Important updates on Google Analytics Data Retention and the General Data Protection Regulation (GDPR)
-
Hi Everyone,
I'm sure many of you received the email from Google over the past few days with the subject line: [Action Required] Important updates on Google Analytics Data Retention and the General Data Protection Regulation (GDPR).
I hope I'm not alone in not knowing what exactly this whole notification was in regards to. I realize it's for Data but are we no longer able to pull stats from the past? If anyone has a "dumbed down" explanation for what this update entails, I would be very interested - I don't want to miss out on any important updates and info, but I'm just not grasping this content. Below is the full email in its entirety for those who are interested as well:
Dear Google Analytics Administrator,
Over the past year we've shared how we are preparing to meet the requirements of the GDPR, the new data protection law coming into force on May 25, 2018. Today we are sharing more about important product changes that may impact your Google Analytics data, and other updates in preparation for the GDPR. This e-mail requires your attention and action even if your users are not based in the European Economic Area (EEA).
Product Updates
Today we introduced granular data retention controls that allow you to manage how long your user and event data is held on our servers. Starting May 25, 2018, user and event data will be retained according to these settings; Google Analytics will automatically delete user and event data that is older than the retention period you select. Note that these settings will not affect reports based on aggregated data.
Action: Please review these data retention settings and modify as needed.
Before May 25, we will also introduce a new user deletion tool that allows you to manage the deletion of all data associated with an individual user (e.g. site visitor) from your Google Analytics and/or Analytics 360 properties. This new automated tool will work based on any of the common identifiers sent to Analytics Client ID (i.e. standard Google Analytics first party cookie), User ID (if enabled), or App Instance ID (if using Google Analytics for Firebase). Details will be available on our Developers site shortly.
As always, we remain committed to providing ways to safeguard your data. Google Analytics and Analytics 360 will continue to offer a number of other features and policies around data collection, use, and retention to assist you in safeguarding your data. For example, features for customizable cookie settings, privacy controls, data sharing settings, data deletion on account termination, and IP anonymization may prove useful as you evaluate the impact of the GDPR for your company’s unique situation and Analytics implementation.
Contract And User Consent Related Updates
Contract changes
Google has been rolling out updates to our contractual terms for many products since last August, reflecting Google’s status as either data processor or data controller under the new law (see full classification of our Ads products). The new GDPR terms will supplement your current contract with Google and will come into force on May 25, 2018.
In both Google Analytics and Analytics 360, Google operates as a processor of personal data that is handled in the service.
• For Google Analytics clients based outside the EEA and all Analytics 360 customers, updated data processing terms are available for your review/acceptance in your accounts (Admin ➝ Account Settings).
• For Google Analytics clients based in the EEA, updated data processing terms have already been included in your terms.
• If you don’t contract with Google for your use of our measurement products, you should seek advice from the parties with whom you contract.
Updated EU User Consent Policy
Per our advertising features policy, both Google Analytics and Analytics 360 customers using advertising features must comply with Google’s EU User Consent Policy. Google's EU User Consent Policy is being updated to reflect new legal requirements of the GDPR. It sets out your responsibilities for making disclosures to, and obtaining consent from, end users of your sites and apps in the EEA.
Action: Even if you are not based in the EEA, please consider together with your legal department or advisors, whether your business will be in scope of the GDPR when using Google Analytics and Analytics 360 and review/accept the updated data processing terms as well as define your path for compliance with the EU User Consent Policy.
Find Out More
You can refer to privacy.google.com/businesses to learn more about Google’s data privacy policies and approach, as well as view our data processing terms.
We will continue to share further information on our plans in the coming weeks and will update relevant developer and help center documentation where necessary.
Thanks,
The Google Analytics Team -
hahahaha
-
Ok so as someone who grew up in N. WI, I gotta know - when you made the ice cream analogy, were you picturing more Dan's Minocqua Fudge, or rather a different frozen treat / ala Gille's or Kopp's?
I ask the important questions.
-
Hey guys, we're going through this at my agency and I can break down a couple of things.
1. There is a data retention setting in Google Analytics. On May 25th (this Friday) that's going to change from indefinite to 26 months by default. This will affect past data and reports as outlined by Google. You should expect that data to go away if you do not change those settings.
2. Answering questions regarding GDPR or providing advice on the topic to clients is tantamount to providing legal advice, which we cannot do. For us, we are consulting with our lawyers, and recommending that our clients seek legal advice as well. We are opting not to change any settings or accept any addendums or agreements without consulting a lawyer first or without specific direction from the client to make a change on the client's behalf. Accepting new terms or policies without first consulting the client essentially means you're liable if they make a mistake, because you accepted it, not them.
3. Yes, the European legislation is affecting everyone, some more directly than others. Even if your only client is an ice cream shop in Wisconsin, it still affects you because big players like Google are pushing the legal burden of compliance off of themselves and onto their users. For example, Google gives out some warnings, puts up some banners, and changes their default settings and now they're compliant, but they make some compliance issues opt-in, opt-out for their end user. And Google won't give much advice on this because it's tantamount to providing legal advice.
