Do you know if your Google Analytics is complaint with the California Consumer Privacy Act (CCPA)?
Google Analytics is actually one of the most popular analytics tool that’s being used by millions of people across the world on their websites and blogs . It helps you track your website or blog’s performance, see traffic statistics, understand user’s behavior and much much more.
And, because it works to collects personal data about your website/blog visitors you can get you into trouble if you don’t meet the CCPA compliance requirements.
So in this blog article, we’ll show you how to make sure your Google Analytics complies with CCPA and make your website/blog and business secure.
Let’s take a look at the regulations that are required of us to follow.
What is the CCPA?
CCPA is the California Consumer Privacy Act, that is a comprehensive data protection law within the United States, primarily concerning the state of California. So this law went into effect on January 1, 2020, and it was enforced on July 1, 2020.
This means you have got to comply with this law in order to secure your business website.
The aim of the CCPA was to enhance all the privacy rights and consumer protection for the residents of California. It was create to ensure there is clear transparency within organizations and businesses of any kind regarding any personal information they collect from their website visitors, how they use it, and whom they share it with.
You might have seen similar case with Google and Facebook in the news. This one is for the state of California.
So if your website visitors are from the State of California, you’ve got to sort this out.
Some of the rights that residents of California have under the CCPA are:
- Right to be Informed – What this means is that any website visitor has the right to know how your website collects, sells, discloses, and shares their personal data if collected.
- Right to have Data Deleted – The citizens of California have the right to request you to get their information erased from your website.
- Right to See What Data – The citizens have the right to see what data was collected about them in the past 12 months.
- Right to Equal Services and Price – If your website sells products and services then you are not allowed to discriminate against your website consumers that exercise this right and you should give all of them the same price and service as other consumers from around the world.
- Right to Opt-Out – The people from the state of California can opt-out of your website’s database in order to prevent you from using your websites information for selling, renting, or releasing their personal information to third parties.
Now, you might be wondering, does this new law apply to your website, blog or business. So let’s find out what you must do.
Who Needs to be CCPA Compliant?
Earlier I mentioned that if your website visitors are from the State of California, then you must comply with this CCPA Law.
But there’s one caveat!
You might have heard of GDPR (a European data privacy law), but CCPA here doesn’t apply to every website. The criteria is that if your business (website/blog) meets the following conditions, then you’ll have to comply with the law:
- Your annual gross revenue is $25 million or higher.
- If your 50% or more of your annual revenue is from selling consumer’s personal information.
- You buy, receive, or sell personal information of 50,000 or more consumers, devices, or households.
Now that you know the conditions, you might be thinking so, what happens if you don’t comply with CCPA law?
Here’s what happens: If you’re found to be intentionally violating the law, then you could face penalties up to $7,500 per violation per individual. But if it’s unintentional then it costs up to $200 per violation per individual.
Now you need to be even more aware of this because in case a user/visitor/citizen of the state files a lawsuit, the fines alone can range between $100 to $750 per consumer per incident, or the actual damage (whichever is greater).
So this requires you to be alert and vigilant if your website/business/blog serves or has an audience from the State of California. You do not want anything costing you your hard work and success.
Take note of the complaint conditions before you do business within the state of California.
Is Google Analytics CCPA Compliant?
Now that we have covered everything you need to know about CCPA and how it applies to your business, the next question you might have in your mind is: What does CCPA have to do with Google Analytics?
Let’s clear the confusion shall we?
Well, Google Analytics is one of the most powerful tool being used for business and since we connect them to our websites we actually can understand how people interact with our website/blog. And here’s how it works – You assign your website visitors an UserID (which is an unique ID) and it starts to record personal data like IP addresses, gender, age, device, and the other personally identifiable information.
Basically, you don’t have to do all that manually. You just take the code it gives you to add it on to your website and from there, it does it’s work once the configuration is successful.
Once it’s successful, you’ll start seeing where your website visitors are from.
Now, since it starts working with your website it means that it falls under CCPA’s explanation of consumer’s personal information, as mentioned earlier.
Here’s a thought that might occur to some of you: So, should companies disable Google Analytics because of CCPA law?
Well, it seems like an extreme measure doing that for your website, but the problem is that without Analytics, you won’t have any data to make decisions for your business and you’ll be just guessing about what works on your website.
So since it’s important you have Analytics, you can easily make a few changes to ensure that Google Analytics complies with the requirements of CCPA law so that you don’t have to worry about removing some code or tracking parameters specifically for the state of California.
So here’s how you should do it. Follow along and learn how to do it.
How Can You Make Google Analytics CCPA Compliant?
If you’re wondering how you can comply with this new CCPA law, here are 3 steps you can follow to make sure that Google Analytics meets CCPA law requirements.
