GDPR: IP Anonymization on Google Analytics

IP Anonymisation on Google Analytics

Many companies use Google Analytics as their assistive tool in order to collect valuable information about customer behaviour on websites, mobile apps etc. By default, Analytics uses the entire IP address of website users to provide general geographic reporting. The report also shows users’ language, used browser, operating system, service provider and resolution.

Why IP anonymization is needed?

Under GDPR, an IP address is considered as personal data. Even though those IP addresses do not show up on Google Analytics reports, visitors ID still can be tied to IP address owner’s personal information outside of Google Analytics.

Google has provided IP anonymisation function to allow website owners to request that all of their users’ IP addresses be anonymised within Google Analytics. This feature is designed to help site owners comply with their own privacy policies, recommendations from local data protection authorities and legal regulations like the GDPR, which may prevent the storage of full IP address information.

How to anonymize a users’ IP?

The IP Anonymisation feature in Google Analytics is not enabled by default. Therefore, when a customer of Google Analytics requests IP address anonymisation, Analytics anonymises the address as soon as technically feasible at the earliest possible stage of the collection network. As a result of that website, the owner does not have to ask consent from users inside Cookie Policy.

In order to prevent the collection of personal data from your website’s Google Analytics tracking code, anonymise your website users’ IP addresses. It can be done by making a change in web’s/app’s code or by adding a new variable in GTM tag (step-by-step instructions).  It can also be enabled via Google Tag Manager as shown in the picture below.

IP anonymization using Google Tag Manager
IP anonymization using Google Tag Manager

Anonymization of IP address might impact geolocation tracking data at the city level. However, there is no noticeable difference in accuracy at the continent or country level.

More to read on this topicThe lawful basis for Data Processing under the GDPR

Are you GDPR compliant?

Assess whether you have to comply with the GDPR in the first place and if you do, what is the level of preparedness of the GDPR compliance. Also check out the answers for the frequently asked questions.
Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on email

Get your compliance organized with proper GDPR tools.
Contact us for a demo and get access to 14-day trial.

Save time and be confident

Latest Posts
The EU-U.S. Data Privacy Framework: A Transatlantic honeymoon for data flows, but for how long?

The EU-U.S. Data Privacy Framework: A Transatlantic honeymoon for data flows, but for how long?

The European Commission concluded that the United States ensures adequate protection for personal data transferred from the EU to U.S....
A Comprehensive Guide to Personal Data Mapping

A Comprehensive Guide to Personal Data Mapping

Introduction Data privacy and security are of utmost concern in the digital era of today, especially when it comes to...
Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

What is a Data Processing Agreement (DPA)? A Data Processing Agreement (DPA) is a legally binding document to be entered...
Direct marketing rules and exceptions under the GDPR

Direct marketing rules and exceptions under the GDPR

Direct marketing includes text messages (SMS) and emails that a customer receives from a product or service provider. But activities...
Transmitting personal data to third countries

Transmitting personal data to third countries

The GDPR has put strict rules in place, when it comes to data transfer to third countries or international organizations. Which...
Records of processing activities in GDPR Article 30

Records of processing activities in GDPR Article 30

What are the records of processing activities (ROPA)? Article 30 of the EU General Data Protection Regulation (GDPR) requires organisations...
10 Great GDPR Software Tools for Compliance in 2023 (Review + Pricing)

10 Great GDPR Software Tools for Compliance in 2023 (Review + Pricing)

In this article, we will introduce you to some useful GDPR software tools which may help you reach GDPR compliance...
Personal Data Breach Reporting Requirements Under the GDPR

Personal Data Breach Reporting Requirements Under the GDPR

What is Data Breach? According to General Data Protection Regulation (GDPR), a personal data breach is a security incident that...
Data Protection Authorities (DPA)

Data Protection Authorities (DPA)

Data Protection Authorities (DPA) Data Protection Authorities (DPA) are independent public authorities that supervise, through investigative and corrective powers, the...
GDPR compliance checklist for controllers

GDPR compliance checklist for controllers

This is a simple GDPR compliance checklist for data controllers that you can use to ensure you have considered most important...