It’s almost the 25th of May, so it’s a bit of a rush. But I am looking into the required changes for the javascript code of Google Analytics to get it GDPR compliant.
As you probably know by now, GDPR stands for General Data Protection Regulation which should protect the European website visitors more and will probably benefit the privacy of others too.
Google has send an e-mail about that you have to accept a data processing amendment. Which is the first step for GDPR. The second one requires a change in the source code of your website! I thought it is not emphasized enough online. So that is why I wrote this blog.
IP Anonymization in Analytics
It’s required by law to make sure that you do not send the last octet of the IPv4 address (or the last part of IPv6 addresses) from the visitor to Google. Or to have them ignore it actually.
source: autoriteit persoonsgegevens – handleiding privacyvriendelijk instellen google analytics maart 2018
However the official Google documentation says that you just have to add a query parameter to the url of the .js file
https://support.google.com/analytics/answer/2763052?hl=en
the aip parameter should have a one (true)
&aip=1
But it’s also possible that you have some legacy js and have to do it like this line:
_gaq.push (['_gat._anonymizeIp']);
So look into your current analytics JavaScript code and make the change. The pdf of the Dutch authority of personal data also lists that you should make a screenshot of the code and the date and time that the change went live as a proof that you made the change before the law was in state. Which is not solid evidence, so I do not understand why they suggest it.
https://www.google-analytics.com/analytics.js?aip=1
But good luck making everything in order for the upcoming GDPR!