Are you curious about Data retention in Google Analytics because you need to make your website compliant with the EU GDPR? MonsterInsights tries to make that compliance as easy as possible for our users. Read on to see what you’d need to do to make your Google Analytics implementation compliant with the EU GDPR with regards to you our your companies data retention policies.
Please see the bottom of this guide for an important legal disclaimer.
About Data Retention in Google Analytics
You might be seeing an alert at the top of your Google Analytics account that states the following:
“We’ve recently launched new Data Retention controls that may affect your data starting May 25, 2018. To dismiss this message, please visit your property’s Data Retention settings under Admin > Property > Tracking Info and click ‘Save’. Learn more
Why Has Google Implemented the Data Retention Policy
One of the key concepts of the GDPR is:
Data minimization
The principle of “data minimization” means that a data controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose. They should also retain the data only for as long as is necessary to fulfill that purpose. In other words, data controllers should collect only the personal data they really need, and should keep it only for as long as they need it.
The data minimization principle derives from Article 6.1(b) and (c) of Directive 95/46/EC and Article 4.1(b) and (c) of Regulation EC (No) 45/2001, which provide that personal data must be “collected for specified, explicit and legitimate purposes” and must be “adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed. [Source.]
It is presumed that the overtime the user-level data and the event-level data becomes less relevant for your business to hold onto and to serve your customers. So holding onto that data for an indefinite period is a liability for businesses that are affected by the EU GDPR.
What is user-level and event-level data?
The retention period applies to:
- User-level and event-level data associated with cookies
- User-identifiers (like User-ID, and data in the “user explorer” )
- Advertising identifiers (e.g., DoubleClick cookies, Android’s Advertising ID, Apple’s Identifier for Advertisers).
Note that these settings will not affect standard reports (as described above, i.e. standard reporting tables will be available and unaffected, but querying data with segments or secondary dimensions would not be available outside of the selected retention period). [Source.]
When will the Google Analytics Data Retention controls take effect?
The Google Analytics data retention settings take effect on May 25, 2018.
What Happens When Data Reaches the End of the Retention Period?
When data reaches the end of the retention period, it is deleted automatically every month.
- If you change the retention period, then affected data when the next monthly process occurs.
- For example, if you change from 50 months to 28 months, then any data older than 28 months is deleted during the next monthly process.
- If you change the retention period, Analytics waits 24 hours before making the change.
- During this 24-hour period, you can revert your change, and your data will be unaffected.
- Any data older than the selected period on May 25, 2018, will be deleted during the first monthly process that occurs.
Reset on new activity
Turn this option on to reset the retention period of users that return to your site. When they revisit your site, this sets the expiration date to the current time plus retention period.
For example, if data retention is set to the minimum, (14 months) but returns to your site every week or so, then that user’s identifier is refreshed every week and is never deleted.
If another user doesn’t return to your site before the retention period expires, then that user’s data is deleted.
If you don’t want the retention period for users to reset when that users return to your site, then turn this option to off.
Data about that user will be deleted automatically during the monthly deletion process.
Our Recommendations
For User-data retention: select the retention period you want. We recommend Do not automatically expire unless you are required to change this due to regulations or laws applicable to you.
For Reset on new activity: turn the switch on or off. We recommend on unless you are required to change this due to regulations or laws applicable to you.
How to Change the Google Analytics Data Retention Settings
Please see our guide: EU GDPR Data Expiration Settings.
Sources and Further Reading:
https://support.google.com/analytics/answer/7667196?hl=e
https://www.eugdpr.org/
http://www.kristaseiden.com/new-data-retention-policies-in-google-analytics/
Legal Disclaimer: This addon is designed to automate some of the settings change required to be in compliance with various EU laws however due to the dynamic nature of websites, no plugin can offer 100% legal compliance. Please consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases.
As a website operator, it is solely your responsibility to ensure that you are in compliance with all applicable laws and regulations governing your use of our plugin.
MonsterInsights, its employees/contractors, and other affiliated parties are not lawyers. Any advice given in our support, documentation, website, other mediums or through our services/products should not be considered legal advice and is for informational and/or educational purposes only and are not guaranteed to be correct, complete or up-to-date, and do not constitute creating/entering an Attorney-Client relationship.