Recently, we discovered something alarming while auditing one of our clients’ websites. Email addresses and phone numbers were showing up in their Google Analytics reports, exposing sensitive visitor information that they never intended to collect.
Collecting personally identifiable information from users can be a major issue. Not only does it violate privacy regulations like GDPR, but it also puts your business at risk of hefty fines and losing the trust of your customers.
But here’s the good news: preventing personally identifiable information (PII) from ending up in your analytics is actually quite straightforward once you know how.
We’ve spent years working with Google Analytics across hundreds of websites, and we’ve developed a foolproof system to keep sensitive data out of your reports. In this guide, we’ll show you exactly how to protect your visitors’ privacy while still getting all the valuable insights you need from your analytics data.
What Is Personally Identifiable Information, and Why Should You Protect It?
Personally Identifiable Information (PII) is any data that, when combined, can reveal a person’s identity.
Some common examples of PII include:
- Full name (first and last)
- Email address
- Phone number
- Home address
- Credit card information
- Login credentials (usernames and passwords)
- IP addresses (when linked to individuals)
The problem is that PII often sneaks into Google Analytics through URLs.
Let’s say that users submit personal details on contact forms or login pages on your WordPress site. This data can be embedded in the URL of the next page they visit.
The URL might look like this:
www.example.com/contact-us/thanks?email=personal@information.com.
In that example, we can see that the URL shows the user’s email address.
Why Should You Keep Personal Info Out of Analytics?
Privacy laws like GDPR are serious about protecting personal data. That’s one reason why Google doesn’t allow businesses to collect or store PII.
If your Google Analytics account is capturing PII, you could end up in trouble, facing hefty fines or having your account suspended.
And it’s not just a technical issue – it can have real consequences for your business. Users expect businesses to respect their privacy. But if they feel their data isn’t safe, they might take their business elsewhere.
That’s why it’s so important to keep PII out of your Google Analytics data.
With that in mind, we’ll show you how to keep personally identifiable information (PII) out of Google Analytics. Here’s a quick overview of the 2 methods we’ll share with you:
- Method 1. Using a WordPress Plugin to Keep PII Out of Google Analytics (Easy)
- Method 2. Keeping PII Out of Google Analytics (Manual Approach)
- Bonus Tips for Privacy Compliance on Your Website
- FAQs About Keeping Personally Identifiable Info Out of Google Analytics
- Further Reading: More Analytics and Tracking Guides
Ready? Let’s get started.
Method 1. Using a Plugin to Keep Personally Identifiable Info Out of Google Analytics
Google Analytics can be overwhelming to navigate, especially when trying to ensure compliance with privacy regulations.
Managing cookie consent, anonymizing IP addresses, and adjusting privacy settings can quickly become overwhelming. For many people, sorting through these settings and ensuring compliance is no easy task.
If you’re a WordPress user, then we have good news for you.
MonsterInsights is the best WordPress analytics plugin, and it integrates seamlessly with Google Analytics 4 (GA4). With its Privacy Guard feature, it offers privacy-friendly tracking that you can manage directly from your WordPress dashboard.
ℹ️ Quick note: MonsterInsights powers our conversion tracking at WPBeginner, helping us monitor traffic, forms, buttons, referral links, and more with ease. See why we love it in our detailed MonsterInsights review!
Step 1. Install and Activate the MonsterInsights Plugin
First, let’s get started by creating a MonsterInsights account. Just head over to the website and click the ‘Get MonsterInsights Now’ button.
You can then go ahead and choose a plan. For this tutorial, we recommend the Plus plan or higher, as it includes the Privacy Guard feature to help with compliance.
After signing up, you can install and activate the MonsterInsights plugin on your WordPress site. For step-by-step instructions, see our guide on how to install a WordPress plugin.
Step 2. Connect MonsterInsights to Your Google Analytics Account
Upon activation, you’ll need to connect the MonsterInsights plugin to your Google Analytics account.
In your WordPress dashboard, you need to go to Insights » Launch the Wizard to start the setup.
After that, you’ll select the category that best describes your website.
MonsterInsights gives 3 options – business site, publisher (blog), or eCommerce (online store).
After selecting a category, simply click ‘Save and Continue’ to proceed.
On the next screen, you can click ‘Connect MonsterInsights’ to start the connection process.
Then, you can follow the prompt to sign in to your Google Analytics account.
Upon signing in, you can select the website you want to track from the dropdown menu.
From here, go ahead and click the ‘Complete Connection’ button. MonsterInsights will then automatically install Google Analytics on your WordPress website.
For details, feel free to refer to our guide on how to install Google Analytics in WordPress.
Step 3. Enable the Privacy Guard Feature
Keeping Personally Identifiable Information (PII) out of your tracking doesn’t have to be complicated.
With MonsterInsights’ Privacy Guard, you can do it in just a few clicks!
This feature automatically scans your website for sensitive information. It checks for any private details and prevents them from being stored in your analytics reports.
These details can be:
- Form submission data, such as personal information entered in contact or registration forms.
- URL data, which is the full web address of the page, including the domain name, path, and any additional information.
- Query parameters, which are the bits of data in URLs, like “?id=1234.” They often track specific user actions or provide extra information to the website.
