Google Analytics Privacy Policy

Avatar for Simon Fogg

by Simon Fogg

March 16, 2020

Build a Free Privacy Policy
Google Analytics Privacy Policy featured image

If you track visitor behavior on your site using Google Analytics, you need to present users with a clear and detailed privacy policy that explains how you process their data.

Read on to learn the specific requirements of a Google Analytics privacy policy — and why having one is a legal necessity for all online business owners who use this software to understand their users.

Table of Contents
  1. What Is Google Analytics and How Does it Collect Data?
  2. Google Analytics and Privacy Policy Requirements
  3. Privacy Policy for Google Analytics Advertising Features
  4. Google Analytics and Cookies
  5. Your Privacy Policy for Google Analytics [Free Template]
  6. FAQs About Google Analytics Privacy Policies

1. What Is Google Analytics and How Does it Collect Data?

Google Analytics is a free software tool created by Google that helps digital professionals monitor and analyze website traffic.

It collects data by placing a cookie on a user’s browser when they visit your site, thereby providing insights such as how many users you have, where they are from, and which pages they click on.

2. Google Analytics and Privacy Policy Requirements

Because Google Analytics tracks users and collects data about their behavior, website owners must disclose this data processing activity to their visitors. Such a disclosure can be achieved by providing a comprehensive privacy policy.

A privacy policy (or privacy statement/notice) is a document that describes how a company collects, stores, and potentially sells user data. Under many new privacy laws around the world, privacy policies are a legal requirement for businesses, with significant fines for failing to provide a suitably detailed policy.

Let’s look at how Google’s Analytics policies explain the key requirements of a Google Analytics privacy policy, and how these relate to data privacy legislation worldwide.

Google Analytics Terms of Service

Google’s Marketing Platform Terms of Service includes a specific clause explaining that you must provide a privacy policy to users in order to legally use the software and its tracking features.

Clause 7 from Google's Terms of Service

Clause 7 states:

You will have and abide by an appropriate Privacy Policy and will comply with all applicable laws, policies, and regulations relating to the collection of information from Users.

By signing up for Google Analytics, you agree to these terms, and therefore need to abide by their requirements when you use the software.

Google Analytics and Complying With Privacy Laws

There are several privacy laws worldwide that require businesses to disclose how they collect user data — and by extension, describe their use of Google Analytics in a privacy policy.

Here’s an overview of the main privacy laws that affect US companies:

  • General Data Protection Regulation (GDPR) — Applies to any business that targets users in the European Union (EU) or European Economic Area (EEA), and focuses on transparency in data processing.
  • ePrivacy Directive (ePD) — Works in tandem with the GDPR and has strict requirements for obtaining valid consent to cookies.
  • California Online Privacy Protection Act (CalOPPA) — Requires US-based companies that collect personal information to outline their collection in a privacy policy.
  • California Consumer Privacy Act (CCPA) — Gives California consumers new rights, such as the right to know what information is collected about them.

To meet the essential requirements of these privacy laws when using the standard features of Google Analytics, you need to include the following information in your privacy policy:

  • Disclose that you use Google Analytics to track user behavior
  • Explain how you store and process the data you collect
  • Inform users that you deploy analytics cookies

Your privacy policy URL should be displayed prominently on your site — for example, by including a link in your footer.

3. Privacy Policy for Google Analytics Advertising Features

If you use the advertising features of Google Analytics, you need to include specific clauses in your privacy policy to explain how these features collect additional data from advertising cookies.

Here are three of the most common Google Analytics advertising features, and the insights they provide:

  • AdWords Remarketing — uses behavior, demographic, and interest data to identify users who are likely to convert, and then allows you to target those users with remarketing campaigns through Google Ads
  • Demographics and Interests Reporting — provides insight into the age, gender, and purchase interests of users, which you can use to better target your advertisements
  • Google Display Network (GDN) Impression Reporting — measures the impact of unclicked GDN Display ad impressions on conversions and site behavior

If you use these features, Google’s policy requirements state that you must notify users about the additional data collection by saying which advertising features you implemented, how you use additional cookies, and how visitors can opt out of this advertising.

Advertising features of Google Analytics shown in Google's policy requirements

You need to explicitly state which Google advertising features you use, and what the effect is on users, in your privacy policy. For example, if you use the remarketing service, you should explain how users can expect to see ads for your business on other sites.

When writing this section, it’s important that you use clear language rather than legalese, so the average user can understand your policy.

Google Analytics Privacy Policy Example

The Guardian’s privacy policy is a great example of how to explain Google Analytics retargeting in a way the average user will understand.

Google Analytics retargeting explained in The Guardian's privacy policy

Of course, although it’s valuable to take inspiration from how prominent sites phrase their policies, it’s always best to keep your clauses specific to your business and its unique practices.

Allowing Users to Opt Out of Google Analytics Tracking

Along with making users aware of how Google’s ad features are collecting their data and affecting their experience online, you need to allow users to opt out of data collection.

This can be achieved by providing a link in your privacy policy to the various opt-out options that users can use, such as the Google Analytics Opt-out Browser Add-on.

Screenshot of download page for Google Analytics opt out plugin

When users install this add-on in their browser, it prevents the Javascript code on a company’s site from sharing information with Google Analytics about user behavior.

SoundCloud’s policies include a detailed section on opting out of data collection, with a list of options and external links for users to follow in order to act on their preferences.

Google Analytics usage section of SoundCloud's privacy policy

As you can see, the first option is a link to Google’s browser add-on.

Both the standard and advertising features of Google Analytics rely on placing cookies on the user’s browser, which we will discuss in the next section.

4. Google Analytics and Cookies

If you use Google Analytics, you’re using cookies to collect user data. In order to comply with the GDPR, you need to disclose your use of cookies in your privacy policy, detail that use in your cookie policy, and get user consent to cookies.

Disclose Your Use of Cookies in Your Privacy Policy

If you use website cookies of any kind (including Google Analytics cookies) to collect personal information from your users, you need to disclose that in your privacy policy.

Tracking technology usage explained in Termly's privacy policy

The image above shows an excerpt from Termly’s privacy policy. You’ll notice that it links out to a dedicated cookie policy.

Create a Cookie Policy

In addition to disclosing your use of cookies in your privacy policy, write a dedicated GDPR cookie policy to detail your cookie use and help satisfy GDPR requirements.

Your cookie policy should explain the following:

  1. What types of cookies (e.g., analytics, advertising, social media) you use and why you use them
  2. If you use additional tracking technologies (e.g., web beacons)
  3. How users can set their cookie preferences

Here’s an example of how Google Analytics cookies are explained in Termly’s cookie policy:

Analytics and customization cookie usage in Termly's cookie policy

Google Analytic cookie usage in termly's cookie policy

As you can see in the example, Google Analytics cookies and their details are listed under “Analytics” in the cookie policy. This section begins with a short explanation of what analytics cookies do, making the policy more user-friendly.

Allow Users to Consent to Cookies

Once you’ve created a cookie policy that describes your use of Google Analytics cookies, you need to notify users of this policy and get their consent to use cookies. One way to do this is through a cookie consent banner.

The UK Information Commissioner’s Office has a good example of an effective Google Analytics cookie consent banner.

The ICO's cookie banner

The banner appears when users first visit the site, and includes:

  • A link to a cookie policy
  • An explanation of cookie practices in clear language
  • A specific mention of how cookies are used for Google Analytics tracking
  • An opt-in mechanism (e.g., a toggle) that allows users to consent to cookies

Follow this or other cookie consent examples and you’ll build trust with your users as well as obtain valid cookie consent to your use of Google Analytics.

5. Your Privacy Policy for Google Analytics [Free Template]

Google Analytics is a powerful tool for online businesses, but to use its features legally, you must disclose your data processing practices in a privacy policy.

Let’s recap how to create a compliant Google Analytics privacy policy for your website:

  • Understand how Google Analytics collects data via cookies
  • Find out which privacy laws you need to comply with
  • Disclose your use of Google Analytics in your privacy policy, and include a link to your policy in your website footer
  • Explain in clear language how you use additional advertising features
  • Describe your cookie practices in your privacy policy (and in your dedicated cookie policy)
  • Obtain valid cookie consent if necessary

Here’s a sample Google Analytics clause from Termly’s privacy policy template.

Google Analytics clause in termly's privacy policy template

To create your own policy, simply download the template, and customize it to the requirements of your business.

Alternatively, use Termly’s privacy policy generator by clicking the button below to create a tailored privacy policy in under 15 minutes.

Create a Privacy Policy in Minutes Using Termly

Here’s how you can use Termly’s generator to create a comprehensive and compliant privacy policy.

Step 1: Go to Termly’s privacy policy generator.

Step 2: Answer a few simple prompts and questions, and go through all of the steps until you reach “Final Details.”

privacy-policy-termly-final-step-screenshot

Step 3: Once you’ve filled in everything and you are satisfied with the preview, click “Publish.” You will then be prompted to create an account on Termly so you can save and edit your privacy policy further.

FAQs About Google Analytics Privacy Policies

Avatar for Simon Fogg
More about the author

Written by Simon Fogg

Simon is a data privacy expert and legal analyst for Termly. He studies news and trends in the data privacy space, then brings compliance solutions to business owners and website operators. More about the author

Related Articles

Explore more resources