Google Analytics opt-IN?

  • I’ve looked through the knowledge base and the settings, and I have no idea how to make my Google Analytics GDPR compliant using this plugin.

    As far as I can tell, Google Analytics does not set a cookie of its own — it uses JavaScript (ga.js). Therefore, it will always record information except for logged-in users (which is just the administrator, who’s excluded); if the user has JavaScript disabled or is blocking Google Analytics with a script-blocker or something like Privacy Badger; or if the user has a cookie that specifically tells Google they want to opt out of tracking.

    I assume it would be theoretically possible to automatically place an opt-out cookie on the visitor’s device unless they accept the analytics, in which case that cookie is deleted or turned off. I don’t know of the GDPR plugin can do that, or if so how. I also don’t know if that would be an acceptable GDPR-compliance solution, since it would be putting a cookie on the visitor’s device preemptively that would still allow Google to collect some information on them.

    Is there a solution for this? My understanding is that Analytics opt-outs are not acceptable under the GDPR, but I don’t know what else to do or how.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Fernando Claussen

    (@fclaussen)

    The GA code DOES create a few cookies to track users.
    I provided an example of a GA implementation in our documentation.

    https://gdpr-wp.com/knowledge-base/enabling-or-disabling-functionality-based-on-consent-and-cookies/.

    You could skip the has_consent part of the example if you want and just have the is_allowed_cookie part.

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    I tried navigating my site from another (non-logged-in) browser and monitoring cookies through the inspection tool, and the only ones that set were WordPress’s visitor cookie (which I don’t know how to suppress) and ones created by the GDPR settings. When I tried using the code suggested in the knowledge base, adding it to functions.php, the site immediately broke until I deleted the code.

    I’m not a developer, so most of this is waaaaay over my head and I’m quite overwhelmed. I found another plugin, Google Analytics Germanized, that will handle the opt-in, but I have no idea how to integrate its consent cookie with the GDPR.

    @ate-up-with-motor,

    You don’t need Google Analytics Germanized to get this working. You are correct that Google Analytics is instantiated from ga.js (or analytics.js).

    How is that script currently implemented in your wordpress site? If you can find that script, simply check is_allowed_cookie().

    Example:

    <script>
  if (is_allowed_cookie('_ga') && is_allowed_cookie('_gid')) {
    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
    (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
    m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
    })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

    ga('create', 'XXXXXXXXXX', 'auto');
    ga('send', 'pageview');
  }
</script>

    In your GDPR setup, ensure you have _gid and _ga set as opt-in “Cookies used by this site”.

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    The GA header code looks like this:

    <script async src="https://www.googletagmanager.com/gtag/js?id=UA-XXXXXXXX-X"></script><script>
				window.dataLayer = window.dataLayer || [];
				function gtag(){dataLayer.push(arguments);}
				gtag('js', new Date());gtag('config', 'UA-XXXXXXXX-X', {"anonymize_ip":true,"allow_display_features":false,"link_attribution":false});</script>
    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    Or, if you mean the code that places the script, with Google Analytics Germanized, it’s:

    public static function ua()
		{
			$domain = ((empty(self::$settings['domain']))?'auto':self::$settings['disable-analytics-integration']);

			$code  = '<script>';
			$code .= "
				(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
				(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
				m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
				})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');";

			$code .= sprintf(
				"ga('create', '%s', '%s');",

				esc_attr(self::$uaid),
				$domain
			);

			if( ! empty(self::$settings['custom-code']) ) {
				$code .= self::$settings['custom-code'];
			}

			if( self::$settings['linkid'] ) {
				$code .= "ga('require', 'linkid');";
			}

			if( self::$settings['displayfeatures'] ) {
				$code .= "ga('require', 'displayfeatures');";
			} else {
				$code .= "ga('set', 'displayFeaturesTask', null);";
			}

			if( self::$settings['anonymize_ip'] ) {
				$code .= "ga('set', 'anonymizeIp', true);";
			}

			$code .= "ga('send', 'pageview');";

			$code .= '</script>';

    You can implement it in both those code snippets. 

