At MonsterInsights, we try to make compliance with the EU GDPR as easy as possible for Google Analytics users. Read on for instructions on setting up your Google Analytics account for EU compliance.
Please see the bottom of this guide for an important legal disclaimer.
Also, we also recommend checking out our complete guide: Getting Started with the EU Compliance Addon.
Changing Google Analytics Settings
We recommend reviewing several Google Analytics account settings, and ensuring they are set to the appropriate values for your country’s laws and regulations.
Before reading further, make sure to verify whether you have a Universal Analytics (UA) property or a Google Analytics 4 (GA4) property so that you can follow the correct instructions, as steps might differ between both property types.
Not sure which Google Analytics property type you have? Read about the differences here: Google Analytics 4 Versus Universal Analytics
To start, go to analytics.google.com, make sure the correct property is chosen and then click into Admin, found at the bottom left of the page.
Google Analytics Data Retention Settings:
If you have a GA4 property…
To edit, go to Data Settings » Data Retention (under the Property column).
Adjustments here will not affect standard aggregated reports, only Explorations reports.
If the Event data retention option is adjusted it will apply to data already collected but Age, Gender and Interest data will always have a 2 month retention period.
For more detailed information, please see Google’s guide on Data Retention in GA4.
If you have a UA property…
To edit, click on Tracking Info » Data Retention (found within the middle Property column)
For User and data retention: select the retention period you want. We recommend Do not automatically expire unless you are required to change this due to regulations or laws applicable to you.
For Reset on new activity: turn the switch on or off. We recommend ON unless you are required to change this due to regulations or laws applicable to you.
- If you do not change this value from the default, starting on May 25, 2018, you will automatically lose all data (on a continuous rolling basis) data older than 26 months (the default).
- These settings will not take effect until May 25, 2018, and automatically apply starting on that date.
- This setting only affects data from non-aggregated reports, like custom segments applied to reports, or custom reports. Standard aggregated Google Analytics data is not affected by this setting.
- After changing, this setting takes 24 hours to take effect. During those 24 hours, you may rollback this change without it affecting your data. After 24 hours, the change becomes permanent, and any data lost from this application of this setting becomes permanent.
Google Analytics Demographics and Interest Reports:
If you have a GA4 property…
Advertising Features in GA4 are enabled within Google signals data collection.
When you enable or disable Google signals, it affects the following:
- Cross Platform reporting
- Remarketing with Google Analytics
- Advertising Reporting Features
- Demographics and Interests
When activated, these existing Google Analytics features are updated to also include aggregated data (personal data is anonymized and not collected or processed by third parties). Read more about activating Google signals.
Google signals can remain enabled for GDPR in GA4 properties:
- IP addresses collected from EU users are dropped before being logged.
- On a per-region basis, Google offers the ability to disable Google-signals, location or device data collection.
- EU data is collected within the EU.
For further information, please see Google’s guide about EU-focused data and privacy.
To begin, go to Data Settings » Data Collection and get click on Get started.
This will walk you through their terms and share more information about data collection.
Once you’ve read through everything and clicked on Activate, Google signals collection will be active for that specific GA4 property.
When choosing to activate Google signals, similar to any other Google Analytics advertising feature, you’ll be expected follow the same policy requirements and using a cookie banner if you are in the affected jurisdictions.
If you have a UA property…
To edit, click on Property Settings (found within the middle Property column) then scroll to Advertising Features.
Set Enable Demographics and Interest Reports to OFF.
Then in the left sidebar click on Tracking info » Data Collection.
Set Remarketing and Advertising Reporting Features to OFF.
- Disabling this feature will make the demographics reports data in MonsterInsights’s reports unable to operate.
- You can keep this turned on if instead, you have MonsterInsights wait to load until consent is given by a user through our integrations with either the CookieBot plugin, the Cookie Notice plugin, the CookieYes plugin, or Complianz.
Opt into The GDPR DPA in Google Analytics
When initially creating your Google Analytics account, you’re prompted to accept the Google Analytics Terms of Service Agreement.
There is also a checkbox to accept the Data Processing Terms at the bottom.
If this wasn’t accepted at account creation, then you can go to Admin » Account Settings (under the Account column) and scroll to the Data Processing Terms section.
Accept the terms by checking the checkbox and make sure to click Save.
If you’ve already accepted these terms then instead you’ll see a message that says:
“The Data Processing Terms for this account were accepted on…”
If you are not seeing this section, either you, someone with access to your account, or Google themselves have already opted you in. Or Google does not offer the DPA in your jurisdiction.
For help with this, please contact Google directly, as we do not control anything with regards to the GDPR DPA on Google’s side.
Be sure to see the rest of our guide: Getting Started with the EU Compliance Addon.
Legal Disclaimer: This addon is designed to automate some of the settings change required to be in compliance with various EU laws however due to the dynamic nature of websites, no plugin can offer 100% legal compliance. Please consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases.
As a website operator, it is solely your responsibility to ensure that you are in compliance with all applicable laws and regulations governing your use of our plugin.
MonsterInsights, its employees/contractors, and other affiliated parties are not lawyers. Any advice given in our support, documentation, website, other mediums or through our services/products should not be considered legal advice and is for informational and/or educational purposes only and are not guaranteed to be correct, complete or up-to-date, and do not constitute creating/entering an Attorney-Client relationship.