Documentation

Privacy Policy for Google Analytics

In accordance with international privacy laws, Google generally requires you to have a legally compliant privacy policy in place if you use Google products. This condition is usually included in the terms that you agree to when you sign up to use their services.

In regards to Google Analytics, in particular, Google states in their Terms of Service under section “7. Privacy“:

You will have and abide by an appropriate Privacy Policy and will comply with all applicable laws, policies, and regulations relating to the collection of information from Visitors. You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect data. You must disclose the use of Google Analytics, and how it collects and processes data. . . . You will use commercially reasonable efforts to ensure that a Visitor is provided with clear and comprehensive information about, and consents to, the storing and accessing of cookies or other information on the Visitor’s device where such activity occurs in connection with the Service and where providing such information and obtaining such consent is required by law.

Google repeatedly references “applicable law” throughout their terms as many of these privacy-related stipulations are related to actual legal requirements. Google is bound to many of the same privacy laws that you are and as such, their terms reflect this.

So what does this mean in practical terms and which laws apply?

Let’s assume you have a website, you run Google Analytics on it and you want to ensure that you comply with Google’s terms (and the law). What do you have to do?

  1. Create a legally compliant privacy policy. Read the specifics [below].
  2. Ensure that the privacy policy includes clauses specific to the processing activities handled via Google Analytics.
  3. Include a cookie policy. From the quote above, you’ll note that in addition to the general privacy policy requirement, Google further requires that you include notice of your use of cookies as well.
  4. Handle cookies and consent to cookies in a legally compliant way. This generally means informing users of the use of cookies (as mentioned in the previous point), obtaining consent to the use of cookies and maintaining [proof] of that consent. One Analytics feature that may help with the consent requirement here is the IP Anonymization feature, however, you’re still required to inform users in a conspicuous and detailed way, about the use of even these cookies. Furthermore, the use of cookies may be considered “monitoring behavior” under the GDPR, even where those cookies are anonymized statistical cookies. Therefore, it is recommended that you block cookies prior to obtaining express consent, by default. You can read more about Google Analytics and the GDPR here.

Generally, the national/regional laws of your base of operations will apply, as well as (in many cases), the laws governing the regions in which your users are based. This can be quite tricky online, as, unless you’re actively blocking some regions, you may need to address requirements across geographical boundaries and legal jurisdictions. For this reason, it’s always the best idea to handle these activities with the strictest applicable regulations in mind (which currently, is likely European Law, mostly the GDPR and Cookie Law).

You can read more about determining your law of reference here or read our in-depth Legal Overview Guide here.

Google Analytics Advertising Features

Google Analytics Advertising features allow you to enable features in Analytics that aren’t available through standard implementations. Advertising features include:

  • remarketing with Google Analytics;
  • Google Display Network Impression Reporting;
  • Google Analytics Demographics and Interest Reporting;
  • integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers;
  • User-ID, a feature that you can use to associate multiple sessions with a unique ID.

For more information read Remarketing with Analytics and User-ID and Cross Device on Analytics Help.

How This Relates to Your Privacy Policy

In Google’s words:

If you use an SDK to implement any Google Analytics Advertising Features, such as Audience Reporting or Remarketing, you must comply with the Policy for Google Analytics Advertising Features, in addition to the Google Play Developer Program Policies, and any other applicable policy.

This requires slight modifications/additions to your privacy policy which is outlined in our guide How to update your Privacy Policy to reflect enhanced advertising features in Google Analytics.

Basic privacy policy outline

Let’s start with the minimum legal requirements for a privacy policy. These are the most basic elements that a privacy policy should have:

  • Who is the site/app owner?
  • What data is being collected? How is that data being collected?
  • What is the Legal basis for the collection? (e.g consent, necessary for your service, legal obligation etc.) – This is more specifically related to the GDPR and EU Law, however, even if you fall outside of GDPR obligations, under most countries’ legislations, you’ll still need to say why you’re processing the personal data of users.
  • For which specific purposes are the data collected? Analytics? Email Marketing?
  • Which third parties will have access to the information? Will any third party collect data through widgets (e.g. social buttons) and integrations (e.g. Facebook Connect)?
  • What rights do users have? Can they request to see the data you have on them, can they request to rectify, erase or block their data? (under the GDPR most of this is mandatory)
  • Description of process for notifying users and visitors of changes or updates to the privacy policy
  • Effective date of the privacy policy

How to Create a Privacy and Cookie Policy for Google Analytics

Here’s where our Privacy and Cookie Policy Generator comes in very handy: with 600 + available clauses, our privacy policies contain all elements commonly required across many regions and services, while applying the strictest standards by default – giving you the option to fully customize as needed.

The cookie policy is a section of the privacy policy dedicated to cookies. It details all legally required information including the categories of cookies used, their purposes, names the third parties who install or may install cookies through the website and provides links to said third parties’ respective privacy policy and possible consent forms. The Generator features a one-click set-up for the cookie policy which then automatically pulls all the relevant cookie information from the services indicated in your privacy policy.

All our policies are created by lawyers, monitored by our lawyers and hosted on our servers to ensure that they are always up-to-date with the latest legal changes and third-party requirements.

The generation process is easy and intuitive:

  • Click on any of the green “Start Generating” buttons visible throughout this site to begin, and select the “Generate Now” button under Privacy and Cookie Policy in your site area.
  • Add any service you may be using. In this case, it will be “Google Analytics“, and possibly “Google Analytics with anonymized IP“, “User ID extension for Google Analytics“, “Remarketing through Google Analytics for Display Advertising” and/or “Display Advertising extension for Google Analytics” depending on what features you have enabled.
  • Enable the optional Cookie Policy (strongly recommended, requires a Pro License).
  • Fill out your web/app owner and contact details.
  • Add the iubenda Privacy Policy to your site (best practice is to link to your privacy policy from your footer, where your users or visitors can find it at any given time).

Read the guide on How to Generate a Privacy Policy here.

How You Can Manage Cookie Usage

As mentioned above, there are two sets of specifications to be met — those of Google and those of the Cookie Law. Luckily, these two intersect and requirements for both are easily met by our comprehensive Cookie Solution.

Our Cookie Solution allows you to:

  • easily inform users via banner and a dedicated cookie policy page (which is automatically linked to your privacy policy and integrates what’s necessary for cookie law compliance);
  • obtain and save cookie consent settings;
  • preventively block scripts prior to consent; and
  • keep track of consent and save consent settings for each user for up to 12 months from the last site visit.

You can collect consent via multiple mechanisms including continued browsing, scrolling, and/ or specific clicking actions. Keep in mind though that allowed consenting actions may differ depending on the Member State law.

The process is straightforward:

After creating your account simply go to your website area:

  • click on “Generate Now” under Cookie Solution;
  • configure and customize as you’d like;
  • integrate your cookie policy; and
  • embed into your site.

It’s easy to run, fast and does not require heavy investments. For more information on our Cookie Solution click here.

Create a privacy policy for Google Analytics

Start generating

See also

Still have questions?

Visit our support forum Email us