If your website or app uses Google Analytics, then you must publish a Privacy Policy. This is part of your agreement with Google, which specifies this requirement in its Terms of Service. Privacy Policies are also a legal requirement when a company stores, transfers, or otherwise handles someone’s personal information no matter what jurisdiction you operate in.

Google Analytics tracks visitors to your website by storing cookies on their computers, and this means that a Privacy Policy is essential. Including a Privacy Policy on your website that informs your users of why and how their data is going to be used is important. People have the right to protect their personally identifiable information and should be given the information they need to make an informed choice about whether to use your services based on how you use their data – which is of extremely high value.

Most people want a say in who has access to their personal data and what happens to it. The need for Privacy Policies stems from an attempt to respect an individual’s privacy while allowing organizations to track and monitor everything from website traffic to engagement levels. Privacy Policies work more towards the benefit of big business as in reality, online users cannot access the goods and services they need online without consenting to the rules created by businesses.

Google Analytics is a tracking tool. It’s free to use and it’s ideal for businesses who want to know more about:
Who visits their website
How their website is used
What’s popular on their website, and what’s not
Whether visitors return to their website

Why you might consider signing up to Google Analytics:
It helps you pick out warm leads and the visitors most likely to convert to paying customers
You can see how effective your targeted ads are
The platform gives you a broad-picture idea of how your website is performing which is essential for devising an overall marketing strategy

How Google Analytics Collects Data
Google Analytics uses cookies to remember a user’s behavior and it shares these insights with you. Google Analytics mainly uses first-party cookies to generate reports on who visits your website and what they do once they get there.
This information is useful for understanding if and why marketing strategies are working and if your intended audience is responding.

Google Analytics and Remarketing
Google can place advertising cookies on a user’s computer if you opt for this extra service. This service lets you target ads based on:
Geographical location
Audience behavior
Audience interests
Google Analytics achieves all of this by collecting personal information from your visitors.
Personal information is any information which can be used to identify someone, such as their:
Home address
Date of birth
IP address

Google Terms of Service and Analytics Policy
Google has three separate policies which you should be aware of:
A general Privacy Policy
The general Google Terms of Service
A specific Terms of Service for the Google Analytics service
Google’s Privacy Policy
Google’s Privacy Policy explains what data will be collected and how it will be used. Remember that you will be collecting the same information that Google Analytics collects when you use its service, so reading Google’s Privacy Policy will help you know what to include in your own.

Google’s Terms of Service
The general Terms of Service is worth reading because it forms part of the terms you agree to when you use Google Analytics.
By signing up for Google Analytics, you’re agreeing to be bound by these Terms and the Privacy Policy.

You can access the Terms of Service for Google Analytics by clicking here. Most importantly is the section on Privacy.
It’s your responsibility to ensure you have a Privacy Policy that:
Complies with any applicable regulations, laws, and Google terms
Sets out how you use cookies or identifiers to collect personal data
Makes it clear that you use Google Analytics
Shows users how they can consent, or withdraw consent, to cookies and other information gathering
Your Privacy Policy must tell your audience that you use cookies and other identifiers. You aren’t allowed to assume that your audience knows you’ll use cookies, or that they consent to having cookies installed on their device.
You also need to inform your users that you use Google Analytics.

Cookie Consent
You also need to include a separate cookie consent section to comply with global standards. At this time the GDPR is the most stringent privacy protection and you must include this to operate in the EU.
Although the laws vary around the world, it’s generally the case that you must provide users with a Privacy Policy if you collect information from them.

Examples of laws that affect how businesses collect data include:
The General Data Protection Regulation (GDPR) – European Union
Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada
California Consumer Privacy Act (CCPA) – California, USA
These pieces of legislation are all really similar, and their requirements for a Privacy Policy are broadly the same. A legally compliant Privacy Policy should include at least the following sections.
Name and Contact Details
You should put your business contact information, and your official business name, somewhere in your Privacy Policy. This means that visitors know how to contact you if they want more information.

The Information You Collect
Your audience has a right to know what information you gather from them, for example, a billing address if they make a purchase.
Why You Collect the Information
Regulations such as the GDPR state that you should only collect as much personal data as is necessary. For example, you don’t need someone’s home address if they sign up to an email newsletter.

Data Use & Sharing Policies
You must make your audience aware of how you use their data. It’s illegal to share personal information with third parties, for example, unless you explain in your Privacy Policy that you use data this way.

The Right to Opt-Out
Everyone has the right to be forgotten by a website or to block websites from installing cookies on their device. They also have the right to opt-out of marketing campaigns.

A Specific Google Analytics Clause
If you want to take your Privacy Policy even further, you can dedicate a whole clause to how you work with Google Analytics and how you use the service to track consumer data.
You must provide a Privacy Policy to your audience if you want to use Google Analytics.
By ensuring that you follow the guidelines and stay up to date with privacy practices, you protect your business integrity and safeguard your users, which establishes trust with your users and keeps your business ahead of changes.