The smart way to anonymize user data and use consent mode in Google Analytics 4 using GEO headers

To stay compliant with privacy regulations, website owners in Europe and a few other countries have to implement a consent mode that is designed to ask for user consent before any platforms can record data about a user. Moreover, in specific European countries, anonymizing user parameters is obligatory to prevent fingerprinting. These essential measures significantly impact the data quality of Google Analytics and other analytics tools. 

This blog post will discuss how you can improve data quality using stape’s GEO headers power-up.

Why user data in GA4 is essentialCopy link to this section

In 2022 data protection regulators in a few European countries (Italy, France, Denmark, Austria) concluded that using Google Analytics 4 violates GDPR law. The main reason is that Google, a company registered in the United States, can access EU user data. 

User data transfer is only lawful under the GDPR when the data protection rights of the user can be adequately protected. This is not the case with the data transfer to the United States after the breach of Privacy Shield. 

In some cases, Google uses European servers for hosting Google Analytics 4 data, but it does not help to make GA4 GDPR compliant. The main reason is that Google holds the key to the data encryption even if data is stored in Google European servers and can be required to hand them over to the United States.

No default measures from Google's side, like IP anonymization, are considered strong enough to make using Google Analytics legal. 

What are possible solutions:

• Remove GA4 from your website. 
• Make GA4 GDPR compliant.

Here we’ll focus on the last option since removing GA4 from the website might not fit most of the businesses that use Google Ads to promote their products or do not want to purchase other analytics tools.

French data processing regulators have a great explanation of how to make use of GA GDPR compliant. There are two main aspects:

• Use an EU proxy server. When using an EU proxy server, the data first comes to the Google Tag Manager server container that plays the role of the proxy server. This server removes required Personal Identifiable Information and sends it to the analytics tools. This way proxy server plays the role of intermediatire that remove any sensitive information before GA4 has access to it. 
• Anonymization of user data. Achieving an EU proxy server is possible by using the server Google Tag Manager container with the EU sGTM hosting, which Stape provides. 

Let’s dive deeper into the topics of user data anonymization and EU proxy server using server Google Tag Manager. 

What user data to anonymizeCopy link to this section

This is the list of user data that regulators suggest anonymizing. The exact list should be communicated directly to your legal and security team. 

• IP address
• user identifier
• external referrer
• query parameters
• information that can be used to generate a fingerprint, such as user agents, to remove the rarest configurations that can lead to re-identification

The easy way to anonymize user data using stapeCopy link to this section

Anonymization is a method that conceals or eliminates any personally identifiable information (PII) within data sets. This technique permits businesses to examine data without interfering with the privacy of their users. 

Some common examples of anonymization tools include Stape Anonymizer, data encryption, and data aggregation. 

The primary objective of anonymization is to safeguard user privacy while still allowing for data analysis. By employing this approach, companies can lessen the likelihood of data breaches and maintain compliance with various privacy regulations.

Stape Anonymizer is one of the power-ups available for users. It is designed to help businesses anonymize user data in Google Analytics 4 by masking or removing personally identifiable information. 

The tool helps businesses comply with data privacy regulations like GDPR, while still enabling them to analyze data for insights. 

By using Stape Anonymizer, you can ensure you are adhering to privacy best practices and maintaining the trust of your users without sacrificing valuable analytical capabilities.

With Anonymizer you basically gain control over all the data that’s being collected and you are the one who gets to decide to which degree you would like to anonymize a certain parameter.

The user can:

• Leave IP as is and send it with no changes
• Anonymize – remove the last octet
• Anonymize strictly – remove the last 2 octets
• Anonymize smart – change IP to static IP from the same country. This option allows one to grasp all the needed information without revealing the actual IP of the customer. 

Once you select what data should be anonymized, all you need to do is replace tagging server URL of GA4 to yousite.com/anonimise. 

Can consent banners replace user data anonymization?Copy link to this section

No, consent banners and user data anonymization are not interchangeable as they serve different purposes within the scope of data privacy.

Consent banners are a tool used to inform users about the types of cookies being collected by a website or service and to gain explicit consent for this collection. 

On the other hand, data anonymization is a process that seeks to make it impossible (or at least extremely difficult) to link data back to the individual it was originally associated with. This involves removing or anonymizing personally identifiable information to protect user privacy.

In other words, obtaining consent to set cookies does not eliminate the need for data anonymization, and implementing data anonymization does not eliminate the need to obtain consent. Both are important and complementary aspects of privacy protection.

How user data anonymization and consent mode affect GA4 data qualityCopy link to this section

Data anonymization can significantly affect the quality of user data. The parameters that play a critical role are:

• User identifiers in GA. It helps GA understand that the same user is visiting your website.
• Query parameters. It helps to differentiate traffic sources, campaigns, etc, from which users came or converted or visited the website. 

This means the quality of data in GA4 will be highly affected after implementing anonymization and consent. And you should carefully choose what data to anonymize and limit data anonymization to those countries where it’s required by law.

What is GEO headers power-upCopy link to this section

GEO Headers are a crucial power-up in Stape that allows businesses to pinpoint users' locations, enabling the development of customized marketing approaches and adherence to regional privacy regulations.

When GEO Headers power-up is enabled, it adds user region, country, and city to sGTM event data. This geographical data can be used to trigger consent banners based on regional privacy regulations, such as GDPR for EU countries, ensuring compliance and transparency. 

Analyzing and segmenting data with GEO Headers provides valuable insights into user behavior and preferences across various regions, promoting data-driven decision-making. 

Lastly, GEO Headers can be used to optimize ad campaigns by targeting specific regions, resulting in improved ad performance and return on investment (ROI).

Starting using GEO headers power-up on stape is extremely easy, with just one button click. 

Once done, you will start seeing geographical data inside the header of any request in the server Google Tag Manager.

As well as the native visitor region variable.

GEO headers data can be pushed to the web GTM with the help of Data Tag’s functionality Push event to DataLayer after. 

Since both consent banner and User data anonymization will have significant effect on the data quality the best practice is to improve user data by showing consent banner and anonymising user data only for those countries where it’s required by law.

The logic works like this: the cloud server that you use GEO headers power up to understand the user country. If it sees where the user is from, let’s say Italy, GA4 data is sent to /anonymise, which means that user data is anonymised in the way that you configured it in the stape anonymisation power up. 

The same logic works for consent, when sGTM sees requests from the country where it’s not necessary to ask user consent, sGTM sends data layer push to web GTM, based on this consent can be set to granted.

If you need more detailed information on how to set up GEO header power-up, you are free to visit our article.

TransformationsCopy link to this section

New sGTM feature transformations can be a powerful tool to protect sensitive data. You can use it to exclude or modify potentially identifying information before it's processed by your tags. Basically, it’s a feature that allows us to edit the event data object itself before tags get to consume it.

It's important to note that transformations create a transformed clone of the event data object to be digested by the tags specified in the transformation. And different tags may have varying levels of access to personal data.

ConclusionCopy link to this section

In this article we have discussed the importance of anonymizing user data, what data has to be protected, and we also described possible solutions of how to stay GDPR compliant. Additionally, we talked about the consent mode, which may affect the quality of data and how consent banners and user data anonymization are not interchangeable but both important and complementary aspects of privacy protection. 

We also highlighted our power-up - GEO headers - and how it can help you to  enable the development of customized marketing approaches and adherence to regional privacy regulations. 

If you need a little help, after reading this article, don’t hesitate to contact us!