    <script async src="https://www.googletagmanager.com/gtag/js?id=UA-XXXXXXXX-X"></script>
<script>
  if (is_allowed_cookie('_ga') && is_allowed_cookie('_gid')) {
    window.dataLayer = window.dataLayer || [];
    function gtag(){dataLayer.push(arguments);}
    gtag('js', new Date());gtag('config', 'UA-XXXXXXXX-X', {"anonymize_ip":true,"allow_display_features":false,"link_attribution":false});
  }
</script>

    I’ve formatted the code slightly so you can see the if statement. You’ll want to double check the cookie name(s), as I see you’re using Google Tag Manager and I’m not familiar with which cookies it sets.

    Or for your second snippet:

    public static function ua() {
  if (!is_allowed_cookie('_ga') || !is_allowed_cookie('_gid')) {
    return false;
  }
  $domain = ((empty(self::$settings['domain']))?'auto':self::$settings['disable-analytics-integration']);

  $code  = '<script>';
  $code .= "
    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
    (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
    m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
    })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');";

  $code .= sprintf(
    "ga('create', '%s', '%s');",

    esc_attr(self::$uaid),
    $domain
  );

  if( ! empty(self::$settings['custom-code']) ) {
    $code .= self::$settings['custom-code'];
  }

  if( self::$settings['linkid'] ) {
    $code .= "ga('require', 'linkid');";
  }

  if( self::$settings['displayfeatures'] ) {
    $code .= "ga('require', 'displayfeatures');";
  } else {
    $code .= "ga('set', 'displayFeaturesTask', null);";
  }

  if( self::$settings['anonymize_ip'] ) {
    $code .= "ga('set', 'anonymizeIp', true);";
  }

  $code .= "ga('send', 'pageview');";

  $code .= '</script>';
}
    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    I’m still baffled by all this. My apologies for sounding like an idiot — this is all way beyond my technical skill level. (I can’t imagine I’m the only one struggling with this today!)

    Let me see if I can break this down into decipherable pieces.

    Let’s say first of all that I take out the Google Analytics Germanized plugin and just put the script you provided above directly into the “custom header code” section of my theme:

    <script async src="https://www.googletagmanager.com/gtag/js?id=UA-XXXXXXX-X"></script>
<script>
  if (is_allowed_cookie('_ga') && is_allowed_cookie('_gid')) {
    window.dataLayer = window.dataLayer || [];
    function gtag(){dataLayer.push(arguments);}
    gtag('js', new Date());gtag('config', 'UA-XXXXXXX-X', {"anonymize_ip":true,"allow_display_features":false,"link_attribution":false});
  }
</script>

    Next, I go to GDPR Settings > Cookies and create a category called Analytics so that I can register the cookies.

    Do I just enter _ga, _gid as text, or do I need to put them in brackets or something to register them properly? [It would be great if this section of the knowledge base had some examples or sample lists for the benefit of those of us who are idiots!]

    Do I ALSO need to create a consent for Analytics? (This seems counterintuitive — if someone consents to Google Analytics, it doesn’t make sense for them to not consent to the cookies needed to make it work, and vice versa.) If I create a consent for Analytics, do I also need to register the cookies?

    Once that’s done, how do I prompt the visitor to decide if they want to consent to the use of Analytics or not? As far as I can tell, when they click “I agree” on the banner, that only registers their consent to cookies and consents that are marked “Always Active” or “Required.” Analytics consent can’t be mandatory, so how can I ask them to consent to Google Analytics?

    Once they do consent, how do I trigger the analytics script? It doesn’t appear that consent reloads the page, so if the analytics script doesn’t run unless the cookie is present, it seems like it won’t work unless the visitor manually reloads the homepage or clicks on something else. Obviously, I don’t want the script to run until the visitor consents, but with this setup, it appears it won’t work at all.

    I am looking forward to the plugin update, If I am not mistaken an option will be added so if the user consents the page is refreshed then the visit is tracked.

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    Okay, the new version does have a function to reload the page, which is GREAT (I’m very happy about that). But, I still don’t know at all how to create a working Google Analytics opt-in, as I said above. So, this is NOT resolved.

    Plugin Author Fernando Claussen

    (@fclaussen)

    Since v2, you can set the cookies to required, on or off

    “On” means that when user clicks “I Agree” it will set all required cookies and all ON cookies.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Google Analytics opt-IN?’ is closed to new replies.