Important updates on Google Analytics Data Retention and the General Data Protection Regulation (GDPR)
-
Hi Everyone,
I'm sure many of you received the email from Google over the past few days with the subject line: [Action Required] Important updates on Google Analytics Data Retention and the General Data Protection Regulation (GDPR).
I hope I'm not alone in not knowing what exactly this whole notification was in regards to. I realize it's for Data but are we no longer able to pull stats from the past? If anyone has a "dumbed down" explanation for what this update entails, I would be very interested - I don't want to miss out on any important updates and info, but I'm just not grasping this content. Below is the full email in its entirety for those who are interested as well:
Dear Google Analytics Administrator,
Over the past year we've shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. Today we are sharing more about important product changes that may impact your Google Analytics data, and other updates in preparation for the GDPR. This e-mail requires your attention and action even if your users are not based in the European Economic Area (EEA).
Product Updates
Today we introduced granular data retention controls that allow you to manage how long your user and event data is held on our servers. Starting May 25, 2018, user and event data will be retained according to these settings; Google Analytics will automatically delete user and event data that is older than the retention period you select. Note that these settings will not affect reports based on aggregated data.
Action: Please review these data retention settings and modify as needed.
Before May 25, we will also introduce a new user deletion tool that allows you to manage the deletion of all data associated with an individual user (e.g. site visitor) from your Google Analytics and/or Analytics 360 properties. This new automated tool will work based on any of the common identifiers sent to Analytics Client ID (i.e. standard Google Analytics first party cookie), User ID (if enabled), or App Instance ID (if using Google Analytics for Firebase). Details will be available on our Developers site shortly.
As always, we remain committed to providing ways to safeguard your data. Google Analytics and Analytics 360 will continue to offer a number of other features and policies around data collection, use, and retention to assist you in safeguarding your data. For example, features for customizable cookie settings, privacy controls, data sharing settings, data deletion on account termination, and IP anonymization may prove useful as you evaluate the impact of the GDPR for your company’s unique situation and Analytics implementation.
Contract And User Consent Related Updates
Contract changes
Google has been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on May 25, 2018.
In both Google Analytics and Analytics 360, Google operates as a processor of personal data that is handled in the service.
• For Google Analytics clients based outside the EEA and all Analytics 360 customers, updated data processing terms are available for your review/acceptance in your accounts (Admin ➝ Account Settings).
• For Google Analytics clients based in the EEA, updated data processing terms have already been included in your terms.
• If you don’t contract with Google for your use of our measurement products, you should seek advice from the parties with whom you contract.
Updated EU User Consent Policy
Per our advertising features policy, both Google Analytics and Analytics 360 customers using advertising features must comply with Google’s EU User Consent Policy. Google's EU User Consent Policy is being updated to reflect new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consent from, end users of your sites and apps in the EEA.
Action: Even if you are not based in the EEA, please consider together with your legal department or advisors, whether your business will be in scope of the GDPR when using Google Analytics and Analytics 360 and review/accept the updated data processing terms as well as define your path for compliance with the EU User Consent Policy.
Find Out More
You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms.
We will continue to share further information on our plans in the coming weeks and will update relevant developer and help center documentation where necessary.
Thanks,
The Google Analytics Team -
hahahaha
-
Ok so as someone who grew up in N. WI, I gotta know - when you made the ice cream analogy, were you picturing more Dan's Minocqua Fudge, or rather a different frozen treat / ala Gille's or Kopp's?
I ask the important questions.
-
Hey guys, we're going through this at my agency and I can break down a couple of things.
1. There is a data retention setting in Google Analytics. On May 25th (this Friday) that's going to change from indefinite to 26 months by default. This will affect past data and reports as outlined by Google. You should expect that data to go away if you do not change those settings.
2. Answering questions regarding GDPR or providing advice on the topic to clients is tantamount to providing legal advice, which we cannot do. For us, we are consulting with our lawyers, and recommending that our clients seek legal advice as well. We are opting not to change any settings or accept any addendums or agreements without consulting a lawyer first or without specific direction from the client to make a change on the client's behalf. Accepting new terms or policies without first consulting the client essentially means you're liable if they make a mistake, because you accepted it, not them.
3. Yes, the European legislation is affecting everyone, some more directly than others. Even if your only client is an ice cream shop in Wisconsin, it still affects you because big players like Google are pushing the legal burden of compliance off of themselves and onto their users. For example, Google gives out some warnings, puts up some banners, and changes their default settings and now they're compliant, but they make some compliance issues opt-in, opt-out for their end user. And Google won't give much advice on this because it's tantamount to providing legal advice.
Hope that helps. It's not a fun topic.
-
This is by far the best layman terms breakdown that I've read on the new GDPR and what it means for both EU and non-EU websites. Wanted to share to see what you all thought: https://www.socialmediaexaminer.com/how-gdpr-impacts-marketers/
-
I found https://www.sidley.com/-/media/publications/cslp-september-2016-1516.pdf helpful.
Essentially, unless you have a specific reason/need to store this personal information (aggregate data isn't affected), you need to minimize your personal data retention period.
