Ask HN: How to make your Google analytics and Adwords account GDPR compliant

5 points by inertial 8 years ago | 1 comment

If you are running an honest small business, you are probably short on resources for GDPR compliance. Is there a simple bullet list of things to do to ensure that your analytics account & adwords account are GDPR compliant. Most of the blogs I've come across are full of legal mumbo-jumbo and screenshots of e-mail updates from Google.

I could gather this so far :

Google Analytics:

- Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?

- Have a cookie consent banner for EU that is opt-in i.e. no tracking cookies are set until the user says so. Hardly anyone is doing this yet.

- Use anonymizeIP function in google analytics i.e. : ga('set', 'anonymizeIp', true);

Google Adwords:

- Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?

- If you are using re-marketing, either disable it or let it be known in privacy policy ?

termsfeed 8 years ago |

Hopefully this helps.

> Google Analytics: > - Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?

If you only want to disclose what kind of personal information you collect, you don't need special clauses. Simply disclose what personal information you collect.

However, a Privacy Policy should include:

- What personal information you collect - What are you doing with that information (the purposes) - What controls users have - Whom you share the information with (third parties)

> Google Analytics: > - Have a cookie consent banner for EU that is opt-in i.e. no tracking cookies are set until the user says so. Hardly anyone is doing this yet.

You can have a look at https://privacypolicies.com/cookie-consent/ as it's easy to implement with jQuery to categorize non-important cookies to not load before you get consent from users.

> Google Analytics: > - Use anonymizeIP function in google analytics i.e. : ga('set', 'anonymizeIp', true);

Yes. This article, aimed at Rails developers, can help as well:

https://pawelurbanek.com/gdpr-compliance-blog-rails

> Google Adwords: > - Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?

Same as above.

> Google Adwords: > - If you are using re-marketing, either disable it or let it be known in privacy policy ?

You should disclose it in your Privacy Policy and inform users how they can opt-out from behavioral remarketing done by AdWords cookies.