Personal Data in Google Analytics
I'd like to implement UserIDs on an ecommerce site - usually I can just modify the platform to push the account ID via the dataLayer and use GTM to do the rest. This time, it's a closed platform so I'll not be able to get development done on the site. I checked every page after login too - there's nothing unique we can use to push something to GA.
But if I capture their email address on login with GTM, I could use SHA-2 (via crypto JS) to create a one way hash... and use that as the UserID.
i.e. firstname.lastname@example.org => 6af6c6feb275b1bc8a8d721e92c3ef6fcefbd81f3ce69af7109f00bd
But the rules say....
The Google Analytics terms of service, which all Google Analytics customers must adhere to, prohibits sending personally identifiable information (PII) to Google Analytics (such as names, social security numbers, email addresses, or any similar data), or data that permanently identifies a particular device (such as a mobile phone’s unique device identifier if such an identifier cannot be reset), even in hashed form.
But this doesn't seem to be very clear. If I choose to interpret it the way I want, this only applies when the data is automatically captured without consent.... but I can guess this is pretty unlikely.
What are my options?
Re: Personal Data in Google Analytics[ Edited ]
December 2015 - last edited December 2015
privacy issues use to be tricky all the time ... My impression is that the borderline seems to be whether Google (or any third party) is able to deconstruct the ID and map it to an actual person or not. If only you and your company is able to do that match it should be okay. For example, Google actually encourages companies to submit customer IDs in the user-ID feature of cross-device tracking because that customer ID isn't deconstructable for Google in any way.
Get your daily news with Google Analytics Recommended Reading 2017 and Google AdWords Recommended Reading 2017 on Google+