Is your Google Analytics compliant with the California Consumer Privacy Act (CCPA)? If it isn’t, this guide will help.
Google Analytics is the most popular analytical software and it is the main tool for millions of websites all over the world. With this tool, site owners can track their site performance and other useful metrics that will help them to understand users’ behavior.
Google Analytics will collect personal data about your users, however, if it does not meet CCPA compliance, this could spell big problems for your organization.
This guide will help you to make your Google Analytics CCPA compliant. The process is simple and easy to follow, and with just a few clicks you can disable tracking on your Google Analytics.
Tables Of Contents
- 1 What is CCPA?
- 2 What Companies Must Comply With CCPA
- 3 What Does The CCPA Mean For Your Website?
- 4 What Happens If You Fail to Comply With CCPA
- 5 How to Make Google Analytics CCPA Compliant?
- 6 Step 1: Install MonsterInsights Plugin and its EU Compliance Addon
- 7 Step 2: Create an Opt-Out Consent Box
- 9 FAQs on Google Analytics and CCPA
- 10 Wrapping Google Analytics CCPA Compliance Guide
What is CCPA?
CCPA refers to the California Consumer Privacy Act, a comprehensive data protection regulation that came into effect on January 1, 2020, and became enforceable on July 1, 2020. It aims to regulate how organizations collect users’ data and protect the privacy of customers that are resident in California.
In a nutshell, it is a customer protection law that aims to make organizations more transparent about what personal information they collect from users, how they use this information, and the third parties they share it with.
With CCPA, residents of California have the following rights
- The right to be informed of how a website collects, uses, sells, and shares their personal data
- The right to have their data erased or deleted from a website
- The right to see what data that has been collected about them in the last 12 months
- The right to receive equal services and price regardless of location, race, buying power, etc
- The right to opt-out from a website’s collecting, selling, or using of their personal information with third parties.
What Companies Must Comply With CCPA
CCPA only applies to for-profit businesses that sell the personal information of California residents. If your business meets any of the three thresholds, then you need to comply with the new regulations
- Your annual gross revenue exceeds $25 million
- Your derive more than 50 percent of your annual revenue from selling the personal information of residents of California
- You are involved in the buying or selling of the personal information of 50,000 or more California residents.
What Does The CCPA Mean For Your Website?
If your business meets any of the criteria above, then you will have to implement the changes on your website. This means your website will have to inform users from California before collecting their data and what categories of personal information you would collect. You are to also tell them what it will be used for.
In addition to that, your website must give users a link to opt-out if they do not want you to sell their data to third parties. If minors under the age of 16 are among your visitors, you must include an opt-in link to allow them to give you permission to sell or use their personal information as you wish.
What Happens If You Fail to Comply With CCPA
Failure to implement and comply with this regulation comes with heavy fines of up to $7,500 per violation and $750 for every affected user in the case of a lawsuit.
How to Make Google Analytics CCPA Compliant?
Since Google Analytics takes record of users’ personal data like IP addresses, location, device, other personal information, it falls under the CCPA regulation and would have to be made CCPA complaint to avoid violations.
Rather than disabling Google Analytics on your website, you can just follow the steps below to ensure It meets the CCPA requirements.
Step 1: Install MonsterInsights Plugin and its EU Compliance Addon
MonsterInsights is a plugin that is perfect for Google Analytics. It will help you make your Google Analytics CCPA compliant by installing its EU Compliance Addon. With the addon, you can automate processes to meet the requirements for CCPA. This means you can easily disable personal tracking in Google Analytics with just the click of a button. The EU Compliance addon offers you a lot of features including the following
- Make users’ IP addresses collected by Google Analytics anonymous
- Disable UserID tracking feature on Google Analytics
- On your Google Ads, you can disable demographics and interest tracking.
- You can disable remarketing reports in Google Analytics
- Allows for easy integration Cookie Notice and CookieBot WordPress plugins
If you already have the MonsterInsights plugin installed on your website, you can go ahead to add the EU Compliance addon. If not, then you can download and install the plugin from here.
To install and activate the addon, follow this string, Insights » Addons » EU Compliance.
With the addon activated, navigate to Insights » Settings » Engagement. Go to the EU Compliance section. Here, you customize the settings to meet with CCPA requirements and ensure that your Google Analytics is not in violation of the law.
Step 2: Create an Opt-Out Consent Box
Once everything is set up, you will have to create an opt-out consent box. This gives the user the right to opt-out from sharing their personal data with third parties. Note that this is one of the rights the CCPA gives to the users.
To do this is very simple. All you need is a WordPress plugin like Cookie Notice or CookieBot. Both plugins are free, and they offer a built-in option to create a\ consent box. They are also very easy to integrate with MonsterInsights.
If you go for CookieBot, it can scan your website and create a cookie declaration link. You can place this link on your website for people to opt-out if the time ever comes. You can also use it to create a Do Not Sell My Personal Information document that you can place anywhere on your site. This further makes sure that you comply with CCPA requirements.
- Inform users that your site uses Google Analytics and with the tool, you collect their data
- Inform them of the specific data you collect (e.g location, gender, age, device, etc)
- Inform them of how you use this data – if you sell it to third parties or you use it to improve your site
- Include details about the different ways you track their personal information
- Outline the process users should follow if they want to view their stored information
- Inform them how they can have their personal information deleted from your website
FAQs on Google Analytics and CCPA
Where is Google Analytics Data Stored?
Google Analytics stores collected data on remotely located servers. Data collected from sites are stored in randomly selected public cloud datacenters mostly in the US.
How Long is Google Analytics Data Stored?
Thanks to the new Analytics setting dubbed Data Retention that allows you to store data for as long as you like. By default, Google Analytics will store collected data for up to 26 months. If you want it to stay longer, you can adjust the settings and type in the duration or set it to never expire.
Does Google Analytics Collect Personal Information?
Google Analytics provides you with useful data that will help you determine your site performance and to better understand user behaviour. To do this, the software uses Client ID, User ID, and cookies to track your users immediately they land on your website.
This means they will collect the personal information of your users. However, using the MonsterInsights plugin and the EU Compliance Addon means that your users will be informed of this and they can opt-out anytime they want.
How is CCPA Enforced?
Consumers can enforce CCPA through their private attorneys. Consumers can bring up legal action for statutory damages, and this means they won’t have to provide proof that they incurred any financial loss but simply have to show that the company violated the regulation.
This easy way to keep your site and business out of legal trouble is to ensure that your site complies with the CCPA regulation.
Wrapping Google Analytics CCPA Compliance Guide
On July 1, 2020, CCPA became enforceable and applies to any business that falls within the criteria and provides online services to California residents. With this guide, you should be able to meet the CCPA requirements on your Google Analytics website and not have to worry about lawsuits.
All you have to do is install and download the MonsterInsights plugin, get the EU Compliance addon, and you can set your Google Analytics to comply with the CCPA. It is that easy.