Google Analytics (GA) and GDPR - whats the deal....can I use it?

on 16th May 2018

(Last updated 5th July 2023)

Considering GDPR ands is rules regarding gathering of personal data, processing of this data and getting consent, there is a legitimate concern about if it is OK to continue using GA. Unfortunately Google has not helped us understand this and has not made a clear statement.

We initially panicked when we started getting our heads around the GDPR directive as it is long and difficult to interpret, however a number of key points stand out:

Gathering & processing personal data

Obviously GA gathers personal data, however when as a website owner you use GA it is not presenting individually identifiable data within its interface. What it actually shows is a pattern/trend.

Whilst you can configure GA to gather more details using for example event tracking, it is actually against GA’s Terms to collect anything individually identifiable (names etc) within it, so whilst you could configure GA to gather more than it does in its default state, you will go into breach of Google's usage T&C’s  if you did configure GA to store personal/identifiable details.

Additionally you can also set GA into an anonymous mode ensuring they anonymise their data which goes one step further.

Getting Consent

Whilst you are meant to get prior consent to gather/process data, Legitimate Interest allows you to gather data for operational purposes without necessarily requiring consent.

You could argue that the ability to understand how people use the website is fundamental to ensuring the sites structure (IA), layout (UX) and design provides an effective experience for visitors.

With this in mind you will not need to get consent, but you will need to make sure they are informed about what you are gathering and what you intend to do with this data your T&C’s/privacy policy, and you will have to define your rationale as to why is is acceptable to gather the details without prior consent (just in case you get challenged on this).

So to summarise, can I use GA?

To cut a long story short, yes, we believe so (but we are not lawyers, so do get you own legal advice). If you use GA within their guidelines and have not added any spooky tracking events, and if you have made it clear what you are doing and why in your T&C’s then you should be able to continue using GA on your site.

Key Links -