Recently, we discovered something alarming while auditing one of our clients’ websites. Email addresses and phone numbers were showing up in their Google Analytics reports, exposing sensitive visitor information that they never intended to collect.
Collecting personally identifiable information from users can be a major issue. It violates privacy regulations like GDPR, putting your business at risk of hefty fines. It can even get your Google Analytics account disabled.
But here’s the good news: preventing personally identifiable information (PII) from ending up in your analytics is actually quite straightforward once you know how.
We’ve spent years working with Google Analytics across hundreds of websites, and we’ve developed a foolproof system to keep sensitive data out of your reports. In this guide, we’ll show you exactly how to protect your visitors’ privacy while still getting all the valuable insights you need from your analytics data.
What Is Personally Identifiable Information, and Why Should You Protect It?
Personally Identifiable Information (PII) is any data that can be used to identify a specific person. It is vital to protect this information to comply with privacy laws like GDPR, avoid costly fines, and maintain your visitors’ trust.
Some common examples of PII include:
- Full name (first and last)
- Email address
- Phone number
- Home address
- Credit card information
- Login credentials (usernames and passwords)
- IP addresses (when linked to individuals)
The problem is that PII often sneaks into Google Analytics through URLs. For example, when users submit details on contact forms, that data can get embedded in the URL of the next page they visit.
A URL might accidentally look like this, exposing a user’s email:
www.example.com/contact-us/thanks?email=personal@information.com.
In that example, we can see that the URL shows the user’s email address.
It’s important to know that privacy laws like GDPR strictly regulate the use of personal data. Google’s terms of service also forbid collecting PII.
If your analytics account is found capturing this information, you could face hefty fines or even account suspension.
Beyond the legal risks, this is also a matter of trust. Visitors expect you to respect their privacy, and if they feel their data isn’t safe, they may take their business elsewhere.
🧑💻 Pro Tip: Be extra careful if you use the User-ID feature in Google Analytics to track logged-in users. Always make sure the ID you assign is an anonymous string of numbers or letters, not a user’s email address or username.
With that in mind, let’s look at two easy methods for keeping PII out of Google Analytics:
- Method 1. Using a WordPress Plugin to Keep PII Out of Google Analytics (Easy)
- Method 2. Keeping PII Out of Google Analytics (Manual Approach)
- Bonus Tips for Privacy Compliance on Your Website
- FAQs About Keeping Personally Identifiable Info Out of Google Analytics
- Further Reading About Analytics and Tracking
Ready? Let’s get started.
Method 1. Using a Plugin to Keep Personally Identifiable Info Out of Google Analytics
The easiest way to keep PII out of Google Analytics is by using the Privacy Guard feature in MonsterInsights – which is the best WordPress analytics plugin on the market.
With Privacy Guard, you can automatically scan query parameters and form submissions to find and remove potential PII. This helps your website remain compliant with privacy regulations.
ℹ️ Quick note: MonsterInsights powers our conversion tracking at WPBeginner, helping us monitor traffic, forms, buttons, referral links, and more with ease. See why we love it in our detailed MonsterInsights review.
Step 1. Install and Activate the MonsterInsights Plugin
First, you’ll need a MonsterInsights account. To get started, go to their website and click the ‘Get MonsterInsights Now’ button.
You can then go ahead and choose a plan. We recommend the Plus plan or higher, as it includes the Privacy Guard feature.
After signing up, you can install and activate the MonsterInsights plugin on your WordPress site. For step-by-step instructions, see our guide on how to install a WordPress plugin.
Step 2. Connect MonsterInsights to Your Google Analytics Account
Upon activation, you’ll need to connect the MonsterInsights plugin to your Google Analytics account.
In your WordPress dashboard, you need to go to Insights » Launch the Wizard to start the setup.
After that, you’ll select the category that best describes your website.
MonsterInsights gives 3 options – business site, publisher (blog), or eCommerce (online store).
After selecting a category, simply click ‘Save and Continue’ to proceed.
On the next screen, you can click ‘Connect MonsterInsights’ to start the connection process.
Then, you can follow the prompt to sign in to your Google Analytics account.
Upon signing in, you can select the website you want to track from the dropdown menu.
From here, go ahead and click the ‘Complete Connection’ button. MonsterInsights will then automatically install Google Analytics on your WordPress website.
For details, feel free to refer to our guide on how to install Google Analytics in WordPress.
Step 3. Enable the Privacy Guard Feature
Keeping Personally Identifiable Information (PII) out of your tracking doesn’t have to be complicated.
With MonsterInsights’ Privacy Guard, you can do it in just a few clicks!
This feature works by automatically identifying and removing a list of common query parameters that often contain sensitive information (like email, credit_card, and password). This helps prevent private details from being stored in your analytics reports.
To do this, let’s navigate to the Insights » Settings » Engagement tab.
Now, just turn on the ‘Privacy Guard’ switch, and you’re all set!
MonsterInsights will now help protect personally identifiable information and keep you compliant with privacy laws.
⚠️ Important Disclaimer: No plugin can guarantee 100% legal compliance because every website is different. We strongly recommend consulting an Internet law attorney to ensure your site meets all legal requirements for your location and specific use case.
