Is a Privacy Policy Required?
Yes. When you sign up for Google Analytics, you consent to their Terms of Service to “...post a Privacy Policy and that Privacy Policy must provide notice of your use of cookies that are used to collect traffic data….” Section 7 also states that “You will have and abide by an appropriate Privacy Policy….” Bottom line is, if you have a website and you’re running Google Analytics on it, then you must include a privacy policy.
“You will have and abide by an appropriate privacy policy and will comply with all applicable laws relating to the collection of information from visitors to your websites. You must post a privacy policy and that policy must provide notice of your use of a cookie that collects anonymous traffic data.”
Further from just adding a privacy policy, section 7 also prevents you from passing “information to Google that Google could use or recognize as personally identifiable information [PII].” This means your Google Analytics data cannot collect names, email addresses, billing information, etc. Oftentimes, marketers don’t realize they are collecting PII, and sending this into Google Analytics. Doing an audit on your GA account or setting up a custom alert on PII would help identify these issues. The consequences could result in your GA data being wiped for violating this section.
How to Create a Privacy Policy
When looking to create a privacy policy, you’ll need to consider a few pieces of information. This is why you can’t always use a generic sample; there will be pieces of information that are specific to your website and data collection. You’ll need to know what kind of data is being collected, how this data will be used by the company, and how it will be sent to any third-party vendors. Additionally, you’ll need to give instructions to your users on how they can modify their personal information or how to opt out. Another piece of information to add is identifying its effective date and how to notify users of any changes to your privacy policy. Here is our privacy policy as an example.
Next Steps
You can write your own privacy policy or you can reach out to our team of analysts to run a full data integrity audit, which includes generating a Google Analytics privacy policy and checking for any PII being collected. This will include any other services you may be using for data collection such as Facebook, Google Tag Manager, Adwords, Taboola, etc. In addition, it will include an opt-out section for users who decide to opt out.