Personally Identifiable Information (PII) refers to the information that could enable someone to identify an individual personally.
It includes information like
When visitors land on your website and perform a search query or submit a form, their PII risks getting shared with GA4.
It happens because forms typically contain PIIs like first and last names and contact details.
Once submitted, the information goes to the data server, appended to the query parameters of the form submission request URL.
It creates user data privacy issues, and therefore, you must work your way to avoid it.
But what is a query parameter?
A query parameter is what comes after the question mark.
In the examples here,
example.com?email=hello@world.com
or,
example.come?firstname=john&lastname=doe
the highlighted segment shows the query parameter.
So, unless the query parameter gets redirected to a confirmation page that does not receive the parameters, all the user information in the form passes on to GA4.
Similarly, if you are using GA4 to analyze your website data without any precautionary measures, PIIs do get shared with Google.
Collecting and passing on visitor PII to analytics tools or search engines has both moral and legal implications.
So, in this blog, we will show you how to find the PIIs your website is collecting and ways to remove them.
Before you embark on the journey to clean your data, you need to identify the PII collected by your website.
Create a custom report in Explorations to find out the PIIs you are currently collecting.
You can do so by following the steps below.
Now that you have the PIIs that need to be removed, it is time to clean the data you track and share with GA4.
You can remove personally identifiable information via a custom Javascript variable. Follow the steps below to do so.
function(){
var blocklist = 'email,address_line_1,address_line_2,city,state,zip_code,full_name,first_name,last_name,phone_number,postcode'.split(',');
var replaceWith = '';
var url = location.href;
var sanitizedUrl = url.replace(/((\?)|&)([^#&=]+)(?:=([^#&]*))?/g,
function(input, delim, qmark, key, val) {
if (-1 === blocklist.indexOf(key))
return input;
else
return replaceWith ? delim + key + '=' + replaceWith : qmark || '';
}).replace(/\?&*$|(\?)&+/, '$1');
return sanitizedUrl;
}
Follow the steps below to remove the PIIs.
Google Analytics 4 recently introduced another feature to resolve your customer privacy issues, called the Data redaction.
It prevents PII from being collected and passed on to GA4 at the client-side data collection stage.
However, it must be noted that redaction is no replacement for excluding the URL query parameters as performed in GTM.
But only serves as an add-on to ensure the customer data is safe.
Implement the data redaction by following the steps below.
Personally identifiable information needs to be protected to ensure customer data privacy and legal compliance.
To remove PII, find out the ones you are already collecting via the custom Explorations report.
Then move on to remove them by implementing a Custom JavaScript code and tag configuration in the Google Tag Manager.
For additional security, implement Data Redaction for your client-side redaction at the data collection stage.
Interested in learning more? Read our blogs here.