Google has published new documentation for the GA4 Data Redaction feature that prevents accidentally sending personally identifiable information (PII) to Google. This makes it easier to conform to privacy laws and Google’s own policies.
Notable about the feature is that it will be turned on by default for new properties that are added to GA4 but existing properties will have to manually enable it.
Google’s GA 4 policies require that no PII data be sent through GA4 that Google could use to identify individuals.
Examples of PII includes (but is not limited to):
- Email addresses
- Personal mobile numbers
- Social security numbers
Removing PII From URLs
One of the ways that PII could inadvertently be sent to Google is through URL paths and parameters that contain PII in them.
The Data Redaction feature in GA4 is a setting that is turned on by default for new properties added to GA4.
Existing properties will need to configure the data redaction feature in the web data stream settings.
GA4’s data redaction feature analyzes events prior to sending them to Google and strips out any PII that may be contained in the data.
New Feature Available On GA4
Below is a screenshot of the new feature that is now available on GA4:
This is a screenshot of the next window that opens up that allows users to redact data:
Clicking the two buttons allows users to redact personally identifying information so that it’s not sent to Google.
It’s turned on by default for new properties but needs to be manually switched for existing properties.
According to the new documentation:
“The data-redaction feature helps to prevent the inadvertent collection of PII in the form of email addresses and URL query parameters.
Data redaction uses text patterns to identify likely email addresses across all event parameters and the URL query parameters that are included as part of the event parameters page_location, page_referrer, page_path, link_url, video_url, and form_destination.”
It should be noted that Google’s documentation advises that users should not consider their responsibility to remove PII to be completed with this solution.
The solution can not be considered complete because GA4 users are still obligated to make sure that there are no PII sent to Google in some other manner that the data redaction feature may not be able to identify and remove.
The new documentation states:
“It’s important to remember that while data redaction provides a powerful tool against inadvertently collecting PII, the ultimate responsibility for meeting regulatory requirements still lies with the entity collecting data.
To further help you meet that responsibility, this feature lets you test your configuration to understand whether the text patterns you identify are redacted as expected (learn more).”
You can also use Debug View to monitor in real time how Analytics collects events from your site.”
Now it’s just a setting within GA4.
Read Google’s newly published documentation for the data redaction feature:
