Ask HN: How to make your Google analytics and Adwords account GDPR compliant
If you are running an honest small business, you are probably short on resources for GDPR compliance. Is there a simple bullet list of things to do to ensure that your analytics account & adwords account are GDPR compliant. Most of the blogs I've come across are full of legal mumbo-jumbo and screenshots of e-mail updates from Google.
I could gather this so far :
Google Analytics:
- Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?
- Have a cookie consent banner for EU that is opt-in i.e. no tracking cookies are set until the user says so. Hardly anyone is doing this yet.
- Use anonymizeIP function in google analytics i.e. : ga('set', 'anonymizeIp', true);
Google Adwords:
- Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ?
- If you are using re-marketing, either disable it or let it be known in privacy policy ? Hopefully this helps. > Google Analytics:
> - Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ? If you only want to disclose what kind of personal information you collect, you don't need special clauses. Simply disclose what personal information you collect. However, a Privacy Policy should include: - What personal information you collect
- What are you doing with that information (the purposes)
- What controls users have
- Whom you share the information with (third parties) > Google Analytics:
> - Have a cookie consent banner for EU that is opt-in i.e. no tracking cookies are set until the user says so. Hardly anyone is doing this yet. You can have a look at https://privacypolicies.com/cookie-consent/ as it's easy to implement with jQuery to categorize non-important cookies to not load before you get consent from users. > Google Analytics:
> - Use anonymizeIP function in google analytics i.e. : ga('set', 'anonymizeIp', true); Yes. This article, aimed at Rails developers, can help as well: https://pawelurbanek.com/gdpr-compliance-blog-rails > Google Adwords:
> - Declare clearly what personal information is collected in your privacy policy. Any simple boiler plate avaible ? Same as above. > Google Adwords:
> - If you are using re-marketing, either disable it or let it be known in privacy policy ? You should disclose it in your Privacy Policy and inform users how they can opt-out from behavioral remarketing done by AdWords cookies.