To do this, let’s navigate to the Insights » Settings » Engagement tab.
From here, you can go ahead and turn on the ‘Privacy Guard’ switch – that’s it!
MonsterInsights will now help protect personally identifiable information and keep you compliant with privacy laws.
⚠️ Important Disclaimer: No plugin can guarantee 100% legal compliance because every website is different. We strongly recommend consulting an Internet law attorney to ensure your site meets all legal requirements for your location and specific use case.
This is not legal advice – just a friendly heads-up to help you stay informed!
Method 2. Keeping Personally Identifiable Info Out of Google Analytics
In this method, we’ll guide you through configuring the settings that you need to keep PII out of Google Analytics directly from its dashboard.
This option is best for advanced users, as it gives you full control over the setup.
Additionally, since this method isn’t limited to WordPress, you can follow along even if you made your website with a different website builder.
First, you’ll need to sign in to your Google Analytics account.
Go ahead and click on the ‘Sign in to Analytics’ button.
In the dashboard, let’s hover over the sidebar and click the ‘Admin’ menu.
Once inside, you’ll want to locate the ‘Data collection and modification’ section.
After that, let’s click on ‘Data streams.’
This will take you to the table, which lists all your data streams.
Now, you can select your website from the list.
This will open the ‘Web stream details’ slide-in.
From here, let’s scroll down to the ‘Events’ section and click ‘Redact data.’
On the next screen, you will see the ‘Redact data’ menu.
The ‘Choose what to redact’ section of this slide-in has two switches at the top.
Let’s first redact email addresses by flipping the switch. Google Analytics will then automatically exclude email addresses from the data it collects.
Then, you can filter out other PII by entering query parameters.
To do this, you’ll need to enable the switch for ‘URL query parameter.’ Then, you can enter your query parameters in the respective field.
For example, here, we added ‘name,’ first_name,’ ‘last_name,’ and ‘ip_address.’
Once everything looks good, you can save your settings.
Google Analytics will now help protect PII and keep your site privacy-compliant.
⚠️ Important Disclaimer: Configuring settings manually in the GA4 dashboard requires precise knowledge of which data needs to be redacted.
This can be tricky, and even a small mistake may result in sensitive information being collected.
We recommend thoroughly reviewing your data collection settings to ensure all PII is properly excluded. Always take the necessary precautions, as improper configuration could lead to compliance issues.
Bonus Tips for Privacy Compliance on Your Website
Keeping personal info out of analytics reports is just one way to comply with privacy regulations. We also recommend following these tips:
- Show a cookie notice on your WordPress website. This popup message allows users to give their consent for tracking cookies on your website. Plus, it’s super easy to set up with a powerful plugin like WPConsent.
- Create GDPR-compliant forms. With a form plugin like WPForms, you can easily add GDPR agreement fields to your forms, disable user cookies and details, and delete user data when requested.
- Add a GDPR comment privacy checkbox. Comment plugins like Thrive Comments can help your discussion section comply with GDPR with just the click of a button.
For more details, just see our complete guide to GDPR compliance for WordPress users.
FAQs About Keeping Personally Identifiable Info Out of Google Analytics
Keeping PII out of Google Analytics is important for privacy and compliance. If you still have questions, feel free to take a look at some quick answers to common questions:
How does Google handle user data and privacy concerns?
Google takes privacy seriously. It anonymizes data and complies with strict regulations like GDPR.
While Google provides tools to help businesses protect user privacy, it’s ultimately up to the businesses to make sure they don’t collect personally identifiable information (PII).
Does Google Analytics collect personally identifiable information?
Not by default. But if you’re not careful, PII can sneak in through URLs, form submissions, or custom tracking settings. That’s why it’s important to set things up correctly.
Do all sites with analytics need cookie warnings?
Yep! If your site tracks users with cookies (like Google Analytics does), then privacy laws like GDPR and CCPA require you to show a cookie notice and get user consent.
Further Reading: More Analytics and Tracking Guides
Understanding how to keep PII out of Google Analytics is just the beginning! If you want to fine-tune your tracking, improve data accuracy, and stay compliant with privacy laws, then check out these helpful guides:
📊 Google Analytics 4: A Beginner’s Guide – Learn how to set up GA4 on your WordPress site and make the most of its powerful features.
- 📢 WordPress Post Analytics – Find out how to easily access and track your blog stats.
- 🎯 How to Set Up Google Analytics Goals – Measure what really matters on your WordPress website.
- 🔗 How to Install and Setup Google Tag Manager – Simplify tracking by managing all your tags in one place.
- 🔍 How to Track Outbound Links – See which external links your visitors are clicking the most.
- ✋ How to Block WordPress Referrer Spam in Google Analytics – Improve the accuracy of your reports by making sure that spam requests do not pollute your data.
- 💭 In-Depth Comparison of MonsterInsights vs SiteKit – See how these powerful analytics plugins stack up.
That’s all there is to it! We hope this guide has helped you learn how to keep personal info out of Google Analytics. You may also like to see our guide on how to get a custom email alert in Google Analytics or our expert pick of the best WordPress GDPR plugins.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
The post How to Keep Personally Identifiable Info Out of Google Analytics first appeared on WPBeginner.
No comments:
Post a Comment