What Does Google Analytics Prohibit Collecting?

Using Google Analytics is essential for understanding your audience, but it comes with a critical rulebook, especially regarding user privacy. The platform is incredibly strict about what you can collect, and crossing the line - even accidentally - can have serious consequences for your account and your business. This guide will walk you through exactly what Google Analytics prohibits, where violations commonly occur, and how you can ensure your account stays compliant.

Graphed

Still Building Reports Manually?

Watch how growth teams are getting answers in seconds — not days.

Watch the Demo

What is Personally Identifiable Information (PII)?

Before diving into Google’s rules, it's essential to understand the concept at the heart of them: Personally Identifiable Information, or PII. In simple terms, PII is any piece of data that can be used on its own or combined with other information to identify, contact, or locate a specific individual.

Some examples are obvious and straightforward. You instantly recognize these as personal data:

• Full names
• Email addresses
• Mailing addresses
• Phone numbers
• Social Security numbers or other national ID numbers
• Credit card numbers

However, PII can also include less direct identifiers that, when pieced together, can point to a single person. These might include:

• Full IP addresses (Google Analytics automatically anonymizes IPs, but you should never try to collect the full version)
• Specific location data that is not generalized
• Usernames or IDs that can be easily mapped back to an individual's personal information in another system

The core principle is simple: if the data could lead you or Google to figure out exactly who a specific user is in the real world, it’s most likely PII.

The Golden Rule: What Google Analytics Forbids

Google’s Terms of Service are crystal clear on this topic. They state that you may not pass any information to Google that it "could use or recognize as personally identifiable information." This isn't just a suggestion, it is the fundamental rule of using the platform.

Sending PII to Google Analytics servers is the platform's number one violation. This data gets processed and stored on Google's servers, and if that data contains PII, you are in direct breach of your agreement. This is because Google Analytics is designed to be a tool for analyzing aggregated, anonymous trends - not for tracking individuals.

Graphed

Still Building Reports Manually?

Watch how growth teams are getting answers in seconds — not days.

Watch the Demo

Where PII Accidentally Slips Into Your Data

Most marketers and business owners don’t intentionally collect PII. Violations often happen by accident, with data slipping through in places you might not think to look. Here are the most common hotbeds for accidental PII collection.

1. Page URLs and Query Parameters

This is by far the most frequent source of accidental PII. It often happens when a user submits a form on your website. If the form uses what’s known as a “GET” method, the information entered into the fields gets appended to the URL as query parameters. When a user lands on the “thank you” page, that URL - complete with their personal data - is sent directly to Google Analytics.

Here's what it might look like:

www.yourwebsite.com/contact-confirmation?fname=John&lname=Doe&email=john.doe@email.com

In this example, the user's first name, last name, and email address are exposed in the URL. Since Google Analytics records the full URL of every page view, all of that PII just got sent to their servers.

How to Fix It:

• Use POST for forms: Ask your developer to change your website's forms to use the “POST” method. This method sends form data in a way that doesn't expose it in the URL.
• Redact data in GA4: Google Analytics 4 has a built-in feature to automatically scan for and redact email addresses found in URLs. You can also add specific URL query parameters you want GA to ignore. Find this under Admin > Data Streams > [Your Stream] > Configure tag settings > Redact data.

Graphed

Still Building Reports Manually?

Watch how growth teams are getting answers in seconds — not days.

Watch the Demo

2. Custom Dimensions and User Properties

Custom dimensions and user properties are powerful features that allow you to send your own data to Google Analytics. For instance, you might track a user's subscription level ("free" vs. "premium") or their customer type ("new" vs. "returning"). While useful, it’s easy to mistakenly populate these fields with PII.

For example, you should never create a custom dimension for a user's name or set a user property to be their exact email address. Any custom data you send must remain anonymous.

