Preventing PII from being tracked in Google Analytics

Posted: March 10, 2018

Google doesn’t allow PII (Personally Identifiable Information) to be tracked in Google Analytics. You can have your Google Analytics account suspended if you don’t abide by the rules.

This means you can’t have URLs with parameters containing usernames, email or IP addresses, phone numbers being submitted to Google Analytics (or AdWords Remarketing).

Google provide some helpful Best Practises information, but their suggestions often rely on rewriting your web application so that PPI aren’t displayed in the URL.

This work-around script works by only including Google Analytics tracking snippet if the URL does not include email, username or password strings. The exact strings could easily be modified to suit your needs (maybe add phone?)

<script>
  window.ga=function(){ga.q.push(arguments)};ga.q=[];ga.l=+new Date;
  ga('create','UA-XXXXX-Y','auto');ga('send','pageview')
</script>
<script>
  if(location.href.match(/(?:\b|_)(?:username|email|password)(?:\b|_)/i) > -1){
  document.write('<script src="https://www.google-analytics.com/analytics.js" aysnc><\/script>');
  }
</script>

Demo - this page loads Google Analytics as normal

If you include params with PII (email, username or password) the URL Google Analytics will not load:

• ?username=redacted%40example.com&password=Z0CS9

• ?userName=redacted%40example.com&token=9234

• ?email=redacted%40example.com&token=%3%tX

Note; the optimized Google Analytics snippet is from HTML5Boilerplate

If you have any suggestion on how to improve this - please open a PR on GitHub

Disclaimer: This should be considered a temporary workaround. PII will still be in the URLs - make sure that those URLS are not being submitted to any other third-party service.

Comments

Bryan SSM

June 27, 2018

Hi Christian,

I implemented this script so that PII doesn’t get pulled into GA, but I’m having trouble getting it to fire correctly. What if I have “email_address” as a parameter getting pulled into GA? Could I just add “email_address” to your custom script? So something like this:

username

email

password

email_address

Thoughts?

Christian Oliff

June 29, 2018

Hi Bryan SSM - Yes, exactly - you could do that and it should work as expected.

Eve Hunt

March 25, 2019

I was just looking for this info for a while. After 6 hours of continuous Googleing, finally I got it in your web site. I wonder what’s the lack of Google strategy that do not rank this type of informative websites in top of the list. Generally the top web sites are full of garbage.

Leave a Comment

Your email address will not be published. Required fields are marked *

Loading...

Comment *

Name *

Email address *

Website (optional)

Submit Comment