Hope that helps. It's not a fun topic.
-
This is by far the best layman terms breakdown that I've read on the new GDPR and what it means for both EU and non-EU websites. Wanted to share to see what you all thought: https://www.socialmediaexaminer.com/how-gdpr-impacts-marketers/
-
I found https://www.sidley.com/-/media/publications/cslp-september-2016-1516.pdf helpful.
Essentially, unless you have a specific reason/need to store this personal information (aggregate data isn't affected), you need to minimize your personal data retention period.
-
Does anyone have an updated recommendation of what is the proper setting? In my research some say to keep it minimal to minimize risk. Others have said to not let it expire.
What is the recommendation? Any additional thoughts here?
-
Thumbs up to this question. Most articles I've read simply quote the same thing that's stated on the Google support page.
I did log into my accounts and saw that there is a "Do not automatically expire" option, so is this option going away after May 25th? If not, my assumption is that this is an update to give account owners a way to manage how long user data is stored in order to meet/resolve potential data compliance issues.
It also notes that this update will not affect aggregate reporting, so I'm wondering how this will affect things going forward.
-
"we are being asked to go in and choose a setting for the retention period from the following: 14 Months, 26 Months, 38 Months, 50 Months, and 'Do not automatically expire'"
Is this one size fits all or company specific. Do you need to select the one that makes the company in question compliant, or do we just need to pick one?
-
I've been thinking exactly the same thing all day. What does this mean in practical terms.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Google Analytics / Facebook UTM
Hello, I have a quick question. I am setting up conversion tracking for my Facebook ads, so I am giving each ad set a tracking URL (UTM) in order to see which ads are converting etc. Is it possible to see on analytics how much I am spending on these ads or a cost per conversion? Or does the tracking merely track general analytics data such as bounce rate, exit rate, revenue generated etc? Kind Regards, James
Reporting & Analytics | | SO_UK0 -
How can I overwrite previously imported cost data in Google Analytics?
I choose the overwrite option but it keeps adding the costs to the existing costs. When i select that radio button and click done, that option does not appear on the summary screen. That section next to Import Behavior is blank.
Reporting & Analytics | | JGB5550 -
Why is this tag not firing in Google Analytics?
I setup Google Tag Manager on this site- http://germanhausbarn.com I am trying to setup event tracking for the donate, newsletter, and Contact Us button at the bottom of the page. The most recent version is published, and I ran debug and it shows that they fire, but nothing is coming up in analytics. Any thoughts?
Reporting & Analytics | | EcommerceSite0 -
Google Analytics Page Metrics and Redirects
Hi All- Context: A site has been redesigned. Pages were renamed in the process. Problem: It's very hard to compare before and after metrics because the page URLs are not the same. Question: Anyone know how to do this in Google Analytics? I'm hoping there's some simple trick I just don't know about. D
Reporting & Analytics | | DonnaDuncan0 -
Can i know trough Google analytics the most busy time in the day ?
Hello guys,
Reporting & Analytics | | WayneRooney
I have a website with around 600-650 visitor a day.
Can i know trough Google analytics the most busy time in the day ? Thank you0 -
Number of clicks / organic traffic - different data in Google Analytics and Webmaster Tools
Hi. I have a little problem. When I open Google Webmaster Tools I see 3000 clicks (in Traffic - Search queries - Clicks). But when I open Google Analytics I see much more visits from search engine (Google) - it´s 4-5 times more! It´s a huge difference, don´t you think? Do you know, where is the problem? What causes this diffence? thanks a lot
Reporting & Analytics | | mysho0 -
Google Analytics set up for non-canonicalized domains
Our client's website is non-canonicalized (www.example.com & example.com load the same thing). Google seems to have made a preference for the www, but canonicalizing to www breaks their Flash website. All we're really trying to do at this time is install Google Analytics for them. What's the smartest way to make sure that both www.example.com and example.com are treated exactly the same by Google Analytics? Google Developers: Domains & Directories states that by default visit data will be separately collected between the two domains, although I found no references to the common www/naked domain issue. In stackoverflow: Does google analytics combine naked domains with the www subdomain? Török Gábor says, "Yes, users will be tracked, but the same visitor coming from www.datalookups.com and datalookups.com will be counted as two different visitors." On the same page, Open SEO says, "This is completely false: www.domain.tld and domain.tld are treaded just the same, and get the same value for the HASH code (the number at the start of each __utm cookie). This an exception: every other subdomain.domain.tld will be handeld as a distinct web site". Can any Analytics experts help me sort this out? Thanks!
Reporting & Analytics | | GOODSIR0 -
Solid Place to learn intermediate-adbanced Google Analytics
Hello Everyone, I've been using Google Analytics for some years now, and I never really used it in an advanced way (alerts, goals, conversions, etc...) I was wondering if there was a good place for me to learn GA so I can start using it to it's full potental. Thanks Zach
Reporting & Analytics | | Zachary_Russell0