Are you wondering if Google Analytics is compliant with PIPEDA?
PIPEDA is Canada’s privacy law, which is similar to GDPR for the European Union.
There’s a lot of information out there about the EU’s General Data Protection Regulation (GDPR), and you’ve probably seen a lot of companies add things like cookie acceptance popups on their websites.
But, is PIPEDA different from GDPR? Do the changes you’ve made to be compliant with GDPR make you compliant with PIPEDA too?
We’ll answer all of these questions right now.
Legal Disclaimer: Due to the dynamic nature of websites, no single plugin can offer 100% legal compliance. Please consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases. Nothing on this website should be considered legal advice.
What is PIPEDA?
The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s federal private sector privacy law. PIPEDA, similar to GDPR, controls how private businesses can collect and use Canadians’ personal information.
This includes information collected in any way, including on the business’s website. However information is collected, there are rules about how it must be kept and used.
According to the Office of the Privacy Commissioner of Canada, the basics of PIPEDA are:
Organizations covered by PIPEDA must generally obtain an individual’s consent when they collect, use or disclose that individual’s personal information. People have the right to access their personal information held by an organization. They also have the right to challenge its accuracy.
Personal information can only be used for the purposes for which it was collected. If an organization is going to use it for another purpose, it must obtain consent again. Personal information must be protected by appropriate safeguards.
Basically, you have to tell someone you’re collecting their information and ask for their consent, and that person has to be able to see the data and/or remove it from your records.
Google Analytics and PIPEDA Compliance
Google Analytics collects bits of information about your website’s visitors.
In order to be compliant with GDPR (and very soon with PIPEDA), you need to explicitly tell your visitors that their data is being collected and ask for consent.
How to Make Google Analytics PIPEDA Compliant
There are a few things you should do to make your website and Google Analytics compliant with privacy laws. If you’ve already gone through the process of becoming GDPR compliant, then you don’t have to do anything more. You’re already PIPEDA compliant.
If you’re looking for the best solution to make Google Analytics both GDPR and PIPEDA compliant, keep reading!
MonsterInsights Can Make Google Analytics PIPEDA and GDPR Compliant
If you want to make your Google Analytics tracking compliant, there are two different methods you can use to make that happen.
Once you’ve got the addon installed and activated, you’ll be able to turn on these GDPR-compliant features:
- Anonymize IP addresses
- Disable demographics and interest reports for remarketing and advertising
- Disable UserID and author name tracking
- Disable UserID tracking for eCommerce hits, form tracking hits, and custom dimensions
Go to Insights » Settings and then click the Engagement tab.
Then, go to EU Compliance to adjust your settings.
To really dive into these features and understand why you might want to turn them on, read our complete guide to GDPR and Google Analytics.
Method Two: You can obtain explicit consent before loading the Google Analytics script with a cookie acceptance plugin. If you’re going to go this route, MonsterInsights integrates with Cookiebot.
Cookiebot will provide the features you need to ask for explicit consent when a user lands on your website. They can either consent to being tracked or opt out.
Which PIPEDA Compliance Method is Right for Your Website?
We highly recommend going with the MonsterInsights compliance method. Here’s why:
- We stay up-to-date on laws and update the plugin quickly if anything changes
- Website visitors won’t have to click a button to be tracked or get annoyed by a cookie popup
- There’s no risk of missing tracking data
- It’s an easy-to-understand solution to a complex law
Using a cookie acceptance popup is risky because it relies on your users clicking a button to opt-in to being tracked. If they don’t click it, you don’t get data from their visits at all. Your Google Analytics tracking code won’t even fire if a user doesn’t click that “Accept” button.
More Resources on Explicit Consent
We’ve gone over the basics here about how to set up your website and Google Analytics for GDPR and PIPEDA compliance. For more details about explicit consent and compliance for your website, we’re here for you! Check out these resources:
- GDPR and Google Analytics – How to Make Your Site Compliant
- How to Make a WooCommerce Site GDPR Compliant
- How to Make Google Analytics Opt-out Links With MonsterInsights
- Introduction to PIPEDA for Your Business (Office of the Privacy Commissioner of Canada)
- 7 Best GDPR Plugins to Help You Avoid Heavy Fines
Interested in learning more about what MonsterInsights can do? Read Your Ultimate Guide to MonsterInsights Dashboard Reports.