Google Analytics And CCPA, Who Needs And How To Solve This

Google Analytics is the most popular and fastest-growing traffic analysis tool, with a usage of 55.3% and a market share of 84.2%.

But after the CCPA law, Google Analytics users can face some problems.

And I think you also use Google Analytics on your website. If Yes, then this article for you.

In this article, I’ll show you What is CCPA?, Who needs to be CCPA compliant?, Google Analytics and CCPA – what’s the issue? and How to make Google Analytics CCPA compliant?.

What is CCPA?

California Consumer Privacy Act (CCPA) is a data protection law (Digital privacy law) in the United States. This act took effect from January 1, 2020.

The main reason why the act is made is to improve privacy rights and customer protection for residents of California.

California residents have the:

Right to be informed – Users have the right to know how the website collects, sells, discloses, and shares their data.

Right to see what data – Users can see what data websites collected from them in the past twelve months.

Right to have data Deleted – Citizens have the right to delete their data that the website has already collected.

Right to Equal Services and Price – Websites aren’t allowed to discriminate against consumers that exercise this right and should be given the same price and service as other consumers.

Right to Opt-Out – Users can opt-out of having their data sold to third parties.

Who needs to be CCPA Compliant?

I think you know about GDPR (European data privacy law). Unlike GDPR, CCPA does not apply to everyone.

If your business meets any of the following thresholds, then you’ll have to follow the law:

  • Your annual gross revenue is 25 million or higher
  • 50% of annual revenues from data sales
  • You buys, sells or shares the personal information of at least 50.000 California residents

Now you might be thinking, what happens to me if I don’t comply with CCPA?

If your business meets the thresholds and if you violate the law, then you could face fines up to $7,500 per violation per individual. While unintentional violators can cough up to $2,00 per violation per individual.

Google Analytics and CCPA – what’s the issue?

Google provides valuable insights that can help in your business. Google Analytics helps you know about where your visions come from, their geographical area, their reaction on your website, etc. These insights can help you to grow your business.

And to get this type of insights, you add Google Analytics to your website.

To get these types of information, Google Analytics uses Javascript tags that you put on your website. These tags are operating through Google Tag Manager.

When a visitor comes to your website, these tags are fired and set first-party cookies known as ClientID (ClientID is a unique random number that assigns to the browser–device pair, which is used by the user).

Mainly, Google Analytics determines unique users using this parameter (ClientID). ClientID is stored in users’ browsers.

If you visit a website on your computer using Chrome, second time using your phone, and third time on your computer using Firefox, Google Analytics identifies you as three different users and gives three ClientID.

Some websites use UserID for accurate tracking. UserID track users across their devices.

Mainly Google Analytics works by assigning your visitors an UserID or ClientID and records personal data like IP addresses, gender, age, device, and the other personally identifiable information.

Google Analytics doesn’t work without using the ClientID or UserID, where CCPA recognizes ClientID or UserID as ‘personal information’. That’s the issue with Google Analytics and CCPA.

Now you might be thinking, can we disable Google Analytics for CCPA?

No, with making a few changes you can ensure Google Analytics complies with the requirements of CCPA.

How to use Google Analytics in CCPA compliance

Here are a few steps you have to follow to use Google Analytics in CCPA compliance:

1. Update your privacy policy:-

The residents of California have the right to access, opt-out, notice, request for deletion, and get equal services. So, please follow these topics when making a privacy policy for CCPA.

Here are some important topic that you have to mention in your privacy policy:

  • You have to inform your users that you use Google Analytics to analyze your site traffic.
  • Inform your users that you share information with Google.
  • Make sure you mention that the users have the right to see, delete, and opt-out, what data you already collected.
  • And don’t forget to explain Google Analytics drops cookies in their devices with ClientID.

2. Requests for disclosure:-

Mind it with CCPA your Californian users can request access to their data, which you collected through Google Analytics.

So what to do now, right?

Firstly, if you use ClientID, then ask the user to find Google Analytics cookie (_ga) for your website on their browser, where they can see a number sequence, in which the ClientID is found.

