Google Analytics and Your Privacy Policy

Written by Alison Page and last updated on 07 April 2020.

Google Analytics and Your Privacy Policy

If your website or app runs Google Analytics, you will need to have a Privacy Policy in place in order to comply with current privacy laws and with Google's Terms of Service.

If your company already has a Privacy Policy in place, you can update it so that it includes a new section that covers Google Analytics and online advertising.

With new laws coming online and with the probable ongoing evolution of your business, it's always a good time to take a fresh look at your Privacy Policy.

What is Google Analytics and why do you need to have a Privacy Policy if you use this service on your website or app?

What is Google Analytics?

Logo of Google Analytics

Google Analytics a free web analytics service provided by Google that tracks and reports on all traffic that passes through your website or app. It also integrates with AdWords, allowing you to review the performance of your online ad campaigns by tracking site visits, conversion rates, and other key metrics.

You can use Google Analytics with AdWords to refine and adjust your keywords and ads to improve ROI and make better use of your marketing budget.

Google Analytics and Privacy Laws

Google Analytics and Privacy Laws

Google Analytics uses a technical tool called cookies to collect information about your website visitors, app users and their online behaviors.

Because several laws govern the use of cookies and collection of personal information, you will need to have a compliant Privacy Policy posted to your site if you use Google Analytics.

These laws include the EU Cookies Directive, CalOPPA and the GDPR, all of which require a Privacy Policy if you collect personal information or use cookies.

Google Analytics Terms of Service

Google Analytics Terms of Service

In its Terms of Service, Google Analytics clearly states that users of the service must have a Privacy Policy in place. This is necessary in order to comply with privacy laws that require certain disclosures and protections for the management of personal consumer information.

Specifically, Google requires any business using Analytics to disclose use of the service and explain how user data is gathered and stored.

Google Analytics Terms of Service Privacy clause

These terms also require Google Analytics users to disclose their use of cookies.

You can do this by including a clause similar to this one from Indeed in your Privacy Policy:

Indeed Privacy Policy: Google Analytics clause

Indeed informs users that Google Analytics is in use in order to "improve the functionality of your site."

This not only presents the company as transparent, but it also tells users that the collected information is used to enhance and improve their browsing experience. How collected information is used is an important component of many privacy laws.

Another way you can inform users of your use of cookies is with a cookies notice.

In the example below, Audi UK places a cookies notice in a pop-up header banner on its website.

Audi UK Cookies notice banner on website

In this notice, users are told that by clicking the "Continue" button and continuing to browse the site, they accept that cookies will be used. There also is a link for users to read more about cookies and the company's Privacy Policy.

This means that users will know about cookies right away without needing to check for a clause in a Privacy Policy.

Google Analytics Advertising Tools

Google Analytics Advertising Tools

One popular feature of Google Analytics is its advertising tools. These tools enable businesses to use data gleaned from cookies for advertising purposes. Remarketing, also called retargeting, is a popular function that Google Analytics provides.

Google Analytics has grouped tools such as Remarketing, Google Analytics Demographics, Google Display Network Impression Reporting, and Interest Reporting under the umbrella of Advertising Features.

All Google Advertising Features must be disclosed to your users in a Privacy Policy.

You must do this by including the following three points in your Privacy Policy:

Google Analytics Terms of Service Disclosure Requirements clause

1. Which Google Analytics advertising features have you implemented on your site or app?

Create a list of every advertising feature you use on your app or site, including links to more information about each feature.

For example, if you use AdWords for retargeting, you must disclose this in your company Privacy Policy. It would also be helpful for users if you included links to Google's Privacy Policy and to its Remarketing website.

Here's how Audi MediaCenter tells its clients it uses Google Analytics remarketing service:

Audi MediaCenter Privacy Policy: Google Analytics clause

2. Disclose that you and your third-party vendors use both first and third party cookies (including Google advertising cookies).

