: Does it affect privacy policies or legal liability when we can identify users through analytics? Currently we are using Google Analytics and provide a simple template generated privacy policy,
Currently we are using Google Analytics and provide a simple template generated privacy policy, i.e. standard policy on cookies, anonymous tracking, etc.
Some more advanced solutions such as mixpanel now allow us to link logged-in-user, so the users are not anonymous anymore.
Are there any gotchas if we are going to integrate these solutions, e.g. need to update the privacy policy, or provide a way to opt-out? In particular, we don't want to violate the EU's requirements..
p.s. We are running an ecommence site.
More posts by @XinRu657
2 Comments
Sorted by latest first Latest Oldest Best
Here's where it gets tricky: You can't identify individual users in Google Analytics for Personal Identifable Information. (PII).
However, if you already explicitly storing user data you can 'do the math' on it and identify the User's individual behaviour (i.e. users who have been on page orderid=211, you can view that user's behaviour with simple analytics segmentation).
Google are very adherent to PII, because that's the main 'Gotcha' for analytics privacy compliance.
But identifying who someone is without PII with an external resource that does safely store PII such as your CRM, integrating their GA analytics isn't hard and as long as PII is kept out of GA you should be ok.
Google Analytics, itself explicitly, wouldn't be violating the privacy laws even in the EU nations to my knowledge (DISCLAIMER: Talk to a lawyer, especially a technology specialist because other lawyers are useless).
If you are running an ecommerce site and GA, you should be stating that you are storing their information and be transparent with that data.
But even with the most vanilla ecommerce set-ups, you can identify on a person-by-person basis with very basic segmentation - just 80-90% of people don't know how to do it.
DISCLAIMER: I am not a lawyer and this is not legal advice. For legal advice, get a lawyer.
First, it is against the Google Analytics TOS to identify users through it. (See cutroni.com).
Even without that, you need a user's permission to store their personal data. If you have something that covers that in your privacy policy, you may be ok. I don't know EU law that well.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.