To find ClientID go your Browser > Settings,

For Chrome, find Privacy and security > Cookies and other site data > see all cookies and site data, select the website and click (_ga) and you see a number.

For Microsoft Edge, find Site permissions > Cookies and site data > see all cookies and site data, select the website and click (_ga) and you see a number.

After finding the number sequence, ask them to send the number.

Once you have the ClientID, use Google’s User Explorer Report to recover all data about the user.

To use Google User Explorer Report, go to your Google Analytics dashboard > Audience > User Explorer, search with the ClientID, after finding the ClientID click on it, and retrieve it.

Secondly, if you use UserID, ask the user to give their email id and use the same method to retrieve it.

3. Request for deletion:-

If a user requests the deletion of their data, which you collected through Google Analytics.

Firstly, if you use ClientID, get the ClientID > use the User Explorer tool and delete the data.

Secondly, tell your user to delete Google Analytics cookies from their browsers.

Thirdly, if you use UserID, get the UserID (user’s email) > use the User Explorer tool and delete the data.

The easiest way to make Google Analytics CCPA compliant

If you are a WordPress user and want the easiest way to make Google Analytics CCPA Compliant, then MonsterInsights is for you.

MonsterInsights is the best Google Analytics plugin. You can easily fulfill the needs of the new law by installing the plugin and its EU Compliance addon.

With MonsterInsights, you can track everything you want.

Using MonsterInsights, you can easily anonymize or disable personal data tracking in Google Analytics with a click of a button.

With the EU Compliance addon you can do:

  • Disable UserID tracking on Google Analytics
  • Anonymize user’s IP address Google Analytics hits
  • Disable demographics and interest reports for advertising (Google Ads) and remarketing tracking in Google Analytics
  • Automatically disable author tracking Google Analytics and custom dimensions addon
  • Enable ga() compatibility mode
  • Allow AMP addon users to agree with the Google AMP consent box before tracking their data
  • Easy integration with CookieBot and Cookie Notice WordPress plugins

So, let’s see how you can do it,

Step- 1. Install and activate MonsterInsights

MonsterInsights has two versions, one is free and one is premium, with the free version you cannot make Google Analytics CCPA Compliant. So, to make Google Analytics CCPA compliant, you need to buy the premium version of MonsterInsights.

With the premium version, you can do lots of things that you can’t imagine. Go to monsterinsights.com to see what you can do with it.

So click the link below to buy MonsterInsights,

Analytics Dashboard, Page Insights
eCommerce Track, Forms Track
MemberPress, WooCommerce
Affiliate Link, Outbound Link Track
File Download Track, Author Track

After buying it go to your WordPress dashboard, Plugins > Add New, and search for MonsterInsights, click Install and Active.

Now go to monsterinsights.com, login into your account, and copy your license key and back to your WordPress dashboard and use it to activate the premium version of MonsterInsights.

After installing MonsterInsights, go to Insights > Addons > EU Compliance, then Install and Activate EU Compliance addons.

install monsterinsights eu compliance addon

To configure EU Compliance settings, go to Insights > Settings > Engagement and scroll down to EU Compliance.

eu compliance settings panel

Now change your settings according to your website.

Step- 2. Create opt-out consent box

Opt-Out Consent Box is great because it helps the users to opt-out from websites sharing their data with third parties.

cookiebot cookies bar

You can use plugins like CookieBot or Cookie Notice to create an opt-out consent box on your site.

Both plugins are compatible with MonsterInsights.

Please note that to make Google Analytics CCPA Compliant, you need to update your privacy policy following the CCPA law. It’s most important to do.

Frequently Asked Questions (FAQs)

Does Google Analytics set cookies on my website?

Yes, Google Analytics uses Javascript tags that you put on your website. These tags are operating through Google Tag Manager.

When a visitor comes to your website, these tags are fired and set cookies (known as ClientID) directly on the user’s browser.

Does Google Analytics collect personal information?

Yes, Google Analytics sets ClientID or UserID for each user and collects data like IP address, age, gender, browser type, operating system, etc.

That’s it in this article if you like this article, don’t forget to share and comment. Thanks for reading.

Newsletter Updates

Get freebies, and special offers delivered directly to your inbox.

Leave a Reply