Important updates on Google Analytics Data Retention and the General Data Protection Regulation (GDPR)
-
Hi Everyone,
I'm sure many of you received the email from Google over the past few days with the subject line: [Action Required] Important updates on Google Analytics Data Retention and the General Data Protection Regulation (GDPR).
I hope I'm not alone in not knowing what exactly this whole notification was in regards to. I realize it's for Data but are we no longer able to pull stats from the past? If anyone has a "dumbed down" explanation for what this update entails, I would be very interested - I don't want to miss out on any important updates and info, but I'm just not grasping this content. Below is the full email in its entirety for those who are interested as well:
Dear Google Analytics Administrator,
Over the past year we've shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. Today we are sharing more about important product changes that may impact your Google Analytics data, and other updates in preparation for the GDPR. This e-mail requires your attention and action even if your users are not based in the European Economic Area (EEA).
Product Updates
Today we introduced granular data retention controls that allow you to manage how long your user and event data is held on our servers. Starting May 25, 2018, user and event data will be retained according to these settings; Google Analytics will automatically delete user and event data that is older than the retention period you select. Note that these settings will not affect reports based on aggregated data.
Action: Please review these data retention settings and modify as needed.
Before May 25, we will also introduce a new user deletion tool that allows you to manage the deletion of all data associated with an individual user (e.g. site visitor) from your Google Analytics and/or Analytics 360 properties. This new automated tool will work based on any of the common identifiers sent to Analytics Client ID (i.e. standard Google Analytics first party cookie), User ID (if enabled), or App Instance ID (if using Google Analytics for Firebase). Details will be available on our Developers site shortly.
As always, we remain committed to providing ways to safeguard your data. Google Analytics and Analytics 360 will continue to offer a number of other features and policies around data collection, use, and retention to assist you in safeguarding your data. For example, features for customizable cookie settings, privacy controls, data sharing settings, data deletion on account termination, and IP anonymization may prove useful as you evaluate the impact of the GDPR for your company’s unique situation and Analytics implementation.
Contract And User Consent Related Updates
Contract changes
Google has been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on May 25, 2018.
In both Google Analytics and Analytics 360, Google operates as a processor of personal data that is handled in the service.
• For Google Analytics clients based outside the EEA and all Analytics 360 customers, updated data processing terms are available for your review/acceptance in your accounts (Admin ➝ Account Settings).
• For Google Analytics clients based in the EEA, updated data processing terms have already been included in your terms.
• If you don’t contract with Google for your use of our measurement products, you should seek advice from the parties with whom you contract.
Updated EU User Consent Policy
Per our advertising features policy, both Google Analytics and Analytics 360 customers using advertising features must comply with Google’s EU User Consent Policy. Google's EU User Consent Policy is being updated to reflect new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consent from, end users of your sites and apps in the EEA.
Action: Even if you are not based in the EEA, please consider together with your legal department or advisors, whether your business will be in scope of the GDPR when using Google Analytics and Analytics 360 and review/accept the updated data processing terms as well as define your path for compliance with the EU User Consent Policy.
Find Out More
You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms.
We will continue to share further information on our plans in the coming weeks and will update relevant developer and help center documentation where necessary.
Thanks,
The Google Analytics Team -
hahahaha
-
Ok so as someone who grew up in N. WI, I gotta know - when you made the ice cream analogy, were you picturing more Dan's Minocqua Fudge, or rather a different frozen treat / ala Gille's or Kopp's?
I ask the important questions.
-
Hey guys, we're going through this at my agency and I can break down a couple of things.
1. There is a data retention setting in Google Analytics. On May 25th (this Friday) that's going to change from indefinite to 26 months by default. This will affect past data and reports as outlined by Google. You should expect that data to go away if you do not change those settings.
2. Answering questions regarding GDPR or providing advice on the topic to clients is tantamount to providing legal advice, which we cannot do. For us, we are consulting with our lawyers, and recommending that our clients seek legal advice as well. We are opting not to change any settings or accept any addendums or agreements without consulting a lawyer first or without specific direction from the client to make a change on the client's behalf. Accepting new terms or policies without first consulting the client essentially means you're liable if they make a mistake, because you accepted it, not them.
3. Yes, the European legislation is affecting everyone, some more directly than others. Even if your only client is an ice cream shop in Wisconsin, it still affects you because big players like Google are pushing the legal burden of compliance off of themselves and onto their users. For example, Google gives out some warnings, puts up some banners, and changes their default settings and now they're compliant, but they make some compliance issues opt-in, opt-out for their end user. And Google won't give much advice on this because it's tantamount to providing legal advice.
Hope that helps. It's not a fun topic.
-
This is by far the best layman terms breakdown that I've read on the new GDPR and what it means for both EU and non-EU websites. Wanted to share to see what you all thought: https://www.socialmediaexaminer.com/how-gdpr-impacts-marketers/
-
I found https://www.sidley.com/-/media/publications/cslp-september-2016-1516.pdf helpful.
Essentially, unless you have a specific reason/need to store this personal information (aggregate data isn't affected), you need to minimize your personal data retention period.
-
Does anyone have an updated recommendation of what is the proper setting? In my research some say to keep it minimal to minimize risk. Others have said to not let it expire.