How to Fix It:

• Good Practice: Send a general attribute like 'customer_tier': 'Gold'.
• Bad Practice: Sending something like 'user_email': 'john.doe@email.com'.
• Review your custom definitions: Audit your existing custom definitions in GA4 under Admin > Custom definitions to ensure none are capturing sensitive information.

3. Event Names and Parameters

Just like with custom dimensions, it's possible to accidentally include PII in the names or parameters of your custom events. For instance, tracking a file download by naming the event "download_report_by_johndoe" would be a major violation.

Event data is meant to describe an interaction, not the person performing it. Stick to generic, descriptive names and parameters that explain the "what," not the "who."

How to Fix It:

• Good Practice: Use an event named 'form_submission' with a parameter like 'form_name': 'contact_us'.
• Bad Practice: An event called 'confirmation_john.doe@email.com'.

4. The User-ID Feature

The User-ID feature helps you track an individual's journey across different devices. For it to work, you must assign a unique, non-personally identifiable ID to each signed-in user. The key here is "non-personally identifiable." You should never use a user's email address, username, or any other PII as their User-ID.

Instead, use an anonymous, system-generated ID (like a random string of numbers) from your own database. This allows you to connect sessions without exposing personal data.

A Quick Note on E-commerce Data

A common point of confusion is e-commerce data. Google Analytics is obviously built to track sales performance, so it must collect some financial data, right? Yes, but with strict limits.

You can and should collect data like:

• Transaction ID
• Product Name and SKU
• Price and quantity
• Tax and shipping costs
• Affiliation (e.g., the partner store where a sale occurred)

What you cannot collect are the PII elements associated with the transaction, like the buyer’s name, full address, or credit card details. The transaction_id serves as the anonymous link between the purchase event in GA and the specific customer record in your e-commerce system, which should stay on your side.

Graphed

Still Building Reports Manually?

Watch how growth teams are getting answers in seconds — not days.

Watch the Demo

The Consequences of Collecting PII

Violating Google's PII policy is not a minor infraction. The consequences can be significant and damaging to your business.

• Account Deletion: Google reserves the right to terminate your Analytics account - and all of its historical data - without notice. Imagine years of performance data vanishing overnight.
• Legal Penalties: Privacy regulations like Europe's GDPR and California's CCPA have strict rules about data collection. Improper handling of PII can lead to hefty fines and legal action.
• Loss of Trust: Customers share their data with the expectation that it will be handled securely and privately. A data breach or misuse of their information can permanently damage your brand's reputation.

How to Quickly Audit Your Analytics Account

Performing regular checks for PII is a smart habit. Here’s a quick checklist to get started:

1. Check Your Page URLs: In GA4, go to the Reports > Engagement > Pages and screens report. Look for any URLs in the list that contain personal information. Use the report’s search bar to look for common PII indicators like "@" signs, "email=", or "name=".
2. Review Custom Definitions: Head to Admin > Custom definitions. Meticulously read through every user property and custom dimension you’ve configured. Do any of their names suggest they might contain PII? Assess how they are being populated.
3. Audit Event Data: Navigate to the Reports > Engagement > Events report. Scan your list of event names. Are they all generic and descriptive of an action, or do some seem to contain user-specific information?

Catching these issues early is the best way to keep your account safe and maintain the trust of your users.

Final Thoughts

Respecting user privacy by keeping personally identifiable information out of Google Analytics isn't just a best practice - it's a hard requirement. By understanding what PII is, knowing where it can accidentally appear, and conducting regular audits, you can use the power of Google Analytics responsibly and without putting your business at risk.

Protecting user privacy and maintaining data compliance is critical, and making sure your various data tools are configured correctly can feel like a full-time job. With Graphed , we help you simplify that process. By connecting directly to your Google Analytics, marketing platforms, and sales tools through official APIs, our platform is designed for secure, aggregated analysis from the start. We handle the complexities of data integration so you can use natural language to build dashboards and get insights, all without needing to worry if PII is accidentally slipping through the cracks into your reports.