If your website or mobile app uses Google Analytics, you definitely need to have a Privacy Policy.
This article breaks down this requirement both legally and from Google, and explains how you can comply. We've also put together a Sample Google Analytics Privacy Policy Template that you can use to help you write your own.
Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:
You'll be able to instantly access and download your new Privacy Policy.
Google Analytics stores cookies on your users' PCs to keep track of usage data. This is enough to evoke the requirement of a Privacy Policy according to the EU Cookies Directive. The EU's GDPR also requires a Privacy Policy when usage data is collected, such as through cookies.
When you use Google Analytics, you can opt-in to getting access to analytics and usage data plus advertising features that allow you to create better marketing campaigns. The use of these features that include retargeting triggers the requirement to update your Privacy Policy to inform users about your usage of retargeting identifiers through Google's network.
In the Google Analytics Terms of Service agreement there's a requirement that users of Google Analytics must have a Privacy Policy agreement in place.
There are a few things you need to do if you take advantage of the standard features offered by Google Analytics. We'll review them now and show you how to implement them.
The Privacy Policy must disclose that analytics is used, disclose how data is collected and processed, and provide notice of the use of cookies.
Here's the clause in the Terms of Service agreement that sets forth these requirements and provides suggestions for meeting them:
Your Privacy Policy should be easily accessible to visitors directly from your website or mobile app, such as in a footer link or mobile app "About" menu.
This makes it easy for users to locate and view your agreement whenever they want to.
Here's an example of how Upwork includes a link to its Privacy Policy and other legal agreements in its website footer:
Because so many businesses place their legal agreement links in their website footer, people know to check there.
You can also include a pop-up or banner message, such as the one in the image below, that tells your users that cookies are in use. Include a link to your Privacy Policy (and Cookie Policy) in this pop-up or banner message to make sure relevant information is easily accessible:
Include information about your use of Analytics cookies in your Privacy or Cookie Policy and make it clear that you're using Google Analytics to gain insights and improve the functionality of your website, or for marketing purposes.
Here's how Indeed.com does this in a clause in its Cookie Policy:
Give users the ability to opt out of having cookies placed for the purposes of Google Analytics and let them know that they have this right.
There's an opt-out browser add-on from Google that helps make opting out incredibly easy and convenient for users. You can mention and link to this add-on in your Privacy Policy:
If you use the Google Analytics Remarketing Lists feature, you're required to agree to the Google Analytics Terms of Service. These Terms require you to have an informative Privacy Policy that discloses that Google Analytics Remarketing uses cookies to track users who visit your website or use your mobile app and display your ads to these users when they are on other websites.
While the exact language you should include isn't provided by Google, you should focus on being clear, concise, and informative.
Here's a checklist of what to include in your agreement:
Here's a clause from NextRoll's Privacy Notice that's a great example of how to let users know all of this information:
Another clause in the Privacy Notice addresses how users can opt out of or adjust targeted ads and the use of their personal data:
NextRoll provides an AdChoices feature where a user can adjust advertising preferences quickly and easily. It's linked in the website footer:
Users who click on the link are taken to a screen where they are given the ability to adjust individual ad remarketing settings. Consent can be revoked or granted for all advertising and analytics cookies with one click, or individually adjusted:
If you use NextRoll, AdWords, or a different remarketing tool, you can add a link on your website to a page or module like this. Having something like this one is a great way to allow your users to choose which cookies they wish to allow and opt out of behavioral ads if they want to.
If you choose to enable remarketing or any of the Google Analytics Advertising features, Google requires that you notify your visitors by disclosing the following 3 main points in your Privacy Policy, as stated in the Policy Requirements from Google:
Google Analytics Advertising tools lets you take the usage data and information you obtain from Google Analytics and use it for advertising purposes. Remarketing, also known as retargeting, is a widely used and incredibly popular function of Google Analytics.
In November 2023, Google released Consent Mode V2, a new way for businesses to communicate EEA and UK users' consent choices regarding the use of their personal data for advertising purposes to Google.
To comply with the new requirement, you'll need to implement Consent Mode V2 by March 2024. We've updated our Free Cookie Consent to work with Google Consent Mode V2.
Here's how you can integrate our Free Cookie Consent with the new Consent Mode V2:
These instructions can be found on our Cookie Consent & Google Consent Mode V2 page. We also have a video walkthrough on how to integrate a cookie notice banner with Consent Mode V2.
Which Google Analytics Advertising Features have you implemented? In your Privacy Policy, include a list of all features and links to more information about each of the features you have implemented for your website so that users can be aware of them.
For example, if you use Google AdWords for remarketing purposes, declare this and consider including links to both Google's Remarketing website, as well as the general Google Privacy Policy as it applies to AdWords usage.
Disclose that you and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together. Do this through a Cookies Policy or at least a cookies clause in your Privacy Policy.
You need to let users know that you use third-parties for advertising and how these third-parties may use cookies.
If your business is based in the EU or you sell to EU customers, there are additional requirements you must meet in order to satisfy the EU Cookies Directive because all remarketing service are based on cookies usage.
