![assorted-color security cameras](https://images.unsplash.com/photo-1557597774-9d273605dfa9?crop=entropy&cs=tinysrgb&fit=max&fm=jpg&ixid=M3wzNjAwOTd8MHwxfHNlYXJjaHw1fHxwcml2YWN5fGVufDB8MHx8fDE2ODQ2MzkyODh8MA&ixlib=rb-4.0.3&q=80&w=1080) _Photo by [Lianhao Qu](https://unsplash.com/@lianhao?utm_source=Obsidian%20Image%20Inserter%20Plugin&utm_medium=referral) on [Unsplash](https://unsplash.com/?utm_source=Obsidian%20Image%20Inserter%20Plugin&utm_medium=referral)_ > [!warning] I am _not_ a Lawyer > This is not legal advice. I'm only sharing how I navigated privacy legislation and attempted compliance on a personal website. I recently revamped my personal website to connect more closely to my "second brain" which is in [[Obsidian]]. It's now published via [Obsidian Publish](https://publish.obsidian.md). I'm pretty happy with it so far! As I polished it up, I realized that I wanted to understand how readers read, interacted, and understood, especially as they go through the [[🪴 Garden|digital garden]] part of the site, hence my exploration of website tracking tools. ## Privacy regulations have changed As a data professional, I already knew that the privacy landscape has changed dramatically, including [[GDPR]] in the [[European Union]], [[CCPR]] in the US State of [[California]], and a whole host of privacy regulations across [[ASEAN]]. Even though my site as small, I wanted to make it as transparent and privacy-friendly. ## Exploring website tracking solutions I used to use (and may eventually move over to[^plausible]) a [[Stack Upgrades|a self-hosted version of Plausible Analytics]] for privacy-friendly Google Analytics. However, it is still tracking that I need to disclose on my privacy policy, and I'm not sure about whether self-hosting analytics solutions is really that responsible compared to relying on services who have teams looking after the security of their data. So, I've decided to take a look at the oft-maligned [[Google Analytics]] to see if I can use the new [[Google Analytics 4]] in a more privacy-friendly way, while providing me with free, simple, easy-to-use, and reliable website analytics. ## Nerfing Google Analytics I've done quite a bit of research into the various configuration options, and I've settled on the following adjustments (read: nerfs), to make Google Analytics just do website analytics without all the other stuff. By default, here are some assurances: - IP addresses are not logged or stored as long as you [use the new GA4 tags](https://support.google.com/analytics/answer/9019185?hl=en#zippy=%2Cin-this-article). Here are some of the adjustments that need to be made to the analytics itself: - Configured [extra features](https://developers.google.com/tag-platform/devguides/privacy?sjid=5699448068537016771-AP#other_privacy_parameters) in the initial `config` call, such as: - disabling Google Signals which allows Google to infer interests and other demographics for ad targeting, - disabling ad personalization signals which allows the events from the tag to be used to personalize ads served to that user. - enabling restricted data processing which disallows using it for various re-marketing purposes - disabling URL passthrough which is a way to track across sessions without using cookies. ```js // Load Google Anaytics with optional features disabled gtag('config', ga_measurement_id, { 'allow_google_signals': false, 'allow_ad_personalization_signals': false, 'restricted_data_processing': true, 'url_passthrough': false }); ``` - Enabled [consent mode](https://support.google.com/analytics/answer/9976101?sjid=5699448068537016771-AP) for google analytics, with `ad_storage` always set to false since I had no use for the analytics, and `analytics_storage` being opt-in for European Union + UK users (due to GDPR) and opt-out for everyone else. ```js // Consent Setup // Default: Opt-Out of Analytics gtag('consent', 'default', {  'ad_storage': 'denied',  'analytics_storage': 'granted' }); // European Union and the United Kingdom: Opt-In to Analytics gtag('consent', 'default', { 'ad_storage': 'denied',  'analytics_storage': 'denied', 'region': ['BE', 'BG', 'CZ', 'DK', 'DE', 'EE', 'IE', 'GR', 'GB', 'ES', 'FR', 'HR', 'IT', 'CY', 'LV', 'LT', 'LU', 'HU', 'MT', 'NL', 'AT', 'PL', 'PT', 'RO', 'SI', 'SK', 'FI', 'SE'] }); ``` - Added a tracking consent banner that asks users whether to accept or reject tracking, that then modifies the default consent settings based on whether users accepted or rejected the tracking by setting: - the following for when consent is granted (with the consent lasting for 365 days to make it finite), and ```js gtag('consent', 'update', {'analytics_storage': 'granted'}); Cookies.set(consent_cookie, 'accept', { expires: 365 }); ``` - the following for when consent is not granted. Adding the `window` variable is important because even when denied, GA4 still sends "cookieless pings" for modelling which for me is a gray area but still a form of tracking I don't need. ```js window[`ga-disable-${ga_measurement_id}`] = true; gtag('consent', 'update', {'analytics_storage': 'denied'}); ``` Some options that need to be configured on the Google Analytics Property: - Disabled [granular location data](https://support.google.com/analytics/answer/12002752?hl=en&utm_id=ad) which collects city-level data (not the actual geolocation) and some user agent and device model information. These are not directly sensitive but may be used for fingerprinting, so I've decided to do away with it since I have no real use for this information. - Turned off [all data sharing with Google](https://support.google.com/analytics/answer/1011397?sjid=5699448068537016771-AP#zippy=%2Cin-this-article). Any data sharing needs to be disclosed to users and I had no real use for sharing this information with Google since I did not use digital ads nor serve them on my site. I still linked it to [Search Console](https://support.google.com/analytics/answer/10737381?hl=en) as that only shared limited data for SEO optimization which I need. - Set a retention period. I use 14 months because I want to see seasonality in the data, and I disclosed that in my privacy policy. ## I added a section to my privacy policy I've written down, in as clear language as possible, how I do this in my [[Privacy Policy]]. In it, I attempt to explain: - what tools I used to process data, - what data those tools collect, - what uses I have for that data, - how long I retain that data, and - what uses I prohibit for the data. This is the section I have for Google Analytics: > [!quote] Google Analytics Privacy Policy > > I use [Google Analytics](https://analytics.google.com/) to understand how users use the website, navigate through the content, and subscribe to the newsletter. This allows me to improve the website's content, understand pain points in navigating the site, and make a more compelling newsletter. > > I do not collect or link any personally identifiable information, including the email collected for the newsletter to this traffic. My use case requires only aggregated and anonymized data and not any specific user's activity. > > All of the following have been done to ensure that we protect privacy as much as possible: > - Google Signals measurement is disabled > - Google Ad Personalization is disabled > - Restricted Data Processing is enabled > - URL Passthrough is disabled > - Data Sharing is disabled except for sharing anonymized statistics with Google Search Console, to improve the discoverability of my website. > > [Consent mode](https://support.google.com/analytics/answer/9976101?hl=en) is activated in the website. For users in the European Union, consent is opt-in, while consent is opt-out for the rest of the world. > > Data is retained for a period of 14 months, to ensure that I can understand the trends in seasonality and be able to provide good content at the right time. I believe it's clear and transparent enough that anyone coming into the website should be able to understand collection and use. I think it's definitely better than those auto-generated ones full of legalese. [^plausible]: If I ever move back to Plausible, I'm just going to pay for their hosted version.