GDPR & Google Analytics


(Dave Farrants) #1

If you’re using Google Analytics has else noticed the default retention of data is 26 months and the minimum retention period of GA is 14 months? I’ve now removed GA for the time being.


(NeilUK) #2

I removed Google Analytics a long time ago. I use Matamo (self-hosted) for all my sites and client sites also.

You can set it not to collect the full IP address and you control the data, not a third party.


(Joel Fletcher) #3

I have been wondering about what Google is doing to make analytics compliant with GDPR law. It is because of companies like Google that the law even exists. One would assume that they are modifying the code to not collect “personal” data, but the only official statement I can find basically says they are working on getting it ready for the deadline.

My website uses Google Analytics, along with millions of others. Besides deleting it, is there any recommended course of action to make Google Analytics acceptable for GDPR on my site? I am drafting a privacy page… would stating that you use Google Analytics be enough? I definitely do not want to have to utilize an analytics opt-out option window.

Would other options such as Matomo be GDPR compliant? Looks like it respects privacy, but does require javascript on each page.


(Will Woodgate) #4

Again I think it is a case of ask 10 people and get 10 different answers!

Google claims to be a member of something called EU-US Privacy Shield:
https://support.google.com/analytics/answer/7105316?hl=en

Some are of the opinion this means Analytics is compliant with GDPL. But I honestly have not been able to find much concrete proof of this. Delving deeper, it reads like EU-US Privacy Shield is a self-regulatory body. That makes me think it might fall short of GDPL requirements?

I’ve been putting Google Analytics code inside CookieManager and setting that as a Partial across all pages of my websites. Then the tracking code only works if people opt-in to cookies and tracking. Nearly everyone does opt-in, but for those who choose not to, Google can’t see them. It probably will skew your site data slightly, but no more than someone arriving at your website via a VPN / Tor Browser type configuration.

I’d say that if you are not routinely looking at your analytics data and actively using it to monitor campaigns, then there is probably little point having it installed. The days of boasting how many “hits” your website has had are largely over; in this era with so much automated traffic and bots etc. It’s the quality of traffic that matters more nowadays. And giving users a really good website experience.

Piwik / Matamo are great solutions if you want to do all your website usage tracking ‘in house’ and never relay data onto a third party. Definitely a more ethical approach towards analytics. Some hosting companies (shameless plug for Chillidog hosting again) have 1-click installs available in the CPanel. I am giving serious consideration towards switching from Google Analytics to Matamo. I really hate the new user interface Google Analytics are rolling out - it is terrible for trying to view basic information and is painfully slow. My clients dislike it too.


(Joel Fletcher) #5

Hmmm. Frankly I have been considering deleting Google Analytics for various reasons, including the points that Will makes. Due to the circumstances of the new GDPR law, maybe now is the time. Perhaps Matamo is a good alternative. My sites are also served via Chilidog Hosting, nice to know they offer a one-click install. Still, the question remains, would Matamo be GDPR compliant? It would be great if there was more clarity on issues like this.


(Dave Farrants) #6

Good call thanks, now setup (self hosted) on 1 site to see how it goes.


(NeilUK) #7

You’re welcome. They also have an iPhone app, which you can connect to your account/s. Not sure about other platforms though.


(system) #8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.