Visitors to your website or mobile app must give informed, specific, and voluntary consent to have cookies placed on their devices before any cookies are placed.
Use our Cookie Consent all-in-one solution (Privacy Consent) for cookies management to comply with GDPR & CCPA/CPRA and other privacy laws:
Create your Cookie Consent banner today to comply with GDPR, CCPA/CPRA and other privacy laws:
Display the Cookie Consent banner on your website by copy-paste the installation code in the section of your website. Instructions how to add in the code for specific platforms (WordPress, Shopify, Wix and more) are available on the Install page.The most common way that this requirement is satisfied is through the use of pop-up banners that appear prominently on a web page the first time a user visits a website. The banner informs a user about the use of cookies and requires some sort of active action from the user to give consent.
In this example from the BBC, a user must click the "Continue" button before cookies can be used. The notification box clearly states that by clicking the "Continue" button, the user is consenting to BBC's use of cookies:
How visitors can opt out of the Google Analytics Advertising Features you use, including through Ads Settings, Ad Settings for mobile apps, or any other available means (for example, the NAI's consumer opt-out).
Google has its own available opt-out tool for Google Analytics that they encourage you to linking to, as noted earlier in this article. Linking to it is a great way to satisfy the requirement that users must be informed on how to opt-out.
If you're developing a mobile app and not a website, your Privacy Policy should be accessible from within the app.
Dropbox accomplishes this by putting a "Legal and Privacy" section in its "Settings" tab that links to its Privacy Policy.
Here's an example from The Sierra Trading Post's Privacy Policy that discloses its use of the Google Analytics features:
If you have enabled the Advertising Features in your Google Analytics account, update your Privacy Policy by adding a new clause titled "Interest-Based Online Advertising and Google Analytics" or something similar, and make sure it includes the required information about your usage of these features.
Our Sample Google Analytics Privacy Policy is available for download, for free. The template includes these sections:
You can download the Sample Google Analytics Privacy Policy Template as HTML code below. Copy it from the box field below (right-click > Select All and then Copy-paste) and then paste it on your website pages.
More specific Privacy Templates are available on our blog.
| Sample Privacy Policy Template | A Privacy Policy for all sorts of businesses. |
| Sample Mobile App Privacy Policy Template | A Privacy Policy for mobile apps on Apple App Store or Google Play Store. |
| Sample GDPR Privacy Policy Template | A Privacy Policy for businesses that need to comply with GDPR. |
| Sample CCPA Privacy Policy Template | A Privacy Policy for businesses that need to comply with CCPA. |
| Sample California Privacy Policy Template | A Privacy Policy for businesses that need to comply with California's privacy requirements (CalOPPA & CCPA). |
| Sample Virginia VCDPA Privacy Policy Template | A Privacy Policy for businesses that need to comply with Virginia's VCDPA. |
| Sample PIPEDA Privacy Policy Template | A Privacy Policy for businesses that need to comply with Canada's PIPEDA. |
| Sample Ecommerce Privacy Policy Template | A Privacy Policy for ecommerce businesses. |
| Small Business Privacy Policy Template | A Privacy Policy for small businesses. |
| Sample CalOPPA Privacy Policy Template | A Privacy Policy for businesses that need to comply with California's CalOPPA. |
| Sample SaaS Privacy Policy Template | A Privacy Policy for SaaS businesses. |
| Sample COPPA Privacy Policy Template | A Privacy Policy for businesses that need to comply with California's COPPA. |
| Sample CPRA Privacy Policy Template | A Privacy Policy for businesses that need to comply with California's CPRA. |
| Blog Privacy Policy Sample | A Privacy Policy for blogs. |
| Sample Email Marketing Privacy Policy Template | A Privacy Policy for businesses that use email marketing. |
Comply with the law with our agreements, policies, and consent banners. Everything is included.
Disclaimer
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
Last updated on
Appears in
Related articles
Are your business privacy practices and Privacy Policy compliant with the European Union's General Data Protection Regulation (GDPR)? This wide-sweeping set of privacy regulations went into effect in May 2018 and its ramifications have been virtually global. GDPR Basics Here are a few of the basic facts: The GDPR is a set of regulations.
If you've ever tried in vain to find a way to directly contact a business only to discover that they have no contact information listed on their website, then you know how frustrating the experience can be. It is considered a general customer service best practice for every online business to.
The European Union's General Data Protection Regulation (GDPR) has indirectly led to tighter rules in Canada for getting "meaningful consent." Federal and provincial regulators issued more explicit guidelines on making sure individuals really do understand the permission they give. Despite the GDPR connection, these guidelines involve domestic laws that Canadian.
Comply with the law with our agreements, policies, tools and cookie consent banners. Everything you need is included.
Disclaimer: Legal information is not legal advice, read the disclaimer. The information provided on this site is not legal advice, does not constitute a lawyer referral service, and no attorney-client or confidential relationship is or will be formed by use of the site.
Copyright © 2012 - 2024 TermsFeed ® . All rights reserved.
