am I required by Google to post a privacy policy?

Yes. Google requires users of Google Analytics to use a privacy policy. When you sign up for Google Analytics, you consent to their terms that state under "7. Privacy":

You will not (and will not allow any third party to) use the Service to track, collect or upload any data that personally identifies an individual (such as a name, email address or billing information), or other data which can be reasonably linked to such information by Google. You will have and abide by an appropriate Privacy Policy and will comply with all applicable laws and regulations relating to the collection of information from Visitors. You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect traffic data, and You must not circumvent any privacy features (e.g., an opt-out) that are part of the Service.

And...

You may participate in an integrated version of Google Analytics and any DoubleClick product or service or any other Google display ads product or service ("Google Analytics for Display Advertisers"). If You use Google Analytics for Display Advertisers, You will comply with the Google Analytics for Display Advertisers Policy (available at http://support.google.com/analytics/bin/answer.py?hl=en&topic=2611283&answer=2700409 ) and, as set forth in the policy, disclose in Your Privacy Policy (i) Your use of Google Analytics for Display Advertisers and its features You use, and (ii) how Visitors can opt-out from Google Analytics for Display Advertisers. Your access to and use of any DoubleClick or Google display ads data is subject to the applicable terms between You and Google.

The most important part in these terms regarding the privacy policy:" You will have and abide by an appropriate Privacy Policy (...)".

3) How do I add a privacy policy?

Usually, to make a privacy policy legally effective and compliant, it has to be easily found. A best practice is to link to your privacy policy from your footer where your users or visitors can find it at any given time. It should also not be modified to look like you want to hide it (smaller type, light colors that make it literally indistinguishable from the background).

4) An example privacy policy for Google Analytics?

A lot of people ask for sample privacy policies for their websites & Google Analytics. In reality those samples don't do anyone much good because they're far too generic. Let's start with an enumeration of what needs to go into a privacy policy. Most countries' privacy laws require you to include the following information:

- What kind of personal data is collected
- Describe how this information will be used by the company.
- Describe how this information will be transferred to third party companies.
- Provide instructions on how users can modify or delete their personal information.
- Provide instructions on how users can opt-out of future communications.
- Identify its effective date and outline how you notify people of material changes to your privacy policy.

Here is a sample privacy policy clause for Google Analytics:

Google Analytics is a web analysis service provided by Google. Google utilizes the data collected to track and examine the use of www.example.com, to prepare reports on its activities and share them with other Google services.
Google may use the data collected to contextualize and personalize the ads of its own advertising network.

Personal data collected: Cookie and Usage Data. Place of processing: USA. Find Google's privacy policy here.

---

Ideally you would tell the users what the service does in general and how you are using it.

What do I do now?

You can either hire a lawyer, write your own policy or use iubenda's generator right away to make your policy. The Google Analytics clause falls under our free limits.

Our Approach of Generating a Google Analytics Privacy Policy

So here's where iubenda's privacy policy generator will come in very handy:

  1. Define the services and categories of data collection your app/site is making use of.
  2. Add the services (and categories of data collection like "have a contact form") you are using to your policy. iubenda now takes care of your policy and generates it for you.
  3. You can either link to your policy or embed the text into your app/site.

Generate a privacy policy for Google Analytics

 

Bonus 1: Display Advertising for Google Analytics

It's possible to update your Google Analytics implementation with a snippet to support Display Advertising. This snippet makes use of the DoubleClick cookie and will additionally allow you to track things like

This takes slight modifications/additions to your privacy policy which is outlined in our post privacy policy for Display Advertising for Google Analytics.

Bonus 2: Lawful use of Google Analytics in Germany

To ensure compliance in Germany, the German DPA of Hamburg has released guidelines for helping website operators with Google Analytics and privacy law compliance. Therefore you have to:

Generate a Privacy Policy in German and read our guide


Privacy Policy for 2Checkout.comPrivacy Policy for Adform: Service AddedPrivacy Policy in German?

About Us

Iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app
www.iubenda.com

Generate a privacy policy now for Google Analytics

Ready in a few steps and built to meet the needs of both website and mobile app owners

Generate your privacy policy now
RSS FEED

Sometimes the best choice is to "just give it a try"

Iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app

Generate your privacy policy now