Are you wondering if Google Analytics is compliant with the California Consumer Privacy Act (CCPA)?
Google Analytics is the most popular analytical tool that’s used by millions of websites. It helps you track your site’s performance and understand your user’s behavior.
But the way it works and collects personal data about your visitors can get you into trouble if you don’t meet CCPA compliance.
In this article, we’ll show you how to make sure your Google Analytics complies with CCPA. Let’s begin with a brief look at the new regulations…
Legal Disclaimer: Due to the dynamic nature of websites, no single plugin can offer 100% legal compliance. Please consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases. Nothing on this website should be considered legal advice.
What is CCPA?
California Consumer Privacy Act (CCPA) is a comprehensive data protection law in the United States. The law went into effect on January 1, 2020, and it’s enforceable from July 1, 2020.
The aim of CCPA is to enhance privacy rights and consumer protection for residents of California. It calls for more transparency by organizations about what personal information they collect, how they use it, and whom they share it with.
Some of the rights that residents of California have under CCPA include:
- Right to be Informed – Users should know how a website collects, sells, discloses, and shares their personal data
- Right to have Data Deleted – Citizens have the right get their erased from a website
- Right to See What Data – This includes the data collected about a user in the past 12 months
- Right to Equal Services and Price – Websites aren’t allowed to discriminate against consumers that exercise this right and should be given same price and service as other consumers
- Right to Opt-Out – People can opt-out from websites selling, renting, or releasing their personal information to third parties
Now, you might be wondering, does the new law apply to your website?
Who Needs to be CCPA Compliant?
Unlike GDPR (a European data privacy law), CCPA doesn’t apply to everyone. If your business meets the following conditions, then you’ll have to comply with the law:
- Your annual gross revenue is $25 million or higher
- If your 50% or more of your annual revenue is from selling consumer’s personal information
- You buy, receive, or sell personal information of 50,000 or more consumers, devices, or households
So, what happens if you don’t comply with CCPA?
Well, if you’re found to be intentionally violating the law, then you could face penalties up to $7,500 per violation per individual. While unintentional violators can cough up to $2,00 per violation per individual.
And in case a user files a lawsuit, fines can range between $100 to $750 per consumer per incident, or the actual damage (whichever is greater).
Is Google Analytics CCPA Compliant?
Now that you know what is CCPA and whether it applies to your business or not, the next question you might have is: what does CCPA have to do with Google Analytics?
Google Analytics is a powerful tool for understanding how people interact with your website. But it works by assigning your visitors an UserID and records personal data like IP addresses, gender, age, device, and the other personally identifiable information.
This means that it falls under CCPA’s explanation of consumer’s personal information.
So, should companies disable Google Analytics for CCPA?
While this may be an extreme measure, but without Analytics, you won’t have any data to make decisions and you’ll be just guessing about what works on your website.
That said, you can easily make a few changes to ensure Google Analytics complies with the requirements of CCPA. And here’s how you can do it…
How to Make Google Analytics CCPA Compliant?
Are you wondering, how do I comply with CCPA? You can follow these 3 steps to make sure that Google Analytics meets CCPA requirements.
Step 1: Install MonsterInsights and its EU Compliance Addon
MonsterInsights is the best WordPress plugin for Google Analytics. You can easily fulfill the needs of the new law by installing the plugin and its EU Compliance addon.
The EU Compliance addon allows you to automate different processes to meet CCPA. For instance, you can easily anonymize or disable personal data tracking in Google Analytics with a click of a button.
Here’s what you can do with the addon:
- Anonymize user’s IP address Google Analytics hits
- Disable UserID tracking on Google Analytics
- Disable demographics and interest reports for advertising (Google Ads) and remarketing tracking in Google Analytics
- Automatically disable author tracking Google Analytics and custom dimensions addon
- Enable ga() compatibility mode
- Allow AMP addon users to agree with the Google AMP consent box before tracking their data
- Easy integration with CookieBot and Cookie Notice WordPress plugins
To access the addon, go to Insights » Addons » EU Compliance. Then install and activate the addon.
Once the addon is activated, go to Insights » Settings » Engagement and scroll down to EU Compliance. Here you can change the settings and disable different tracking features in Google Analytics to comply with CCPA.
Step 2: Create an Opt-Out Consent Box
After setting up MonsterInsights and its EU Compliance addon, the next thing you’ll need to do is create an opt-out consent box. That’s because one of the rights in CCPA is that user’s can opt-out from websites sharing their data with third parties.
And a simple way of creating an opt-out consent box is by using free WordPress plugins like CookieBot or Cookie Notice. Both these plugins offer a built-in option to set up an opt-out consent box and they easily integrate with MonsterInsights as well.
For instance, CookieBot scans your site and creates a cookie declaration link that you can place on your website. Not only that, it also creates a Do Not Sell My Personal Information document that you can link to make sure you comply with CCPA requirements.
You can start by informing your visitors that the website uses Google Analytics. Then describe what personal information Google Analytics collects about your visitors. You’ll also have to explain the purpose of the data you collect, how you use it, and if it’s shared with any third party.
FAQs about CCPA and Google Analytics
Now let’s take a look at some frequently asked questions about Google Analytics and CCPA.
1. Are Cookies Personal Information Under CCPA?
Any cookie that tracks personally identifiable information such as your IP address, age, gender, browser type, operating system, and more can be said to contain personal information under CCPA.
So, you should clearly disclose and explain the purpose of cookies to your users. Plus, plugins like CookieBot and Cookie Notice can help you organize them and add an opt-out consent box for your WordPress site.
2. Does Google Analytics Collect Personal Information?
Google Analytics uses User ID, Client ID, and cookies to track the behavior of your users when they land on your website. This means that Google Analytics collects personal information under CCPA. But with MonsterInsights EU compliance addon, you can make sure Google Analytics complies with the new law.
3. CCPA – What Should Corporations Need to do if They Use Google Analytics?
If your business meets the requirements of CCPA and is using Google Analytics, then you have to ensure that Analytics complies. We’ve outlined some of the steps in this post that you can use to meet CCPA and avoid any risk of penalties.
CCPA is now enforceable by law from July 1, 2020, and applies to any business that provides web services to the residents of California.
And if you meet the requirements for CCPA and use Google Analytics, then with MonsterInsights, you can easily comply with the new law. Just use its EU Compliance addon and disable tracking with a few clicks of a button.
We hope you found our article on how to make sure your Google Analytics complies with CCPA useful. If you want, you can also check out our guide on MonsterInsights vs. Google Analytics.