Anonymize IP addresses in Google Analytics

If you use Google Analytics on your website and are in scope of the GDPR, make sure to use the anonymizeIP flag.

An IP address is in fact considered personal data and with analytics you’re collecting it without consent.

Personal data

The GDPR defines ‘personal data’ as any information relating to an identified or identifiable natural person (CHAPTER I, General provisions, Article 4. Definitions).

Since natural persons may be associated with online identifiers […] to create profiles of the natural persons and identify them (Recital #30), IP addresses are a form of personal data.
This is confirmed by the European Commission as you can read on this page.

Personal data and analytics

If your website stores or let a provider, like Google, store personal data (IP address) associated with analytics data, you’re violating the GDPR because you’re doing so without consent or other legal basis.

Moreover, you’re violating the Google Analytics terms of service, that states Analytics customers are not allowed sending personal information to Google.

Google Analytics settings

Since 2010 Google provides a way to anonimize the IP of the visitors, and while the feature is not connected to the GDPR, it’s important for being compliant.
It’s not active by default though and the user must explicitly enable it. More information can be found directly at this Google page.

If you’re running a CMS, you’re probably using a plugin for Google Analytics, and you should make sure the configuration options of the plugin respect the new requirement.

What about your website?

The target date for the new regulation is in few days.
Is your website compliant with it?

Read more about GDPR and contact us for information and help.