assorted-color security cameras

Photo by Lianhao Qu on Unsplash

I am not a lawyer and this is not legal advice. I’m only sharing how I navigated privacy legislation and attempted compliance on a personal website.

I recently revamped my personal website to connect more closely to my “second brain” which is in Obsidian. It’s now published via Obsidian Publish. I’m pretty happy with it so far!

As I polished it up, I realized that I wanted to understand how readers read, interacted, and understood, especially as they go through the digital garden part of the site, hence my exploration of website tracking tools.

Privacy regulations have changed

As a data professional, I already knew that the privacy landscape has changed dramatically, including GDPR in the European Union, CCPR in the US State of California, and a whole host of privacy regulations across ASEAN. Even though my site as small, I wanted to make it as transparent and privacy-friendly.

Exploring website tracking solutions

I used to use (and may eventually move over to1) a self-hosted version of Plausible Analytics for privacy-friendly Google Analytics. However, it is still tracking that I need to disclose on my privacy policy, and I’m not sure about whether self-hosting analytics solutions is really that responsible compared to relying on services who have teams looking after the security of their data.

So, I’ve decided to take a look at the oft-maligned Google Analytics to see if I can use the new Google Analytics 4 in a more privacy-friendly way, while providing me with free, simple, easy-to-use, and reliable website analytics.

Nerfing Google Analytics

I’ve done quite a bit of research into the various configuration options, and I’ve settled on the following adjustments (read: nerfs), to make Google Analytics just do website analytics without all the other stuff.

By default, here are some assurances:

Here are some of the adjustments that need to be made to the analytics itself:

  • Configured extra features in the initial config call, such as:
    • disabling Google Signals which allows Google to infer interests and other demographics for ad targeting,
    • disabling ad personalization signals which allows the events from the tag to be used to personalize ads served to that user.
    • enabling restricted data processing which disallows using it for various re-marketing purposes
    • disabling URL passthrough which is a way to track across sessions without using cookies.
// Load Google Analytics with optional features disabled
gtag('config', ga_measurement_id, {
	'allow_google_signals': false,
	'allow_ad_personalization_signals': false,
	'restricted_data_processing': true,
	'url_passthrough': false
});
  • Enabled consent mode for google analytics, with ad_storage always set to false since I had no use for the analytics, and analytics_storage being opt-in for European Union + UK users (due to GDPR) and opt-out for everyone else.
// Consent Setup
// Default: Opt-Out of Analytics
gtag('consent', 'default', {  
	'ad_storage': 'denied',  
	'analytics_storage': 'granted'
});
// European Union and the United Kingdom: Opt-In to Analytics
gtag('consent', 'default', {
	'ad_storage': 'denied',  
	'analytics_storage': 'denied',
	'region': ['BE', 'BG', 'CZ', 'DK', 'DE', 'EE', 'IE', 'GR', 'GB', 'ES', 'FR', 'HR', 'IT', 'CY', 'LV', 'LT', 'LU', 'HU', 'MT', 'NL', 'AT', 'PL', 'PT', 'RO', 'SI', 'SK', 'FI', 'SE']
});
  • Added a tracking consent banner that asks users whether to accept or reject tracking, that then modifies the default consent settings based on whether users accepted or rejected the tracking by setting:
    • the following for when consent is granted (with the consent lasting for 365 days to make it finite), and
gtag('consent', 'update', {'analytics_storage': 'granted'});
Cookies.set(consent_cookie, 'accept', { expires: 365 });
  • the following for when consent is not granted. Adding the window variable is important because even when denied, GA4 still sends “cookieless pings” for modelling which for me is a gray area but still a form of tracking I don’t need.
window[`ga-disable-${ga_measurement_id}`] = true;
gtag('consent', 'update', {'analytics_storage': 'denied'});

Some options that need to be configured on the Google Analytics Property:

  • Disabled granular location data which collects city-level data (not the actual geolocation) and some user agent and device model information. These are not directly sensitive but may be used for fingerprinting, so I’ve decided to do away with it since I have no real use for this information.
  • Turned off all data sharing with Google. Any data sharing needs to be disclosed to users and I had no real use for sharing this information with Google since I did not use digital ads nor serve them on my site. I still linked it to Search Console as that only shared limited data for SEO optimization which I need.
  • Set a retention period. I use 14 months because I want to see seasonality in the data, and I disclosed that in my privacy policy.

I added a section to my privacy policy

I’ve written down, in as clear language as possible, how I do this in my Privacy Policy. In it, I attempt to explain:

  • what tools I used to process data,
  • what data those tools collect,
  • what uses I have for that data,
  • how long I retain that data, and
  • what uses I prohibit for the data.

This is the section I have for Google Analytics:

Google Analytics Privacy Policy

I use Google Analytics to understand how users use the website, navigate through the content, and subscribe to the newsletter. This allows me to improve the website’s content, understand pain points in navigating the site, and make a more compelling newsletter.

I do not collect or link any personally identifiable information, including the email collected for the newsletter to this traffic. My use case requires only aggregated and anonymized data and not any specific user’s activity.

All of the following have been done to ensure that we protect privacy as much as possible:

  • Google Signals measurement is disabled
  • Google Ad Personalization is disabled
  • Restricted Data Processing is enabled
  • URL Passthrough is disabled
  • Data Sharing is disabled except for sharing anonymized statistics with Google Search Console, to improve the discoverability of my website.

Consent mode is activated in the website. For users in the European Union, consent is opt-in, while consent is opt-out for the rest of the world.

Data is retained for a period of 14 months, to ensure that I can understand the trends in seasonality and be able to provide good content at the right time.

I believe it’s clear and transparent enough that anyone coming into the website should be able to understand collection and use. I think it’s definitely better than those auto-generated ones full of legalese.

  1. If I ever move back to Plausible, I’m just going to pay for their hosted version. ↩︎