Can I store user ids with google analytics? - google-analytics

I want to track how individual user navigate through a website. Using Google Analytics I can use custom variables so in theory I can use the user ids to track individual users. However, according to the terms of service of Google Analytics I can't use GA to track, collect or upload any data that personally identifies an individual (Section 7. privacy). Does a user id classifies as data that personally identifies an individual? I merely want to use it to link the data from Google Analytics with our own data.

Storing user IDs is probably a violation of section 7, but there are other ways around this problem.
Section 7 of the ToS states:
You will not (and will not allow any third party to) use the Service to track, collect or upload any data that personally identifies an individual (such as a name, email address or billing information), or other data which can be reasonably linked to such information by Google.
While sending Google information that is personally identifiable is simply not permitted, you can instead send an identifier which is known only to you. In fact Justin Cutroni (Analytics Evangelist at Google) has confirmed this in this article.
I've recently written up my current thinking on this with some a couple of world examples:
"Identifying your users in Google Analytics while complying with section 7 of the terms of service"

I'd say it does. It doesn't matter what you intent to do or not. The fact that you have the possibilty to map the id back to the person is enough.
Additionally: I'm not a lawyer but I'd say if you are tracking such data (with whatever technical means) it has to be in the terms of your website and signed by the user.

Personally identifiable information would be something like a name, phone number or email address. You'd be okay to store hashed information about this user in Google Analytics and then decrypt offline. E.g. You can store a hash of the user's name in Google Analytics and then decrypt offline.
You also may want to check you've the correct privacy policy in place and follow these rules: https://developers.google.com/analytics/devguides/collection/protocol/policy

You can use non obfuscated alphanumeric database identifiers that you might create for your visitors. Another acceptable option is to pass to Google Analytics an encrypted identifier that is based on PII that is not Protected Health Information (as defined under HIPAA), as long as you use the proper encryption level. Google has a minimum hashing requirement of SHA256 and strongly recommends the use of a salt, minimum 8 characters.
https://developers.google.com/analytics/solutions/crm-integration#user_id

Related

Google analytics, can you get a list of all user with an accompanying unique ID?

I'm (very) new to Google Analytics and somewhat to API's - so excuse my ignorance.
I'm trying to understand if there is a way to get a list of all users (who visited our site) that have an accompanying unique ID. A unique ID that would allow me, for example, to create a relationship between the user and their location, or the user and their device.
Using the query explorer I cannot see if this is possible.
No, Google analytics does not store user identifiable information in this manner.
If you are storing your internal system user id ad a custom dimension then you could get that back.
You should consult Best practices to avoid sending Personally Identifiable Information (PII)
To protect user privacy, Google policies mandate that no data be passed to Google that Google could use or recognize as personally identifiable information (PII). PII includes, but is not limited to, information such as email addresses, personal mobile numbers, and social security numbers. Because laws across countries and territories vary, and because Google Analytics can be used in many ways, consult an attorney if you are in doubt whether certain information might constitute PII or not.

Friendly way to identify users in Firebase Analytics beyond UserID?

I'm new to Firebase Analytics (or analytics in general). We have a new app with a few customers, <100.
We are attempting to get a more indepth look at our user behavior. We are currently passing the Firebase user's ID and various properties (their role, organization, etc.) but it's difficult to know "who" the user is. Rather than looking up the userId to match them to an individual (i.e. John Smith at Company XYZ) it would be nice to capture the user's info such as their username or email address.
Should we just pass this in as a user property? Or is Analytics really too high level for this and we should be looking at something else if we want individual usage history like this?
You shouldn't pass any information which a third party (incl. Google) could recognize as personally identifiable information to Firebase Analytics. In fact its against their policy. See https://firebase.google.com/terms/analytics#7_privacy
You can track personally identifiable information in your own infrastructure but should be careful exposing it to any third party.
There is also a note on the Firebase Analytics set user id documentation https://firebase.google.com/docs/analytics/userid

