Regional Data Controls In Ga4
Management Summary
Regional Data Controls in GA4
Disclaimer: This post is about settings in Google Analytics. In order to ensure the integrity of your user data, we also recommend these GTM settings
Roughly summarized, the following happens when data is collected for Google Analytics (in relation to IP addresses):
- anonymized IP addresses are sent to an API,
- Region, city, country, etc. are categorized based on the IP addresses
(This categorization can also be adjusted → If, for example, you want country data, but not from where the access occurs) - The categorized data is then stored on Google servers assigned to an anonymous ClientID (you can read about where and how it is stored here)
The new solution
In addition to IP anonymization (by default in GA4), you can use the following settings to ensure that the IP geo lookup occurs within the EU (and therefore no personal data is sent to servers outside the EU).
Excerpt from the Google Support article on this
If you are currently using a Content Security Policy (CSP), you will need to update your configurations (img-src and connection-src directives) to allow the following domains used by Analytics:
*.google-analytics.com
*.analytics.google.com
The new domains, which enable data collection in the EU, are expected to be active from the end of May. Please update your CSP configurations by May 27, 2022 so that traffic measurement is not interrupted.
Classification
In combination with server-side hosting of the client-side GTM, you can use this setting to ensure a new, clear boundary between the IP addresses of your users and data centers outside the EU. This is not only in accordance with the GDPR, but also responsible and important when dealing with your customer data.
