Set up Privacy-conscious Analytics in 20 Minutes


THIS IS AN UNFINISHED DRAFT

TL;DR

Privacy policy is legally required for majority of websites. If you want an effortless option, consider Plausible.io for 90 eur/month. Best free option I found is Termly + Google Tag Manager + Google Analytics.

Motivation

As an improvement-obsessed person, when I set up my personal blog (here, effortless thanks to Franklin.jl) my first thought was “how will I measure the traffic to keep getting better?"

While Google analytics is an easy choice for tracking, it is no longer sufficient on its own. It is legally required in many countries to have a privacy policy AND to obtain user’s consent before you start tracking (in most cases).

This blog post is a summary of my research and a brief how to guide to help you set up privacy-conscious (and compliant) website analytics for free in 20 minutes.

Does it concern my website?

Oversimplifying here a bit but if you use any of cookies, IP addresses (location), browser or device information or any standard analytics solution (Google analytics, Matomo, etc) you need to read on.

The reason is that if an EU citizen visits your website, you are liable to EU's General Data Protection Regulation (GDPR). That means you need to follow specific rules for:

The similar holds for other privacy regulations around the world (eg, UK's GDPR, Canadian PIPEDA, Californian CCPA)

Practically, you should also publish Terms and Conditions for your website (even if it's a persoanl website), but that's a separate topic!

Now that we have established the need, let’s look into what we need to do.

So what do I need to do?

You can read about it in detail here or from a more authoritative source here.

In short, we need to:

Solution Comparison

TODO: Add more detail for each

Gold Solution: Plausible.io

Silver Solution: Google + Termly <– My Choice

Bronze Solution: Google + Osano + Termsfeed

Deep dive on the winning solution

The winning solution for me was #2. It requires slightly more effort to set up, but it’s free (great for personal or open source projects!) and has more powerful analytics features for the future.

Side note: Why GA4 and not Universal Analytics (UA)?

No one should start a new analytics account with UA in 2022, as it will be sunset in July 2023. Moreover, GA4 has been built with modern considerations and experiences in mind (eg, mobile devices, privacy-conscious consumers). This tutorial does not take advantage of its full power but it gives you extensible option for the future (eg, estimated traffic if everyone consented to tracking)

Setting up our solution

TODO: Add screenshots and more detail

  1. Set up GA4

I’d highly recommended changing some of the default settings to capture only what is strictly necessary and retain data (and cookies) for as short time as possible. The letter of law might have many interpretations here but your visitors will certainly appreciate it!

  1. Set up Termly [10 mins]

  1. Set up Google Tag Manager (GTM)

A more detailed guide can be found here

  1. Update your website

If you use Franklin.jl to produce your website, you can find some additional tips in Appendix.

  1. Test that it worked

Appendix

Tips for integrating into Franklin.jl websites

To see the Google support article go here. The step that was hard for me was that you need to expand the options via "Show All" to see "Override Cookie Settings"

[Changing GA cookie expiration]

How to reduce Google's data retention

[Changing GA data retention]

CC BY-SA 4.0 Jan Siml. Last modified: February 13, 2024. Website built with Franklin.jl and the Julia programming language. See the Privacy Policy