-
Does anyone have an updated recommendation of what is the proper setting? In my research some say to keep it minimal to minimize risk. Others have said to not let it expire.
What is the recommendation? Any additional thoughts here?
-
Thumbs up to this question. Most articles I've read simply quote the same thing that's stated on the Google support page.
I did log into my accounts and saw that there is a "Do not automatically expire" option, so is this option going away after May 25th? If not, my assumption is that this is an update to give account owners a way to manage how long user data is stored in order to meet/resolve potential data compliance issues.
It also notes that this update will not affect aggregate reporting, so I'm wondering how this will affect things going forward.
-
"we are being asked to go in and choose a setting for the retention period from the following: 14 Months, 26 Months, 38 Months, 50 Months, and 'Do not automatically expire'"
Is this one size fits all or company specific. Do you need to select the one that makes the company in question compliant, or do we just need to pick one?
-
I've been thinking exactly the same thing all day. What does this mean in practical terms.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Whats (Other) traffic in Google Analytics?
When I look through all our clients, a few are receiving the majority of their traffic from (other). [ Acquisition > Channels > (Other) ]. The only option in (other) is "website" or "offline", whatever that may be. And even weirder, the avg session duration is 0:00. Any idea what this may be?
Reporting & Analytics | | W2GITeam0 -
Cross domain tracking Google Analytics
Hi there, Got a question on cross domain tracking: We have a couple of TLD's to serve localized content to our visitors, next to our main .com TLD where our app is running as well in a subdomain. Situation is this: Local sites:
Reporting & Analytics | | jorisbrabants
marketingsite.be
marketingsite.com.br
marketingsite.fr Main site: marketingsite.com
app.marketingsite.com Conversion gets triggered when somebody ends up in app.marketingsite.com/firstuse for example. People can sign up at the local site filling in their email but they end up in app.marketingsite.com/firstuse Reading this article on cross domain tracking I'm getting a bit confused on the setup of the tracking code itself. The sample code provided shows these two lines: ga('require', 'linker'); ga('linker:autoLink', ['maindomain.com','targetdomain.com']); Now the question 🙂 Is it correct when I think that maindomain should be replaced with our local TLD's on every one of those, and that targetdomain is where the conversion happens? In this case the .com site?0 -
Google Maps not passing referral data
Google Maps is not passing referral data (URLs, not KWs). Google+ Local is referring, but nothing from maps. Maps referrals appear to be coming across as direct. Any ideas? We haven't found anything online, one of the guys at the office documented what we did find, using Chrome's debugger - http://manofactionmetrics.com/2012/11/02/google-maps-not-passing-any-referral-data/
Reporting & Analytics | | Danieljacobree0 -
Viewing 'overall' data for multiple Google Analytics accounts
Is there any way you can view data from all of your Google Analytics accounts? For example, if I wanted to view know how much mobile traffic all my sites had, could I do this? Rather than just looking at each site individually. Thanks
Reporting & Analytics | | intSchools0 -
Localhost:4444 Showing Up in Google Analytics
Hello All, Lately in my Google Analytics account I have noticed a referral source labelled: localhost:4444 The number of visits is really high from this source, but I have no idea (no clue!) what it actually means. Can anyone shed some light on what this is about? Should I be creating some sort of filter to screen out this as a referral source (assuming it is not legitimate)? Many thanks in advance. Cheers!
Reporting & Analytics | | Robert-B0 -
Cross domain tracking setup in Google Analytics
I really need help on this, I can't figure it out. I need to track a few subdomains and and couple of seperate domains in one profile in Google Analytics. So I have: www.maindomain.co.uk sub1.maindomain.co.uk sub2.maindomain.co.uk www.anotherdomain.co.uk So the code I have placed on all of these domains is as following: I have then set up seperate profiles which filter out the data by domain. E.g. for sub1.maindomain.co.uk, I have user the fitler: Custom filter > Include > Filter Field = Hostname > Filter Pattern = sub1.maindomain.co.uk For the www.anotherdomain.co.uk, I have used the same filter. Now this all seems to be tracking visits and unique visitors okay, but I always have a very low pageview count, less than visits and sometimes zero. Could anyone shed any light on what I am doing wrong? Thanks in advance mozzers.
Reporting & Analytics | | MirandaP0 -
Best practices to track blog.mydomain.com in Google Analytics?
What is the best practice in Google Analytics? Tracking blog.mydomain.com + mydomain.com under the same profile? Or creating separate profiles for each blog.mydomain.com and mydomain.com? Thanks!
Reporting & Analytics | | gerardoH0 -
Google Analytics: Difference Between Goal Conversions & Goal Completions
When using Google Analytics, what is the difference between total goal conversions and total goal completions? We have many goals set up in a lead generation environment. Therefore, the only element of conversion is submitted a lead and arriving on the "Thank You" page. THose thank you pages are tagged accordingly. When we run reports though, the number of "Total Goal Conversions" and "Total Goal Completions" never match up.
Reporting & Analytics | | eMagineSEO0