Germany is well known for its fierce stance on privacy and its data protection authorities had accomplished one thing: to get Google to adapt some of their practices regarding the implementation of Google Analytics into German websites.

Update September 2016: Google has published their Privacy Shield certification, and updated the terms for using Google Analytics in Germany, including the contract for data processing

Update December 2016: The authority of Hamburg has disabled their guides, to reassess the situation.

Update mid-2017: The authority of Hamburg has provided new docs about a compliant use of GA, in German only.

Note: read this post in German instead: Aufsetzen der Datenschutzerklärung bei Nutzung von Google Analytics.

Since then you can find information about how to properly embed Google Analytics into German websites on the various data protection authorities’ websites, like the one in Hamburg.

On datenschutz-hamburg you can find a document called Guidelines for Hamburg-based website operators using Google Analytics, that outlines in detail what you have to do in order to use Google Analytics in a compliant way in Germany.

Get started quickly with iubenda + Google Analytics

Take these two actions to get started with iubenda (to become privacy regulation compliant in Germany):

  • Sign up/Sign in;
    1. Choose the “Google Analytics with anonymized IP” clause;
    2. Important: Choose the “Direct text embedding” option to display the privacy policy on your site;

Read the rest of the post for more details.

In order to use Google Analytics and iubenda the way it is intended by the German data protection authorities you have to follow the two processes outlined below:

1) Things you are required to do regarding Google Analytics

To quote the data protection authority of Hamburg: To use Google Analytics in a compliant way, you as the website operator must implement the following measures as a minimum

  1. Sign agreement: you must conclude (in writing) the data processing agreement prepared by Google. This agreement can be found here.
  2. Privacy policy & opt-out: inform about your use of Google Analytics in your privacy policy. Inform about their opportunity to object, and link to this opt-out extension made by Google: This part, the privacy policy generation, is what iubenda helps you with.
  3. Opt-out II: you should implement your own opt-out link for the privacy policy. The reason for this is that Google’s extension works mainly for non-mobile browsers. Therefore, the more mobile visitors you have, the more important this opt-out option will be. When you use iubenda, we will add such an opt-out link to the privacy policy automatically, but you have to additionally follow the instructions below for it to work perfectly.
  4. IP-Anonymization: You need to use the anonymization function provided by Google in your Google Analytics snippet called “_anonymizeIp()”. Read more about the anonymization part here.
  5. Delete old data: if you haven’t used Google Analytics with the anonymizeIp() function so far, you are required to delete prior data because it is considered to have been collected unlawfully.


Read about these requirements in more detail here.

Update 2017: The English pdfs on the Hamburg DPA were suspended, therefore we’re linking to the updated German version here instead.

2) How iubenda can help you regarding Google Analytics

  1. Sign up/Sign in and add the Google Analytics clause called “Google Analytics with anonymized IP“.
  2. Use the “direct text embedding” option for our privacy policy on your site. There is no way around it if you want to closely follow German practice. The way the Javascript is set up by Google, it will only work and effectively opt-out your users like this from your site.
  3. Integrate the Javascript code* for the opt-out provided by Google, it needs to be placed on every page BEFORE the Google Analytics snippet. Here are Google’s instructions.

*the Javascript snippet provided by Google that must be placed before Google Analytics:

// Set to the same value as the web property used on the site
var gaProperty = 'UA-XXXX-Y';

// Disable tracking if the opt-out cookie exists.
var disableStr = 'ga-disable-' + gaProperty;
if (document.cookie.indexOf(disableStr + '=true') > -1) {
  window[disableStr] = true;

// Opt-out function
function gaOptout() {
  document.cookie = disableStr + '=true; expires=Thu, 31 Dec 2099 23:59:59 UTC; path=/';
  window[disableStr] = true;

Basically, what iubenda will do for you: if you have integrated Google’s code above correctly into your site, we will show an opt-out success message, if not, we will send people to Google’s opt-out mechanism that opts-out only part of your audience.

Other posts to read regarding Google Analytics

The process looks more complicated than it is. Basically you have to

  • make sure you follow the requirements as outlined by the data protection authorities – details
  • iubenda will help you with crafting a privacy policy – details

If you want to do additional reading, you will find other relevant posts here in this list below:

Let us help you to do this.


Generate privacy policy for Google Analytics

How to find the Google Analytics Data Processing AgreementPrivacy Policy for Google Analytics RemarketingHow to find the Google Analytics Data Processing Agreement

About Us

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app

Generate a privacy policy now

Ready in a few steps and built to meet the needs of both website and mobile app owners

Generate your privacy policy now

Sometimes the best choice is to "just give it a try"

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app

Generate your privacy policy now