from Hacker News

Ask HN: How to make your Google analytics and Adwords account GDPR compliant

by inertial on 5/11/18, 10:25 AM with 1 comments

If you are running an honest small business, you are probably short on resources for GDPR compliance. Is there a simple bullet list of things to do to ensure that your analytics account & adwords account are GDPR compliant. Most of the blogs I've come across are full of legal mumbo-jumbo and screenshots of e-mail updates from Google.

I could gather this so far :

Google Analytics:

- Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?

- Have a cookie consent banner for EU that is opt-in i.e. no tracking cookies are set until the user says so. Hardly anyone is doing this yet.

- Use anonymizeIP function in google analytics i.e. : ga('set', 'anonymizeIp', true);

Google Adwords:

- Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?

- If you are using re-marketing, either disable it or let it be known in privacy policy ?

  • by termsfeed on 5/14/18, 6:25 PM

    Hopefully this helps.

    > Google Analytics: > - Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?

    If you only want to disclose what kind of personal information you collect, you don't need special clauses. Simply disclose what personal information you collect.

    However, a Privacy Policy should include:

    - What personal information you collect - What are you doing with that information (the purposes) - What controls users have - Whom you share the information with (third parties)

    > Google Analytics: > - Have a cookie consent banner for EU that is opt-in i.e. no tracking cookies are set until the user says so. Hardly anyone is doing this yet.

    You can have a look at https://privacypolicies.com/cookie-consent/ as it's easy to implement with jQuery to categorize non-important cookies to not load before you get consent from users.

    > Google Analytics: > - Use anonymizeIP function in google analytics i.e. : ga('set', 'anonymizeIp', true);

    Yes. This article, aimed at Rails developers, can help as well:

    https://pawelurbanek.com/gdpr-compliance-blog-rails

    > Google Adwords: > - Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?

    Same as above.

    > Google Adwords: > - If you are using re-marketing, either disable it or let it be known in privacy policy ?

    You should disclose it in your Privacy Policy and inform users how they can opt-out from behavioral remarketing done by AdWords cookies.