Universal Analytics clientId vs userId

The docs describe the clientId as:
This anonymously identifies a particular user, device, or browser instance.
https://developers.google.com/analytics/devguides/collection/protocol/v1/parameters#cid
It can be used to send server side hits to analytics while still tying them to a particular user.
There is also a feature in closed beta called userId, which you will be able to pass once a user has authenticated: https://developers.google.com/analytics/devguides/collection/analyticsjs/user-id
userId is fairly self-explanatory. However, UA also allows you to pass your own clientid if you choose to. For developing CRM type tools, can one just associate the clientid with a user in the same way that you would with a userid? The goal is primarily to be able to track offline interactions and connect them with visitors in Analytics.
maembe,
clientID is a random number generated by Google Analytics, and keep in mind it's always required and its value should always be a random UUID (version 4) (you could technically use your own, but I am not sure how practical and reliable this would be). Most importantly, you can easily access it with predefined get function (see documentation).
For your needs, this is exactly what you should do -- if someone sings ups, store ClientID in your CRM and then if there is any offline purchase, record the transactions with measurement protocol using the stored clientID. Google Analytics will then make the link (attribution) with that visitor and you will see this in your reports. Also, take advantage of newly available custom metrics and dimensions which can store pretty much anything you want (think of customer segmentation etc.). Beware of storing PII though.
Hope this helps :)
I am curious how UserID is going to work, it might change everything, but for now, I wouldn't rely on it as there is very little information available.
This Analytics support page now states the differences between Client ID and User ID - https://support.google.com/analytics/answer/6205850?hl=en#clientid-userid
Essentially client IDs represent unauthenticated users, and are automatically randomly generated.
User IDs represent authenticated users, and must be set manually.
It's worth noting that user IDs cannot be things like an email address, or other data that would allow Google to identify the user
You will not upload any data that allows Google to personally identify an individual (such as certain names, Social Security Numbers, email addresses, or any similar data), or data that permanently identifies a particular device (such as a unique device identifier if such an identifier cannot be reset).
If you upload any data that allows Google to personally identify an individual, your Google Analytics account can be terminated, and you may lose your Google Analytics data.
Taken from: https://developers.google.com/analytics/devguides/collection/protocol/policy
I'd imagine User ID is designed to differentiate the behavior of an authenticated user. here

is it against google analytic's terms of service to send data to google to identify visitors?

i'm using google event tracking on our website, and would like to send the email address used in our newsletter subscription form in the event tracking call so I can see what events visitors have completed on our site.
Is this allowed by google's terms of service? I remember reading somewhere that this is not allowed, but can't find the reference anymore.
If it is against google's TOS, should I store some unique key for the email address on our server instead and then send this key in the event tracker?
thanks!
This is absolutely restricted by their terms of service. You cannot store any personally identifiable information. Even storing a unique key is generally seen as violating this rule.
7. PRIVACY . You will not (and will not allow any third party to) use
the Service to track or collect
personally identifiable information of
Internet users, nor will You (or will
You allow any third party to)
associate any data gathered from Your
website(s) (or such third parties'
website(s)) with any personally
identifying information from any
source as part of Your use (or such
third parties' use) of the Service.
You will have and abide by an
appropriate privacy policy and will
comply with all applicable laws
relating to the collection of
information from visitors to Your
websites. You must post a privacy
policy and that policy must provide
notice of your use of a cookie that
collects anonymous traffic data.
This isn't legal advice, but, on its face, what you're describing is not allowed. What that means for you is between you and your lawyers.

Using Google Analytics to Track User Session

I have a PHP (5+) based website.
I want to track registered users of my site using Google Analytics. I basically just wish to grab their session id (or some way to identify each specific user)and view their movements and site usage from my Google Analytics dashboard.
Can this be done? If so, any guidance would be most welcome.
I believe the best way to do this is via a custom variable:
_setCustomVar(index, name, value, opt_scope)
It would be up to you to identify the 'value' as a unique session id for the user.
The scope in your case would be either session(2) or visitor(1) depending on how you want to track it.
http://code.google.com/intl/en/apis/analytics/docs/tracking/gaTrackingCustomVariables.html#setup
Technically you are able to store the username as a custom variable, but doing so violates the Google Analytics Terms of Service (ToS). Among other things, the (paraphrased) ToS states that you aren't allowed to store anything in Google Analytics that allows you to identify who the visitor is. This typically applies to usernames, IP addresses, phone numbers, etc.
If you decide to ignore the ToS and store the data anyway, it exposes YOU (not Google) to all kinds of data protection & PII laws. Especially in the EU.
If you have some budget money to work with, the best way to see the information you're looking for is to use an on premises web analytics software package that can process Google Analytics data. When you keep your data on premises, it alleviates many of the data privacy / protection / PII laws.

Resources