This is not legal advice – just a friendly heads-up to help you stay informed.
Method 2. Keeping Personally Identifiable Info Out of Google Analytics
In this method, we’ll show you how to use Google Analytics’ built-in ‘Redact data’ feature. This method is great if you prefer not to use a plugin, as it gives you precise control.
However, it requires you to manually identify and enter the URL parameters your site uses to collect data. So it’s best for advanced users.
Plus, since this method isn’t limited to WordPress, you can follow along even if you use a different website builder.
Step 1: Set Up Your Data Stream in Google Analytics
First, you’ll need to sign in to your Google Analytics account.
Go ahead and click on the ‘Sign in to Analytics’ button to continue.
In the dashboard, let’s hover over the sidebar and click the ‘Admin’ menu.
Under the ‘Data collection and modification’ section, you can click on ‘Data streams.’
After that, click on ‘Data streams.’
This will take you to the table, which lists all your data streams.
Now, you can select your website from the list.
Step 2: Redact Data in Google Analytics
This will open the ‘Web stream details’ slide-in.
From here, let’s scroll down to the ‘Events’ section and click ‘Redact data.’
On the next screen, you will see the ‘Redact data’ menu.
The ‘Choose what to redact’ section of this slide-in has two switches at the top.
Let’s first redact email addresses by flipping the switch. Google Analytics will then automatically exclude email addresses from the data it collects.
Then, you can filter out other PII by entering query parameters.
To do this, you’ll need to enable the switch for ‘URL query parameter.’ Then, you can enter your query parameters in the respective field.
For example, you might add common parameters from your forms like first_name, last_name, phone_number, or user_id. Note that you’ll need to separate each one with a comma.
🧑💻 Pro Tip: Not sure what to add here? The easiest way to find your site’s parameters is to test your own forms.
For instance, fill out your contact form and look at the URL on the confirmation page. Any personal info you see in the address bar after a question mark (?) is a URL parameter you should add to this list.
Once everything looks good, you can save your settings.
Google Analytics will now help protect PII and keep your site privacy-compliant. That said, we still recommend reviewing your data regularly to make sure no private information is slipping through.
Always take the necessary precautions, as improper configuration could lead to compliance issues.
Bonus Tips for Privacy Compliance on Your Website
Keeping personal info out of analytics reports is just one way to comply with privacy regulations. We also recommend following these tips:
- Show a cookie notice on your WordPress website. This popup message allows users to give their consent for tracking cookies on your website. Plus, it’s super easy to set up with a powerful plugin like WPConsent.
- Create GDPR-compliant forms. With a form plugin like WPForms, you can easily add GDPR agreement fields to your forms, disable user cookies and details, and delete user data when requested.
- Add a GDPR comment privacy checkbox. Comment plugins like Thrive Comments can help your discussion section comply with GDPR with just the click of a button.
For more details, just see our complete guide to GDPR compliance for WordPress users.
FAQs About Keeping Personally Identifiable Info Out of Google Analytics
Keeping PII out of Google Analytics is important for privacy and compliance. If you still have questions, feel free to take a look at some quick answers to common questions:
How does Google handle user data and privacy concerns?
Google takes privacy seriously. It anonymizes data and complies with strict regulations like GDPR. While Google provides tools to help businesses protect user privacy, it’s ultimately up to the businesses to make sure they don’t collect personally identifiable information (PII).
Does Google Analytics collect personally identifiable information?
Not by default. But if you’re not careful, PII can sneak in through URLs, form submissions, or custom tracking settings. That’s why it’s important to set things up correctly.
Do all sites with analytics need cookie warnings?
Yep! If your site tracks users with cookies (like Google Analytics does), then privacy laws like GDPR and CCPA require you to show a cookie notice and get user consent.
Further Reading About Analytics and Tracking
That’s all there is to it! We hope this guide has helped you learn how to keep personal info out of Google Analytics.
Understanding how to keep PII out of Google Analytics is just the beginning! If you want to fine-tune your tracking, improve data accuracy, and stay compliant with privacy laws, then check out these helpful guides:
- 📊 Google Analytics 4: A Beginner’s Guide – Learn how to set up GA4 on your WordPress site and make the most of its powerful features.
- 🍪 How to Add WordPress Analytics Without Cookies – Protect visitor privacy on WordPress with cookieless analytics methods.
- 📢 WordPress Post Analytics – Find out how to easily access and track your blog stats.
- 🎯 How to Set Up Google Analytics Goals – Measure what really matters on your WordPress website.
- 🔗 How to Install and Set Up Google Tag Manager – Simplify tracking by managing all your tags in one place.
- 🔍 How to Track Outbound Links – See which external links your visitors are clicking the most.
- ✋ How to Block WordPress Referrer Spam in Google Analytics – Improve the accuracy of your reports by making sure that spam requests do not pollute your data.
- 💭 In-Depth Comparison of MonsterInsights vs SiteKit – See how these powerful analytics plugins stack up.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Have a question or suggestion? Please leave a comment to start the discussion.