It's important to advise your users that you use third parties for advertising purposes. Remember to point out that these third parties may use cookies and why, as in the example below from Audi MediaCenter's Privacy Policy:

Audi MediaCenter Privacy Policy: Cookies clause

3. Explain how visitors can choose to opt out of the Google Analytics' advertising features you are using on your site or app.

You must provide users with an easy-to-use option that enables them to opt-out of any Google Analytics features that your site or app uses. An easy way of doing this is to offer a link to the Google Analytics opt-out tool.

Indeed provides a link to Google's opt-out browser add-on.

Google's Opt-out Browser Add-on tool

This enables users to decline the use of cookies, thus emphasizing the company's desire for transparency, honesty, and trustworthiness.

Google Analytics Remarketing

Google Analytics Remarketing

If your site or app uses Google Analytics Remarketing Lists, you must agree to the Google Analytics Terms of Service. This Agreement requires that you have a Privacy Policy in place that clearly tells your users that cookies are used by Google Analytics Remarketing.

You must inform your users that cookies will be used to track visitors to your app or site and to show your ads to those users when they visit other sites.

The precise language that you should use to disclose your use of Google Analytics is not provided by Google. However, your emphasis should be on clarity, conciseness, and on providing relevant information to your users.

The following points should be included:

  1. Tell your users that remarketing metrics are used on your site or app, and that this will present your products or website across other sites that they may visit.
  2. Inform your users that Google and other third parties will present your ads on sites that your users visit subsequently.
  3. Tell users that your ads will be presented on other sites because they have previously visited your site.
  4. Clearly inform your users that they can choose to opt out of remarketing via the Google Ad Settings page. Providing users with a convenient link to this page is recommended.

In the following example, Etermax covers all 4 of those things in a clear and concise clause.

Etermax Privacy Policy: Third party advertising cookies clause

Another good example is provided by Storkie. Its Privacy Policy uses language that is specific to Google Analytics and clearly tells users that the site uses Google's cookies.

Storkie Privacy Policy: Third Party Cookies clause

Users are also given information on how they can opt out of cookie placement via the Network Advertising Initiative Opt-out page.

If your website or mobile app uses Google Analytics to collect user data, you must ensure that you have a Privacy Policy in place in order to operate within the EU laws on data protection and to comply with Google's terms of use.

You must include clauses in your Privacy Policy that clearly explain what data is collected via Google Analytics, how it is collected, and why.

How to Create a Privacy Policy

FreePrivacyPolicy: Privacy Policy Generator - Steps How to Create Privacy Policy

Our Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display.

  1. Start the Free Privacy Policy Generator, located at the top of the website.
  2. Select where your Privacy Policy will be used:
  3. FreePrivacyPolicy: Privacy Policy Generator - Select where your Privacy Policy will be used - Step 1

  4. Answer a few questions about your business:
  5. FreePrivacyPolicy: Privacy Policy Generator - Answer a few questions about your business - Step 2

  6. Add your website or app information:
  7. FreePrivacyPolicy: Privacy Policy Generator - Add your website or app information - Step 3

  8. Answer a few questions about what information you collect from your users:
  9. FreePrivacyPolicy: Privacy Policy Generator -  What information you collect - Step 4

  10. Select options for how your users can contact you:
  11. FreePrivacyPolicy: Privacy Policy Generator - How your users can contact - Step 5

  12. Select whether or not you wish to create a Professional Privacy Policy that would include wording for GDPR and CalOPPA:
  13. FreePrivacyPolicy: Privacy Policy Generator - Select what Privacy Policy you want to create - Step 6

  14. Enter your email address where you'd like your new Privacy Policy sent:
  15. FreePrivacyPolicy: Privacy Policy Generator - Enter your email address - Step 7

  16. Click Create Privacy Policy and you're done. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.
  17. FreePrivacyPolicy: Privacy Policy Generator - Copy or link to your hosted Privacy Policy - Step 8