Even in 2017, Google Analytics is still one of the most widely used analysis tools. Google's constant development ensures that there are hardly any comparable alternatives. However, there is a catch if you want to use the American analysis programme in Germany: German data protection laws do not allow its use!
Adapting Google Analytics to German data protection is easy
But fortunately it is not quite that bad. If you follow these 5 simple rules, Google Analytics may also be used in Germany:
Order data processing contract with Google
As a website operator who integrates Google Analytics, you enter into a contract with Google as a contractor for commissioned data processing. This happens as soon as Google Analytics is integrated. In order to secure this contract, Google has drawn up a written contract that complies with German data protection law. As a website operator, you must download this contract from Google, fill it out and send it to Google in duplicate. Google will countersign the contract and return one copy. It is essential to keep this copy!
Anonymise IP addresses with anonymizeIp
For the time being, the tracking code provided by Google does not meet the requirements of German data protection. The problem is that in the standard configuration, Google transmits the complete IP address of the visitor to the Google servers in the USA. The IP address belongs to the personal data of a user and may not be given out without further ado.
But Google now offers a way to anonymise the IP address. To do this, the last part of the IP is blacked out. This does not bother us as website operators. To activate this function, we have to extend the Google tracking code as follows:
<script>
(function(i,s,o,g,r,a,m){i[‚GoogleAnalyticsObject‘]=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,’script‘,’//www.google-analytics.com/analytics.js‘,’ga‘);ga('create', 'UA-XXXXXXX-X', 'website.de');
ga('set', 'anonymizeIp', true);
ga('send', 'pageview');</script>
For WordPress, I recommend the plugin "MonsterInsights", which offers this setting conveniently in the admin area.
Right of objection
Data protection stipulates that you give your visitors the opportunity to object to the collection of their user data. This may sound complicated at first, but since Google also offers appropriate solutions here, the implementation is quite simple.
There are two ways to object to the use of data. Both have to be built in:
- A deactivation addon provided by Google
- An opt-out cookie
The deactivation addon deactivates Google Analytics in your visitor's browser. As a website operator, you must link to this addon (see point 4).
The opt-out cookie can be set by clicking on the privacy policy (see point 4) and also prevents tracking for the visitor. For this cookie to take effect, the following Javascript code must be inserted before the actual Google Analytics tracking code:
<script>
var gaProperty = ‚UA-XXXXXXX-X‘;
var disableStr = ‚ga-disable-‚ + gaProperty;
if (document.cookie.indexOf(disableStr + ‚=true‘) > -1) {
window[disableStr] = true;
}
function gaOptout() {
document.cookie = disableStr + ‚=true; expires=Thu, 31 Dec 2099 23:59:59 UTC; path=/‘;
window[disableStr] = true;
}</script>
Extend privacy policy to include Google Analytics
If you want to use Google Analytics on your own website, it is mandatory to extend the privacy policy accordingly.
www.datenschutzbeauftragter-info.de recommends the following text passage. There, the deactivation addon and the opt-out cookie from point 4 are also taken into account:
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link(http://tools.google.com/dlpage/gaoptout?hl=de).
Sie können die Erfassung durch Google Analytics verhindern, indem Sie auf folgenden Link klicken. Es wird ein Opt-Out-Cookie gesetzt, das die zukünftige Erfassung Ihrer Daten beim Besuch dieser Website verhindert:
<a href=“javascript:gaOptout()“>Google Analytics deaktivieren</a>For more information on the terms of use and data protection, please visit http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/. We would like to point out that the code "anonymizeIp" has been added to Google Analytics on this website to ensure anonymised collection of IP addresses (so-called IP masking).
Now we come to the last point:
Deletion of old data
The supervisory authorities in Germany state that all user data collected before the conversion of these 5 points was unlawful and violates German data protection laws. Therefore, an old Google Analytics account must be deleted and a new one created.
Leave a comment now