Step 1: Install MonsterInsights and its EU Compliance Addon
We need MonsterInsights for this purpose. MonsterInsights is basically the World’s best WordPress plugin for Google Analytics. It allows you to easily sort out the needs regarding the new law. All you need to do is to install the plugin and its EU Compliance addon.
And, the EU Compliance addon will allow you to automate different processes to meet CCPA law requirements. For instance, it can easily help you to anonymize or disable any personal data tracking within Google Analytics with a click of a button.
Here’s what you can do with this EU Compliance addon:
- Anonymize any user’s IP address that Google Analytics tracks.
- Disable the UserID tracking inside Google Analytics.
- Disable the demographics and interest reports for advertising (Google Ads) and remarketing tracking within Google Analytics.
- Automatically disable author tracking inside Google Analytics and the custom dimensions addon.
- Enable ga() compatibility mode. (This is complex info).
- Allow AMP addon users to agree with the Google AMP consent box before tracking their data.
- Allows easy integration with CookieBot and Cookie Notice WordPress plugins.
After you’ve installed the plugin, you need to access the addon, so you’ll have to go to Insights >> Addons >> EU Compliance. Then install and activate the addon separately.
After the addon has been activated, you need to go to Insights >> Settings >> Engagement and scroll down to the EU Compliance section. Here is where you can change the settings and disable all the different tracking features that are being captured by Google Analytics and now you’ll be able to comply with the new CCPA law.
Step 2: Create an Opt-Out Consent Box
Once the MonsterInsights plugin and its EU Compliance addon is set up (refer above procedure), the next thing you’ll have to do is to create an opt-out consent box. This is because one of the rights within CCPA law is that the user has the right to opt-out from websites sharing their data with third parties. So you gotta create one now.
And the simplest way of creating an opt-out consent box is by using the free WordPress plugins like CookieBot or Cookie Notice. Both these plugins offer a built-in option to set up an opt-out consent box so now you can set it up.
Now you can easily integrate that with MonsterInsights plugin as well.
If the CookieBot plugin scans your website and creates a cookie declaration link, you can take that and place it on your website. So now it does it’s work but, it also creates a Do Not Sell My Personal Information document that you can use or link to make sure that your website and business complies with CCPA law requirements.
Now that’s set up you must inform your website visitors regarding the same, as most of the Citizens of California will be aware of this.
So you can mention on your website somewhere or inform your visitors than about the data consent and opt-out box where you clearly describe what personal information Google Analytics collects and what you do with it. You’ll also have to explain the purpose of the data you collect, how you use it, and if it’s shared with any third party.
Just by complying with this, you’ve saved yourself some heartache and trouble that could possible arise in the future.
One last thing, you have to outline the process that users have to take if they want to see their stored data and how can it will be deleted from your website, in case the request the same.
FAQs about CCPA and Google Analytics.
Now let me address some of the frequently asked questions about Google Analytics and the CCPA law.
1. Are Cookies Personal Information Under CCPA Law?
Basically, a cookie tracks personally identifiable information such as your IP address, age, gender, browser type, operating system, etc. So sure yes, it will contain personal information that falls under the CCPA law.
So, it is vital that you must clearly disclose them on your website and explain the purpose of cookies to your website users. Also, plugins like CookieBot and Cookie Notice that we’ve asked you to install earlier can help you organize them and help you add an opt-out consent box on your WordPress website.
2. Does Google Analytics Collect Personal Information?
Yes, Google Analytics uses User ID, Client ID, and cookies to track the behavior of your website users when they land on your website. This means that Google Analytics collects personal information and this falls under the CCPA law. But with the help of MonsterInsights plugin and the EU compliance addon, you can make sure Google Analytics complies with the new law.
3. CCPA – What Should Corporations Need to do if They Use Google Analytics?
If your business meets the requirements of CCPA and is using Google Analytics, then you must ensure that your Analytics complies with this new law. We’ve already mentioned some of the steps earlier in this post regarding the penalties you could possibly face. So you can read them again and ensure that your website and business meets the CCPA law criteria and avoid any kind risk for penalties.
CPAA law has already been enforced from July 1, 2020, and it applies to any business that provides web services to the residents of California.
So if your website visitors are from California and your business matches the criteria listed above you’ve got to comply with it, or else you could risk yourself and your business.
So in order to do that your website and business has to comply with the law and meet the requirements stated under CCPA (listed above in this post) and then use Google Analytics along with MonsterInsights, so that you can easily comply with this new law.
You will have to use the EU Compliance addon and disable tracking with a few clicks of a button. (Refer the steps above).
That’s it! Now you’re ready to be CPAA complaint free.
I hope this was helpful and it should help you comply with the law and escape all the penalties.