Have you heard that you can accidentally let Google Analytics collect PII (personally identifiable information)? It’s true — it can sneak in there without your knowledge, instantly pushing you towards non-compliance with privacy laws like GDPR and Google’s own policy.
Yikes!
Thankfully, you can keep PII out of Google Analytics in a couple of ways.
In this article, we’ll look at what PII is, how it gets sent to Google Analytics without your knowledge, and how to keep it out.
What is Personally Identifiable Information?
Personally Identifiable Information, or PII, is any bit of information about visitors to your website that you might be able to use to identify them. That includes email addresses, usernames, mailing addresses, names, phone numbers, and precise locations.
Note that that does not include IP addresses.
This is Google’s interpretation of PII — if you’re working toward GDPR compliance, you’ll want to dive deeper into what counts as PII according to GDPR laws.
How is PII Sent to Google Analytics?
The most common way that PII is sent accidentally and unknowingly to Google Analytics is in URLs.
A user provides personal information when filling out a form or logging into a user area on your website. Sometimes, for one reason or another, some of that information can get pulled into the URL of the page they visit next.
For example, let’s say your user fills out a contact form on your site. Depending on the forms plugin you use and the way your website works, it’s possible for a URL after that form submission to look something like this:
www.examplewebsite.com/contact-us/thanks?email=personal@information.com
When Google Analytics tracks that page view, it’ll include your user’s email address. That’s personally identifiable information that should not be sent to Google Analytics.
How to Keep PII Out of Google Analytics
Luckily, there are two different methods you can use to keep personally identifiable information out of your Google Analytics account.
Method 1: WordPress Users: Use Privacy Guard
If you’re a WordPress user, you can simply use the Privacy Guard feature inside MonsterInsights.
MonsterInsights is the best Google Analytics plugin for WordPress. It allows you to easily connect your WordPress site with Google Analytics so you can view all the data that matters most right in your WordPress dashboard.
Plus, with the click of a button, you can set up sophisticated tracking features such as event tracking, eCommerce tracking, form tracking, custom dimension tracking, outbound link tracking, and much more.
To see all of the reports MonsterInsights has to offer, check out Your Ultimate Guide to MonsterInsights Dashboard Reports.
Privacy Guard is a simple switch inside the Engagement tab of the MonsterInsights settings area. Just switch it to the on position to strip that potentially harmful PII out of your URLs before it gets sent to Google Analytics!
That’s it — that’s all you have to do!
Get started with MonsterInsights at the Plus level or above to access the Privacy Guard feature.
Method 2: Google Analytics Data Redaction
Google Analytics has a data redaction feature that you can use to keep PII out of its reports. It’s not as simple as flipping a switch, but it’ll be effective.
However, note that you need to know beforehand what PII is being sent to Google Analytics through URLs (beyond email addresses), and how those URLs look. Email addresses are the only thing Analytics will filter out for you without being told what to look for in your URLs.
To get started, open your Google Analytics property and head to Admin » Data collection and modification » Data streams:
Then, click into your data stream:
From there, scroll down to the Events section and click on Redact data:
Now, you can go ahead and flip the Email switch to filter email addresses out of your data:
If email address filtering is all you need, go ahead and click the blue Save button. You’re done!
Need to exclude more than email addresses? Go ahead and flip the URL query parameters switch. Now, you’ll need to enter the query parameters you want to exclude in the box.
Query parameters will be the terms that appear after the question marks in your URL. So, a URL that looks like examplesite.com/?name=john&lastname=smith would need to filter out two query parameters: “name” and “lastname.”
Input your query parameters into the box, hitting Enter after each one.
When you’re done, click the Save button.
That’s it!
To keep PII out of Google Analytics the easy way, get started with MonsterInsights now.
If you liked this article, you might also want to check out:
Google Analytics GDPR Compliance – Make Your Site Compliant
Guide to Google Analytics Cookies & Consent in GA4
9 Best WordPress GDPR Plugins to Ensure Your Site is Compliant
How to Add a WordPress Cookie Consent Banner
Not using MonsterInsights yet? What are you waiting for?
And don’t forget to follow us on Twitter, Facebook and YouTube for more helpful Google Analytics tips.
done this, appreciate showing alternative method to manual disable the tracking.