DEV Community


Discussion on: Clarifying GDPR

george profile image
George Nance

So wait, does this mean that having Google Analytics on your page is against the GDPR is they didn't agree to it?

jvanbruegge profile image
Jan van Brügge

The question is if your analytics collect personally identifiable information, such as IP addresses.

domysee profile image
Dominik Weber

If you have anonymizeIP enabled, then no, they don't have to agree. GA took precautions, they trim the IP on EU servers. Also they assure you (I think in their ToS) that they don't store the original IP address.
This means they don't have any personally identifiable information, and it doesn't fall under the GDPR.
What they can't ensure though, is that users store personally identifiable information in their events. So if you do that, you have to take your own precautions. Basically you should just stop doing that. Since afaik, GA doesn't allow selective deleting of data, so as soon as a GDPR delete request comes in, you'd have to delete all of your GA data.