Google Analytics is Now Halfway GDPR Compliant! Google Analytics is Now Halfway GDPR Compliant!
Google has rolled out some major product updates to ensure GDPR compliance. The most important takeaways are that Google has introduced new granular data... Google Analytics is Now Halfway GDPR Compliant!

Google has rolled out some major product updates to ensure GDPR compliance. The most important takeaways are that Google has introduced new granular data retention controls, updated their legal language to be compliant, and has not released a user deletion tool.

Open Data Science considers this an important GDPR update because of the ubiquity of Google Analytics, see BuiltWith.com data inset below, and because of Google’s vast resources. If they aren’t releasing a user data deletion tool before May 25th, we can be sure no one else will.

Google Analytics is Ubiquitous – Data via BuiltWith.com

Google Analytics’ GDPR Scorecard

Data ControlGood

Google will only process data for user authorized purposes. User IPs and personally identifiable information is anonymized by default; advanced users are responsible for customized data capture.

Google Analytics’ Data Retention Controls Support Doc

 

Data SecurityGood

Google has strong safeguards to keep data for additional processing and research.

Security and Privacy Details for Universal Analytics

 

Data DeletionBad

When data subjects revoke their consent, a partner organization requests data deletion, or a service or your agreement comes to an end you must delete data. This tool doesn’t exist yet but Google promises it will by May 25th.

Developers.Google is Where a User Deletion Tool Will Appear

 

Risk Mitigation & Due Diligence – Good

Organizations must assess the risks to privacy and security, and demonstrate that they’re mitigating them.

The U.S. Department of Health and Human Services GA Risk Assessment is the best we could find

 

Breach notification – Theoretically Good

Google is definitely capable of notifying authorities within 72 hours and describing the consequences of the breach to directly to all affected subjects. Google has responded quickly and completely to breaches in the past.

Add Users and Administrators to Google Analytics to Ensure Notification

 

__drew Wallace

drew@odsc.com

New Marketing Head at ODSC. Small Data Expert. Ask me about Marketing, Bow Ties, or unrepentant futurism.