What is the recommendation? Any additional thoughts here?
-
Thumbs up to this question. Most articles I've read simply quote the same thing that's stated on the Google support page.
I did log into my accounts and saw that there is a "Do not automatically expire" option, so is this option going away after May 25th? If not, my assumption is that this is an update to give account owners a way to manage how long user data is stored in order to meet/resolve potential data compliance issues.
It also notes that this update will not affect aggregate reporting, so I'm wondering how this will affect things going forward.
-
"we are being asked to go in and choose a setting for the retention period from the following: 14 Months, 26 Months, 38 Months, 50 Months, and 'Do not automatically expire'"
Is this one size fits all or company specific. Do you need to select the one that makes the company in question compliant, or do we just need to pick one?
-
I've been thinking exactly the same thing all day. What does this mean in practical terms.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Google analytics suddenly stopped tracking all my landing pages
Hey guys. I love the new update of GA. Looks so clean. So, of course, I was excited to see how my landing pages were doing. I went to behavior, all content, all pages. And I noticed it's only showing me 19 pages out of the 93 I have indexed. And none of the top ones at all! Can't find them anywhere in GA! Anyone seen this before? Thank you so much
Reporting & Analytics | | Meier0 -
How is Google Analytics defining page depth?
We run two websites and as part of our KPIs we are treating those who visit 3 or more pages of our website as a client served. As a digital team we are not convinced that this is the best metric to use as the improvements we are making to the sites mean that people are able to find the information quicker. Additionally other organisations including forums etc link to us so those users will get the info they need in one click. What I would like to know is how Google calculates page depth in GA. Are they treating the landing page as ground zero and then when users clicks a link they go one page deep? Or is the landing page, page depth 1 . Is page depth a measure of how many clicks a user needs to find their information?
Reporting & Analytics | | MATOnlineServices0 -
Google Analytics View Filters
Using the same GA property, I would like to set up three filtered views: 1. Tracking across one subdomain and one primary domain (example: shop.example.com & example.com) 2. Track only primary domain (example.com) 3. Track only subdomain (shop.example.com) Can this be achieved by using view filters? If so, how do they need to be set? Also, according to this article: https://mza.seotoolninja.com/blog/cross-domain-subdomain-tracking-in-google-analytics, with cross domain tracking, I need to ignore self-referrals, which can only be done at the property level. If set up to ignore example.com referrals, will this cause problems with filter 2 and 3?
Reporting & Analytics | | Evan340 -
Conflicting numbers in Google Analytics
I am getting 2 completely different numbers in Google Analytics.According to the graph on my Dashboard organic traffic decreased ~40% comparing June 7 -> June 6.However, when I dig a bit deeper and look at the 2 dates specifically compared to each other I get a `3% increase in traffic.When I look at the traffic on just June 7, I get the number indicating the increase.Any ideas or someone getting similar conflicting numbers??
Reporting & Analytics | | theLotter0 -
Tracking in Google Analytics
My site has just recently (or maybe not so recently...) had a great deal of https URL's indexed (I was really only able to find this out thanks to the recent update to the GWT Index Status). It appears that Googlebot picked up an ssl somewhere (I already know where) on my site and then proceeded to crawl and index pages with https rather than http. Since I understand the issue, it should be an easy fix. My question is, does Google Analytics support (track) both http AND https for one site, or would I need to set up two different tracking codes for http and https? I figured that I might as well grab some data from the https pages that are indexed before I try and remove them. I've done a little research on using Groupings/Groups but I figured I would reach out to the MOZ community to see if anyone else has worked with a similar issue. Thanks!
Reporting & Analytics | | GalcoIndustrial0 -
What is click2.scour, and why is it showing up as Referral Traffic in Google Analytics?
I've noticed that a couple of my clients in the insurance industry have been receiving a pretty large boost in Referral Traffic from a source called click2.scour.com and click2.efacts.com. What surprises me most is that the traffic has a low Bounce Rate, a high Avg. Visit Duration, and is made up of 100% New Visits. What is this? Why would they be getting so much traffic from these two sources all of a sudden? Thanks in advance for your help!
Reporting & Analytics | | copyjack0 -
Google Analytics/ Contact 7 Plugin
I have a site that uses the contact 7 plugin for its contact form sitewide in a sidebar and on a contact us page. I've set up a goal in analytics and tracked using the "on_sent_ok" hook but the number of goals GA is creating is far outweighing the number of times the form is actually completed. I figured my initial mistake was to use the contact-us page as the page tracker variable for the goal but wondered if it was counting all form completions AND anyone who went to the contact page. So I amended it to a contact-us/thank-you page that no site visitor could navigate to, and since I have no goals completed, even though we're getting enquiries through the form. Am I being dumb here and missing something quite simple?
Reporting & Analytics | | PerchDigital0 -
Can you get local search numbers/traffic out of Google Analytics?
With Google's new local search I am more curious as to market penetration on keywords that are now localized to my different US cities. I understand that you can separate out Google traffic based on regional Google domains, but I am curious if there is an effective way to separate out searches and keywords based on a my local US Metros? If google cannot do this, any recommendations on products that can? Thanks.
Reporting & Analytics | | Thos0031