How to Make Sure Your Google Analytics Complies with CCPA

Are you wondering if Google Analytics is compliant with the California Consumer Privacy Act (CCPA)?

Google Analytics is the most popular analytical tool that’s used by millions of websites. It helps you track your site’s performance and understand your user’s behavior.

But the way it works and collects personal data about your visitors can get you into trouble if you don’t meet CCPA compliance.

In this article, we’ll show you how to make sure your Google Analytics complies with CCPA. Let’s begin with a brief look at the new regulations…

MonsterInsights is the best WordPress Analytics plugin. Get it for free!

Legal Disclaimer: Due to the dynamic nature of websites, no single plugin can offer 100% legal compliance. Please consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases. Nothing on this website should be considered legal advice.

What is CCPA?

California Consumer Privacy Act (CCPA) is a comprehensive data protection law in the United States. The law went into effect on January 1, 2020, and it’s enforceable from July 1, 2020.

The aim of CCPA is to enhance privacy rights and consumer protection for residents of California. It calls for more transparency by organizations about what personal information they collect, how they use it, and whom they share it with.

Some of the rights that residents of California have under CCPA include:

  • Right to be Informed – Users should know how a website collects, sells, discloses, and shares their personal data
  • Right to have Data Deleted – Citizens have the right get their erased from a website
  • Right to See What Data – This includes the data collected about a user in the past 12 months
  • Right to Equal Services and Price – Websites aren’t allowed to discriminate against consumers that exercise this right and should be given same price and service as other consumers
  • Right to Opt-Out – People can opt-out from websites selling, renting, or releasing their personal information to third parties

Now, you might be wondering, does the new law apply to your website?

Who Needs to be CCPA Compliant?

Unlike GDPR (a European data privacy law), CCPA doesn’t apply to everyone. If your business meets the following conditions, then you’ll have to comply with the law:

  • Your annual gross revenue is $25 million or higher
  • If your 50% or more of your annual revenue is from selling consumer’s personal information
  • You buy, receive, or sell personal information of 50,000 or more consumers, devices, or households

So, what happens if you don’t comply with CCPA?

Well, if you’re found to be intentionally violating the law, then you could face penalties up to $7,500 per violation per individual. While unintentional violators can cough up to $2,00 per violation per individual.

And in case a user files a lawsuit, fines can range between $100 to $750 per consumer per incident, or the actual damage (whichever is greater).

Is Google Analytics CCPA Compliant?

Now that you know what is CCPA and whether it applies to your business or not, the next question you might have is: what does CCPA have to do with Google Analytics?

Google Analytics is a powerful tool for understanding how people interact with your website. But it works by assigning your visitors an UserID and records personal data like IP addresses, gender, age, device, and the other personally identifiable information.

This means that it falls under CCPA’s explanation of consumer’s personal information.

So, should companies disable Google Analytics for CCPA?

While this may be an extreme measure, but without Analytics, you won’t have any data to make decisions and you’ll be just guessing about what works on your website.

That said, you can easily make a few changes to ensure Google Analytics complies with the requirements of CCPA. And here’s how you can do it…

How to Make Google Analytics CCPA Compliant?

Are you wondering, how do I comply with CCPA? You can follow these 3 steps to make sure that Google Analytics meets CCPA requirements.

Step 1: Install MonsterInsights and its EU Compliance Addon

MonsterInsights is the best WordPress plugin for Google Analytics. You can easily fulfill the needs of the new law by installing the plugin and its EU Compliance addon.

The EU Compliance addon allows you to automate different processes to meet CCPA. For instance, you can easily anonymize or disable personal data tracking in Google Analytics with a click of a button.

monsterinsights best wordpress plugin for google analytics

Here’s what you can do with the addon:

  • Anonymize user’s IP address Google Analytics hits
  • Disable UserID tracking on Google Analytics
  • Disable demographics and interest reports for advertising (Google Ads) and remarketing tracking in Google Analytics
  • Automatically disable author tracking Google Analytics and custom dimensions addon
  • Enable ga() compatibility mode
  • Allow AMP addon users to agree with the Google AMP consent box before tracking their data
  • Easy integration with CookieBot and Cookie Notice WordPress plugins

To access the addon, go to Insights » Addons » EU Compliance. Then install and activate the addon.

Once the addon is activated, go to Insights » Settings » Engagement and scroll down to EU Compliance. Here you can change the settings and disable different tracking features in Google Analytics to comply with CCPA.

eu-compliance-settings-panel

Step 2: Create an Opt-Out Consent Box

After setting up MonsterInsights and its EU Compliance addon, the next thing you’ll need to do is create an opt-out consent box. That’s because one of the rights in CCPA is that user’s can opt-out from websites sharing their data with third parties.

And a simple way of creating an opt-out consent box is by using free WordPress plugins like CookieBot or Cookie Notice. Both these plugins offer a built-in option to set up an opt-out consent box and they easily integrate with MonsterInsights as well.

For instance, CookieBot scans your site and creates a cookie declaration link that you can place on your website. Not only that, it also creates a Do Not Sell My Personal Information document that you can link to make sure you comply with CCPA requirements.

Step 3: Update Your Privacy Policy

Besides adding an opt-out consent box, you’ll also need to update your privacy policy. This is important because under CCPA, California citizens have the right to be informed.

You can start by informing your visitors that the website uses Google Analytics. Then describe what personal information Google Analytics collects about your visitors. You’ll also have to explain the purpose of the data you collect, how you use it, and if it’s shared with any third party.

Your updated privacy policy should also include details about the different cookies you use to track your reader’s information. Lastly, you can outline the process that users can take if they want to see their stored data and how can it be deleted from your website.

FAQs about CCPA and Google Analytics

Now let’s take a look at some frequently asked questions about Google Analytics and CCPA.

1. Are Cookies Personal Information Under CCPA?

Any cookie that tracks personally identifiable information such as your IP address, age, gender, browser type, operating system, and more can be said to contain personal information under CCPA.

So, you should clearly disclose and explain the purpose of cookies to your users. Plus, plugins like CookieBot and Cookie Notice can help you organize them and add an opt-out consent box for your WordPress site.

2. Does Google Analytics Collect Personal Information?

Google Analytics uses User ID, Client ID, and cookies to track the behavior of your users when they land on your website. This means that Google Analytics collects personal information under CCPA. But with MonsterInsights EU compliance addon, you can make sure Google Analytics complies with the new law.

3. CCPA – What Should Corporations Need to do if They Use Google Analytics?

If your business meets the requirements of CCPA and is using Google Analytics, then you have to ensure that Analytics complies. We’ve outlined some of the steps in this post that you can use to meet CCPA and avoid any risk of penalties.

In Conclusion

CCPA is now enforceable by law from July 1, 2020, and applies to any business that provides web services to the residents of California.

And if you meet the requirements for CCPA and use Google Analytics, then with MonsterInsights, you can easily comply with the new law. Just use its EU Compliance addon and disable tracking with a few clicks of a button.

That’s it!

We hope you found our article on how to make sure your Google Analytics complies with CCPA useful. If you want, you can also check out our guide on MonsterInsights vs. Google Analytics.

For more tutorials like this, follow us on Twitter and Facebook for more Google Analytics tutorials.

Want to Try MonsterInsights for Free?

Enter the URL of Your WordPress website to install MonsterInsights Lite.

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.