Can I use Google analytics without setting up "data stream"? or is it required to use? Actually, Google analytics keeps showing this warning/error in Google analytics.
In case, I use it. Would it be enough to explain in cookie consent that we are using Google analytics and storing cookies? Or I have to specify about the data stream?
Thank you
With the new GA4 you have to create a data stream otherwise you don't have the tracking code where to send the data.
For the cookie policy the legal interpretations may differ, in any case the user's IP in GA4 is always anonymized therefore a practice is to insert GA cookies as technicians (necessary) in the cookie policy (because they have no identification power). Others, to be on the safe side, place them as static cookies.
Related
I used customTask in Universal Analytics tags via tag Manager to tackle PII. After that, I regularly monitored reports in Google Analytics and found all the hits were cleaned.(i.e. PII redacted)
But I still get emails from adwords-noreply#google.com, that some of the URLs linked to particular 'remarketing lists' are violating PII.
Now there's no way to confirm that PII is actually violated. I dont know where I am supposed to look, in which section (of Adwords account or Analytics account) can I see the URLs being passing PII info to Google?
This is what I'm seeing in GA reports:
https://siteurl/u/password-reset/reset?email=ja[ REDACTED EMAIL]l.com&authenticationCode=8127489044212
this is what is sent in the violation email:
https://siteurl/u/password-reset/reset?email=jack#emabell.com&authenticationCode=8127489044212
If I have redacted the PII using tag manager, do I still need to do something in the Adwords account ?
It turns out that custom fields cannot be added with tag type- 'AdWords Remarketing', due to which I couldn't run my redacting logic using 'customTask'.
Hence I created a customHTML tag and fired it on the 'Page View' event which filtered all the URLs
PII in GA is of a serious concept. Eventually, Google might delete your data.
I usually solve this by using filters in GA View. This is like a last line of defence
Guide on how to setup is here
https://www.internetrix.com.au/blog/google-analytics-pii-safe-guarding-emails-2/
Is it possible to get the info about website traffic without Google Analytics, for example?
For tracking without Javascript you can use the Measurement Protocol, i.e. you send a request to the Google Analytics Server with query parameter that specify the type of interaction (pageview, event etc) and the data you want to track.
General info is found in the protocol reference, a list of valid parameters is here, and if you want to test your tracking requests you can use the hit builder, which allows you to assemble, validate and send a hit to Google Analytics.
As for tracking without cookies that probably won't work very well. You need a persistent id to assemble hits into sessions, and sessions into visits. Such an ID is usually stored in a cookie (your "no javascript" requirement means that things like local storage are out of the question). You can either decorate all your links with a client id and use that to persist the parameter from page to page, or you use some sort of server-side browser fingerprinting.
All in all this might be somewhat less trivial than you assume, especially if you do not only want to track pageviews but also events that do not load a new page.
The old lagacy ga.js is generating __UTMZ cookie but latest analytics.js not generating __UTMZ cookies.
What is the reason behind it and how can i get __UTMZ cookie value from analytics.js
The "classic" GA version set cookies because much information, including campaign attribution, was precomputed on the client side, stored in cookies between pageviews and sent with every request to the Google Analytics server.
With Universal Analytics there is no more client side processing, all information is evaluated on the Google servers. This was necessary to make good on the "universal" part of the name - Universal Analytics runs on clients that do not execute Javascript, so precomputing information on the client was not an option.
So Universal Analytics does not set utm* cookies (it uses a single cookie to store the client id), you cannot make it do so (in any meaningful fashion), and if you want to extract campaign information you have to save it yourself in cookies (and then you cannot be quite sure that this matches the attribution in the GA interface).
Can you set up alerts in Google Analytics to flag potential PII/NPI such as name, email address, billing address, billing details etc.? If so, how?
First I have do say I do not understand the downvote(s). For example I have seen applications with user logins where a full name was part of the page title - combined with time based dimensions that gave profile that say which user looked at what page at what time, and that would be clearly illegal. Even worse I have seen a case where security tokens were transmitted to GA that allowed access to secured resources. So clearly accidental transmission of PII to Google Analytics is a real thing.
Unfortunately there is not much you can do about it. You can either do a custom report with relevant dimensions and have it sent to you for a manual audit, or pull them via the API and have them programmatically examined via regular expressions that look for patterns like e-mail addresses etc. But by the time you can do that it is already to late, the data will already be permanently recorded in the GA property.
You have to stop this before the data is collected - if at all possible already in the website (via form validation etc), or use Google Tag Manager with custom javascript variables with validation rules, or filters in the analytics view (the latter being cumbersome and not very promising for this purpose).
The good news is that GA will not suddendly start to track PII on it's own. So you only need to check if your GA account tracks PII when you set up the account. Collect a few days data, validate that everything is okay, make changes as necessary and after all flaws are straightened out copy the view to start data collection from scratch and drop the old view if it contains PII.
Have the below parameters in collect.gif. Not sure why utma,utmz and utmht parameters gets passed in collect.gif. Could anyone explain about it.
fl:14.0 r0
_utma:183250937.727261133.1403674305.1403674305.1403678301.2
_utmz:183250937.1403678301.2.2.utmcsr=testsrc1|utmccn=testcamp1|utmcmd=testmed1
_utmht:1403679675665
_u:MACCAAQ~
cid:727261133.1403674305
_utma, _utmz, and _utmht are part of the ga.js cookie collection that Google Analytics sets up to gather session and traffic information (duration, number of visits, where traffic is coming from, etc).
After the upgrade, analytics.js only uses one cookie to store information, _GA. If you're seeing these parameters in your GET request, that means you still have the old ga.js cookies sitting around. Clear your cookies, and these parameters will disappear from the request.
Google's developer documents has lots of information on their use of cookies with Google Analytics if you care to read about how these cookies used to be used and what the _GA cookie does.