In the evolving landscape of data privacy and regulations, excluding Personally Identifiable Information (PII) from URLs sent to Google Analytics 4 (GA4) is not just a recommendation.
It’s a necessity.
Google interprets PII as any information that could be used to directly identify, contact, or precisely locate an individual. For that reason, it’s a big no-no in the new Google Analytics 4, with all its developments to protect user privacy.
However, there are still situations where PII can trickle into your GA4 property — for example, when website visitors and users complete form fields and the data is sent to your analytics property.
In this blog post, we’ll show you the steps on how you can exclude this PII from URLs before they’re sent to GA4.
Here at Inflow, we’ve been configuring the nitty-gritty bits of Google Analytics 4 time and time again. For help optimizing your GA account, reach out to our team today.
What is Personally Identifiable Information (PII)?
According to Google, personally identifiable information includes sensitive details like names, email addresses, phone numbers, social security numbers, and more — all of which can directly identify individuals.
When PII ends up in your Google Analytics data collection, it not only violates privacy standards but also opens the door to potential legal repercussions. By excluding PII, you create a safeguard against personal data breaches, unauthorized access, and privacy breaches.
Google has published best practices to avoid sending PII to help users become compliant with regulations. However, these recommendations — and the current setup of GA4 — leave much to be desired.
That’s why, here at Inflow, we’ve developed our own process for filtering out PII in the Google Analytics interface, before it becomes part of your data import.
How to Remove PII from Google Analytics 4 URLs Using Google Tag Manager
To follow this process, you’ll need access to:
- Your Google Analytics account
- Your Google Tag Manager account
Once you have those ready, follow the simple process outlined below:
Step 1: Create a Custom JavaScript Variable in GTM. Name it “Page URL without PII.”
To create a Custom JavaScript Variable, click on the Variable section in your GTM workspace.
Then, click on the New button in the User-Defined Variables section. You’ll find this option below the Built-In Variables. (You may need to scroll down further in your personal account.)
After clicking this button, a variable configuration window will show. Click on the window area to start choosing a variable type.
On the right side, you’ll see various variable types. Choose the Custom JavaScript variable type.
Finally, the Variable Configuration window will open. Change the name of the variable to “Page URL without PII” by clicking on the default name “Untitled Variable.”
In the red-marked area in the screenshot above, paste the provided JavaScript code (below). This code will remove the personal information parameters (like email, phone_number, address_line_1, etc.) from the URLs using the blocklist array, replacing them with an empty string.
function(){
var blocklist = 'email,address_line_1,address_line_2,city,state,zip_code,full_name,first_name,last_name,phone_number,postcode'.split(',');
var replaceWith = '';
var url = location.href;
var sanitizedUrl = url.replace(/((\?)|&)([^#&=]+)(?:=([^#&]*))?/g,
function(input, delim, qmark, key, val) {
if (-1 === blocklist.indexOf(key))
return input;
else
return replaceWith ? delim + key + '=' + replaceWith : qmark || '';
}).replace(/\?&*$|(\?)&+/, '$1');
return sanitizedUrl;
}
Note: It’s essential to identify which parameters send PII data in URLs from your website and adjust the code accordingly. If you’re unsure what PII parameters could be found in your website URLs, you can create an Exploration report in GA4, include the Page path + query string dimension, and explore what PII data you can find there.
After pasting the code in the variable, it should look like the screenshot below. (Don’t forget to hit Save.)
Step 2: Edit the GA4 Configuration Tag.
Add a page_location parameter name, and use the Page URL without the PII variable as a value.
Step 3: Test the Setup in Preview Mode.
Now that your details are all configured, it’s time to test it out.
In GTM’s preview mode, enter the URL containing the PII data you want to exclude (e.g., https://yoursite.com/?email=example@email.com&first_name=bojan&last_name&zip_code=10000&address_line_1=Ilivehere12&city=Tampa&state=Florida).
In the screenshot below, the first Page URL variable represents the built-in variable and contains the URL with its PII data.
Below that, you’ll see the Page URL without PII, which is returning the URL without PII data, while keeping the other URL parameters intact.
After making these changes, monitor GA4 for a few days to ensure there are no discrepancies — and that you have successfully redacted all identifiers you intended to exclude.
More GA4 Resources & Tips
In a marketing environment where data-driven insights steer the course of business, safeguarding user privacy has never been more critical. By actively excluding PII from URLs sent to GA4, you’ll take a decisive step toward ethical and compliant data management.
PII’s exclusion isn’t just a technical tweak; it’s a commitment to respecting user privacy, preserving data integrity, and upholding your brand’s reputation.
Have more questions about building your Google Analytics 4 reporting strategy? Feel free to reach out to our certified team of experts, or check out any of our other resources below:
0 Comments