Complying with the company’s privacy policies and terms and conditions is essential when setting up a Google Analytics account. This article will explore the types of data that Google Analytics prohibits collecting and provide guidance on how to avoid violating these policies.
It is crucial to remember that personally identifiable information (PII) and sensitive data are strictly prohibited from being uploaded to your site. This includes, but is not limited to, credit card numbers and Social Security numbers. The table below outlines the types of data that should not be uploaded to your Google Analytics account.
Table of Contents
PII
When using Google Analytics for your website, you should ensure that you are not collecting any PII data. The term PII means “Personally Identifiable Information.” This includes email addresses, names, phone numbers, and physical addresses. Even if you might not consider your visitors as PII, Google has guidelines regarding the use of this data. The terms of service also define what PII is.
Personally Identifiable Information (PII) refers to any data that can identify you, is linked to you, or describes you in detail. Generally considered sensitive, PII must be collected with your consent and cannot be encoded into data that can be transmitted.
Examples of PII include your name, social security number, email address, employment details, and medical history. If your website uses Google Analytics for marketing, it is important to ensure that it does not capture any PII, as this may be inappropriate.
Sensitive information
When using Google Analytics, you can adhere to privacy and security rules. Generally, it is prohibited to collect or use sensitive information without obtaining consent. Moreover, there are strict regulations concerning the storage, transfer, and use of this data.
For instance, sensitive information cannot be collected without consent or a valid legal basis. Additionally, companies should only collect what is necessary and must have systems in place to delete this information when it is no longer needed.
A recent decision by the Austrian Data Protection Authority found that Google Analytics violates the EU’s General Data Protection Regulation (GDPR). The European Union’s Data Protection Council has raised concerns about Google Analytics’ use of personal information in marketing campaigns, stating that it is “incompatible” with the EU’s privacy law. However, it’s important to note that this decision does not apply to all companies.
Credit card numbers
Google Analytics is an excellent tool for understanding your site visitors; however, there are specific types of data that you should avoid collecting with it. Most importantly, Google does not allow the collection of credit card numbers or other sensitive personal information.
You should never collect personally identifiable information (PII) or sensitive personal data on your website, as doing so could violate an individual’s privacy and security. This guideline is especially crucial when using Google Analytics to track visitor behavior.
While Google Analytics does not directly collect credit card numbers, it assigns a unique Client ID to associate each action with a specific consumer. This data is considered Personal Information under the CCPA (California Consumer Privacy Act).
You can learn more about Google Analytics’s privacy policies by reviewing the CCPA’s Individual Qualification section. Additionally, think about whether you can collect such data using Google Analytics. If you’re uncertain, it’s a good idea to review the information provided below.
Social security numbers
The collection of sensitive data, such as social security numbers, credit card numbers, health information, and information regarding racial or ethnic origin, is prohibited under Google Analytics. However, you can still collect phone numbers and email addresses, provided that you follow specific procedures to protect the privacy of this data. It is essential to regularly review these procedures to ensure they remain effective. Here are some guidelines to help you keep this information anonymous, allowing you to use the internet responsibly.
Health information
A recent lawsuit filed by a patient against the University of Chicago Medical Center has uncovered that the medical center shared her health information with Google for predictive medical data analytics. Although HIPAA does not explicitly prohibit sharing health information with technology companies, it does require informed consent from the patient.
Therefore, companies should exercise caution when collecting health information. While there are some exceptions to this rule, such practices should generally be avoided. Here are some ways to ensure that your data remains secure.
First, health-related data should be treated as private and protected, with incentives to avoid re-identification. While the privacy of health information is the highest priority, the residual risk of re-identification of de-identified data should be addressed.
Companies should be held liable for unauthorized or intentional re-identification of de-identified data. Third, companies should be required to be transparent about the ways they use and disclose de-identified data. They should also provide full disclosure of the methodologies used to de-identify their data.
Read more: How to Use Digital Marketing to Grow Your Local Business?
