DEV Community


Discussion on: Clarifying GDPR

domysee profile image
Dominik Weber

If you have anonymizeIP enabled, then no, they don't have to agree. GA took precautions, they trim the IP on EU servers. Also they assure you (I think in their ToS) that they don't store the original IP address.
This means they don't have any personally identifiable information, and it doesn't fall under the GDPR.
What they can't ensure though, is that users store personally identifiable information in their events. So if you do that, you have to take your own precautions. Basically you should just stop doing that. Since afaik, GA doesn't allow selective deleting of data, so as soon as a GDPR delete request comes in, you'd have to delete all of your GA data.