: Does it affect privacy policies or legal liability when we can identify users through analytics? Currently we are using Google Analytics and provide a simple template generated privacy policy,

@Kristi941

Here's where it gets tricky: You can't identify individual users in Google Analytics for Personal Identifable Information. (PII).

However, if you already explicitly storing user data you can 'do the math' on it and identify the User's individual behaviour (i.e. users who have been on page orderid=211, you can view that user's behaviour with simple analytics segmentation).

Google are very adherent to PII, because that's the main 'Gotcha' for analytics privacy compliance.

But identifying who someone is without PII with an external resource that does safely store PII such as your CRM, integrating their GA analytics isn't hard and as long as PII is kept out of GA you should be ok.

Google Analytics, itself explicitly, wouldn't be violating the privacy laws even in the EU nations to my knowledge (DISCLAIMER: Talk to a lawyer, especially a technology specialist because other lawyers are useless).

If you are running an ecommerce site and GA, you should be stating that you are storing their information and be transparent with that data.

But even with the most vanilla ecommerce set-ups, you can identify on a person-by-person basis with very basic segmentation - just 80-90% of people don't know how to do it.

Vote Up Vote Down

@Annie201

DISCLAIMER: I am not a lawyer and this is not legal advice. For legal advice, get a lawyer.

First, it is against the Google Analytics TOS to identify users through it. (See cutroni.com).

Even without that, you need a user's permission to store their personal data. If you have something that covers that in your privacy policy, you may be ok. I don't know EU law that well.

Vote Up Vote Down