Comment by minsc_and_boo
3 years ago
Isn't it already against Google Analytics' policy to put PII in the platform to begin with?
https://support.google.com/analytics/answer/6366371?hl=en#zi...
3 years ago
Isn't it already against Google Analytics' policy to put PII in the platform to begin with?
https://support.google.com/analytics/answer/6366371?hl=en#zi...
Gdpr uses a more expansive definition of personal data, and it includes the IP address and geolocation data, for example.
And to be clear Google Analytics has a setting to "anonymize" the IP address which deletes the last octet of the address and makes geolocation less accurate.
Then there's an argument that the IP address still reaches Google servers before it's deleted. But that's just splitting hairs at this point. If Google doesn't process the data with IP the IP address I see no harm.
IP addresses are not something that you can choose to not send at all. It's kind of required by the TCP/IP stack. If that was the case users in EU could not access any website in the USA.
The press release mentions that partial truncation is not considered good enough as google has enough ancillary metadata to reverse it.
I guess the difference here is, that I want to visit a website in the US versus a tracking request, that happens in the background.
The GDPR is a product of the Snowden revealed pervasive surveillance done by US TLAs. Keeping the data in EU vs sending it over to US under assurances is a big hair.
Yeah, it uses the definition of personal data that includes information that isn't personal.