Load Analytics, with or without consent, without losing any data.
The position of the French regulator is unclear on the need to obtain consent to trigger the loading of Google's Analytics solution. Indeed, even if the last revision of its recommendations mentions it by name, it follows its exclusion by a vague allusion to data anonymization measures:
In some cases it may be possible to configure these tools to disable the reuse of data, check with your tool supplier that they are contractually committed not to reuse the data collected. Also be aware of any data transfers outside the European Union that could be carried out by your solution provider.
When it comes to Axeptio, you will be recommended as a priority to load Google Analytics by obtaining the user's consent. Problem: how to reconcile tracking as soon as you land on the site when you have to wait to receive proof of consent. Fortunately, a technical answer exists.
Launch Analytics with consent, without anonymization
In its technical documentation, Google offers two ways to load its script (one asynchronous, the other not) and details the operation of the piece of code to copy paste, part of which is of particular interest to us:
This code will have the effect of creating a function, called ga, which will be made accessible in the current session and will allow all the calls made to it to be stored in a buffer memory. We also note that as soon as the function is declared, it is immediately called, lines 2 and 3, to pass two events, create and pageview
At this point, no script is loaded, and no personal data is sent to any server. It is indeed the role of the script which is loaded thereafter:
When the script is loaded into the page, it will inspect the contents of the buffer, which is located in the q (for tail) property of the ga () function. It will then replay all of the events and send them to Google's servers. It is therefore necessary, at this stage, to condition the loading of the analytics.js library only to the acceptance of the Internet user.
The script above, which declares and uses the ga () function, should be left to it no matter what. Thus, you will not lose the data related to the loading of the page and these will be sent once the triggering of Google Analytics is authorized.
Launch Analytics without consent, with anonymization
Google is your audience measurement solution provider. That is to say, your personal data processing subcontractor. You have a contract with this company. This is therefore the opportunity to take stock of the existing contractual framework:
Download and sign a Data Protection Agreement. It is a specific contractual document defining the obligations that Google must meet;
Review the applicable contractual rules. For example, the use of Google Analytics advertising features leads you to comply with certain commitments.
Maintain control over the data your audience measurement provider collects on your behalf. Several measures must therefore be taken:
Log into the solution's administration interface and apply the filters offered by Google to minimize data collection;
You will share the URLs of your visited pages to Google via its Google Analytics tool. Therefore, check these URLs, make sure that they do not contain any personal data in the clear (phone number, email address, name ...).
The IP address is considered by the CNIL as personal data with a certain level of sensitivity. Only collect this data to the extent necessary. Of course, if you truncate some of the collected IP addresses, this affects the accuracy of the geographic reports. But did you really need this level of precision? How to anonymize the collected IP addresses? By removing the last octet of the IP address.
The Google Tag Manager tool allows you to configure the Google Analytics tag to make it GDPR-friendly.
Otherwise, your beacon management system may also allow you to perform the manipulation. Finally,