How to Remove PII from Google Analytics

Accidentally collecting personally identifiable information (PII) in Google Analytics is a surprisingly common issue that can cause major headaches. It violates Google's terms of service and can put you in hot water with privacy regulations. This article will guide you through exactly what PII is, how to find it in your reports, and the precise steps you can take to remove it and prevent it from happening again.

What Counts as PII in Google Analytics?

In the context of Google Analytics, PII is any data that could be used to directly identify an individual person. While this seems straightforward, the specifics can be a bit surprising. According to Google's terms, you are strictly forbidden from collecting the following:

• Names
• Email addresses
• Phone numbers
• Mailing addresses
• Social Security numbers or similar government-issued IDs
• Usernames or login credentials
• Precise geolocation data

The reason is simple: Google Analytics is designed for aggregated, anonymous user behavior analysis, not for tracking individuals. Sending PII to Google not only violates their service terms (which can lead to your account being terminated) but could also put you at odds with data privacy laws like GDPR and CCPA. It's a problem you need to fix immediately.

Common Ways PII Ends Up in Your GA Reports

Most of the time, PII collection isn't intentional. It usually creeps in through technical oversights in how data is passed to your website's analytics. Here are the most common culprits.

1. PII in Page URLs

This is, by far, the most frequent cause. If you see URLs in your reports that look like this, you have a problem:

• www.yourstore.com/thank-you?email=jane.doe@email.com
• www.yoursite.com/profile?user_name=john-smith&id=123

This often happens when a user submits a form on your website that uses a "GET" method. This method appends all the form data to the URL as query parameters. When a visitor lands on that page, Google Analytics records the full URL, PII and all.

2. PII in Event Parameters

With Google Analytics 4, custom events are the foundation of your reporting. While powerful, they can be configured to capture sensitive information. For example, a developer might set up a custom form_submission event and include parameters like user_email or customer_name to track who submitted the form. This is a direct violation of policy.

3. PII from the User-ID Feature

The User-ID feature allows you to stitch together sessions from the same user across different devices. The feature itself is compliant, but the implementation is what matters. The User-ID value must be a non-personally identifiable, pseudonymous string of characters, like a database ID (e.g., user_12345). Using an email address, username, or phone number as the User-ID is a classic mistake.

4. PII in Custom Dimensions

Just like with event parameters, custom dimensions can be set up to store user-level or session-level details. You might be tempted to create a dimension for "Customer Name" or "User Email" by passing that data from your website or CRM. While the intent might be to enrich your reports, this directly sends PII to Google's servers.

Finding the PII Hiding in Your Reports

Before you can fix the problem, you need to conduct a quick audit to find where the PII is located. Here's a simple process to follow.

Step 1: Check Your Page Reports

This is the best place to start looking for PII in URLs.

1. In GA4, go to Reports > Engagement > Pages and screens.
2. In the search box just above the table, you can look for common PII patterns. Try searching for "@" to find email addresses, or common name formats.
3. Scan the "Page path and screen class" column. Look for any URLs that contain query parameters (the part of the URL after the "?") with what looks like personal data. Pay close attention to thank-you pages, confirmation pages, and user profile pages.

Step 2: Scrutinize Custom Events and Dimensions

Next, you'll want to review your GA4 setup for potentially problematic customizations.

1. In GA4, click on Admin (the gear icon in the bottom-left).
2. Under the Property column, go to Custom definitions.
3. This will show your Custom Dimensions and Custom Metrics. Read through the "Dimension name" and "Event parameter" for anything suspicious like email_address, full_name, phone_number, etc. If you find one, that parameter is likely leaking PII.

Step 3: Review Your User-ID Implementation

This step is a bit more technical. You'll likely need to check with your developer or dive into Google Tag Manager (GTM).

• Look at the source code of your website or your GTM configuration to see what value is being assigned to the user_id parameter.
• Confirm that it's an anonymous identifier and not a plaintext email, username, or other direct PII.

How to Remove PII from Google Analytics

Once you've identified the PII, it's time to take action. This involves addressing both the past data and preventing future collection.

The Harsh Reality: You Can't Simply "Delete" Old Data

First, an important clarification: you can't go into Google Analytics and delete a specific row from a report. Analytics data is processed and aggregated, making surgical removal impossible. However, GA4 provides tools to request the deletion of data associated with specific parameters or user identifiers.

Using Data Deletion Requests in GA4

This is Google's official method for removing PII that has already been collected. It tells Google to find and delete all data associated with a specific parameter or user for a certain timeframe.

Here's how to do it:

1. Navigate to Admin > Property > Data Deletion Requests.
2. Click the Create data deletion request button in the top right.
3. Choose a deletion type. Most likely, you'll choose 'Delete all parameters for a specific registered event/dimension name'.
4. Select a Start date and End date for the deletion. Note: It's best practice to delete all data since the day PII started being collected.
5. In the text box for "Parameter Name(s)", type in the name of the parameter that contains the PII (e.g., email).
6. Acknowledge the terms and submit the request.

This process is IRREVERSIBLE. Once the data is gone, it's gone for good. The process can also take several days to complete, so be patient.

Redacting Data with Data Filters Going Forward

What about preventing more PII from getting in while you fix the root cause? GA4's Data Filters are perfect for this. They don't remove historical data, but they can redact incoming sensitive data.

1. Go to Admin > Data Settings > Data Filters.
2. Click Create Filter.
3. Choose the Developer and Internal Traffic filter for this use case if you want to selectively apply to that dataset first after testing. Or filter by 'Data Redaction,' though a dedicated redaction filter object is less of an organized feature in current GA4 UI.
4. Give the filter a name, like "Redact Email PII".
5. Specify the event parameters you want to redact (e.g., email_address).
6. Activate the filter. Once active, any data from that parameter will arrive in your reports as “(data redacted)” instead of the actual PII.

Proactive Steps to Keep Your GA Account PII-Free

Removing old data is only half the battle. Now you need to plug the leak for good.

1. Switch Your Forms to the POST Method

Talk to your web developer about any forms that use the GET submission method. Request that they be changed to use the POST method instead. This sends form data in the body of the web request, not in the URL, instantly solving the most common PII problem.

2. Exclude URL Query Parameters in GA Directly

Another option if changing the forms isn't feasible is to configure GTM (more straightforward) or GA (more complex to configure) to ignore certain query parameters. You could write a filter to tell GA to never record parameters named email or user_name.

3. Sanitize Event Data

Work with your developer or analytics team to audit your GTM and event tracking setup. Ensure that no custom events are configured to capture and send usernames, emails, or other sensitive details as event parameters.

4. Review Your Cookie & 3rd Party Tracking Consent Policies

More of a best practice than direct PII removal: use a modern consent manager platform like CookieBot or OneTrust to make sure no user behavior is being processed without correct notice.

Final Thoughts

Finding and removing PII from Google Analytics can be a stressful but necessary task. By following a methodical approach - identifying the leak in your URLs or events, using data deletion requests to clean up past reporting, and implementing preventative measures like changing form methods or filtering parameters - you can ensure your analytics practices are both compliant and effective.

Keeping constant watch over all your data sources for potential issues like PII can feel overwhelming. At Graphed, we focus on making data analysis less of a headache. By connecting sources like Google Analytics, Shopify, and Salesforce in one place, we allow you to bypass manual report digging. You can ask for what you need in plain English - like "show me my top traffic sources driving sales this month" - and get an instant, real-time dashboard. This simplifies your reporting and frees you up to focus on strategy instead of audits. Give Graphed a try to see how we simplify data for busy teams.