What Data Does Google Analytics Prohibit Collecting?

Google Analytics
Written by Sheikh Umair

When creating a Google Analytics account, you must comply with the terms and conditions of the company’s privacy policies. In this article, we will discuss what data Google Analytics prohibits collecting, and how you can avoid violating these policies. PII and sensitive information are prohibited, and you should not upload any of this data to your site. This includes credit card numbers and social security numbers. The following table highlights the data that you should not upload to your Google Analytics account.


When you are using Google Analytics for your website, you should make sure that you are not collecting any PII data. The term PII means “Personally Identifiable Information.” This includes email addresses, names, phone numbers, and physical addresses. Even though you might not consider your visitors to be PII, Google has guidelines about the use of this data. The terms of service also explain what PII is.

PII data includes any information that identifies you, is linked to you, or describes you. PII is generally considered to be sensitive information. It must be collected with your consent and cannot be encoded into transmittable data. PII data may include your name, social security number, email address, employment information, and medical history. Even if your website uses Google Analytics for marketing, it may not be appropriate if it captures PII data.

Sensitive information

You can comply with the rules of privacy and security when using Google Analytics. Generally, it is prohibited to collect or use sensitive information without consent. Furthermore, it is subject to strict regulations about its storage, transfer, and use. For example, sensitive information cannot be collected without consent, or without a valid legal basis. Additionally, companies are required to collect only what is necessary, and they must have mechanisms in place to delete such information.

A recent decision by the Austrian Data Protection Authority found that Google Analytics violates the EU’s General Data Protection Regulation (GDPR). Its use of personal information in marketing campaigns is also questioned by the European Union’s Data Protection Council, which says the use of Google Analytics is “incompatible” with the EU’s privacy law. However, it is important to remember that this decision does not apply to all companies.

Credit card numbers

While Google Analytics is a fantastic tool for understanding your site visitors, there are certain types of data you shouldn’t collect with it. Most notably, credit card numbers and other sensitive personal information are not permitted by Google. You should never collect PII or sensitive personal information on your site, because these data could violate an individual’s privacy and security. This rule is particularly important if you’re using Google Analytics to track visitor behavior.

While Google Analytics does not directly collect credit card numbers, it does use a unique Client ID that ties each action to a specific consumer. As such, these data fall under the CCPA’s definition of Personal Information. You can read more about Google Analytics’s privacy policies in the CCPA’s Individual Qualification. You should also consider whether you can collect such data using Google Analytics. If you’re unsure about this, consider reading over the information below.

Social security numbers

The collection of sensitive data, including social security numbers, credit card numbers, health information, and racial or ethnic origin, is prohibited under Google Analytics. But that doesn’t mean you can’t collect phone numbers and email addresses. There are certain procedures that you must follow to ensure the privacy of such data. And you need to check these procedures regularly to ensure that they are still effective. Here’s how to keep these information anonymous, so you can continue to use the internet responsibly.

Health information

A recent lawsuit filed by a patient of the University of Chicago Medical Center has revealed that the medical center shared her health information with Google for predictive medical data analytics technology. While HIPAA does not explicitly prohibit sharing health information with technology companies, it requires informed consent from the patient. Therefore, companies should be cautious when collecting health information. While there are some exceptions, this practice should be avoided whenever possible. Here are some ways to ensure that your data remains secure.

First, health-related data should be treated as private and protected, with incentives to avoid re-identification. While the privacy of health information is the highest priority, the residual risk of re-identification of de-identified data should be addressed. Companies should be held liable for unauthorized or intentional re-identification of de-identified data. Third, companies should be required to be transparent about the ways they use and disclose de-identified data. They should also provide full disclosure of the methodologies used to de-identify their data.

Read more: How to Use Digital Marketing to Grow Your Local Business?

About the author

Sheikh Umair

I am Sheikh Umair, Co-founder of Pakistan Networks. I like to share my readings, thoughts, information, and knowledge. I love to travel and explore places. My interest in Traveling, Entertainment, Fashion keeps me gaining more knowledge. I am a fun-loving person and like to live a simple life.