If your website or mobile app uses Google Analytics, you definitely need to have a Privacy Policy.

Google Analytics stores cookies on your users' PCs to keep track of usage data. This is enough to evoke the requirement of a Privacy Policy according to the EU Cookies Directive.

The EU's GDPR also requires a Privacy Policy when usage data is collected, such as through cookies.

When you use Google Analytics, you can opt-in to getting access to analytics and usage data plus advertising features that allow you to create better marketing campaigns.

The use of these features that include retargeting triggers the requirement to update your Privacy Policy to inform users about your usage of retargeting identifiers through Google's network.

Privacy Policy for the standard features of Google Analytics

In the Google Analytics Terms of Service agreement there's a requirement that users of Google Analytics must have a Privacy Policy agreement in place.

The Privacy Policy must disclose that analytics is used, disclose how data is collected and processed, and provide notice of the use of cookies.

Here's the clause in the Terms of Service agreement that sets forth these requirements and provides suggestions for meeting them:

Google Analytics Terms of Service: Privacy clause

Your Privacy Policy should be easily accessible to visitors directly from your website or mobile app, such as in a footer link or mobile app "About" menu.

This makes it easy for users to locate and view your agreement whenever they want to.

Here's an example of how Upwork (former oDesk) includes a link to its Privacy Policy and other legal agreements in its website footer:

Upwork website footer with legal agreement links highlighted - 2018

Because so many businesses place their legal agreement links in their website footer, people know to check there.

You can also include a pop-up or banner message, such as the one in the image below, that tells your users that cookies are in use. Include a link to your Privacy Policy (and Cookie Policy) in this pop-up or banner message to make sure relevant information is easily accessible.

Linden Lab cookies notice with active consent: Agree and Proceed

Include information about your use of Analytics cookies in your Privacy or Cookie Policy and make it clear that you're using Google Analytics to gain insights and improve the functionality of your website, or for marketing purposes.

Here's how Indeed.com does this in a clause in its Cookie Policy:

Indeed Cookie Policy: How cookies are used with Google highlighted

Give users the ability to opt out of having cookies placed for the purposes of Google Analytics and let them know that they have this right.

There's an opt-out browser add-on from Google that helps make opting out incredibly easy and convenient for users. You can mention and link to this add-on in your Privacy Policy:

Screenshot of Google Analytics Opt-out Browser Add-on tool page

Analytics Remarketing

If you use the Google Analytics Remarketing Lists feature, you're required to agree to the Google Analytics Terms of Service. These Terms require you to have an informative Privacy Policy that discloses that Google Analytics Remarketing uses cookies to track users who visit your website or use your mobile app and display your ads to these users when they are on other websites.

Google Analytics Prerequisites to remarketing with requirement to agree to Analytics Terms of Service highlighted

While the exact language you should include isn't provided by Google, you should focus on being clear, concise, and informative.

Here's a checklist of what to include in your agreement:

  • Let users know that you use remarketing and that this will advertise your company or website across other websites that users visit.
  • Let users know that Google and other third-party vendors will show your ads on websites that users visit after visiting your website.
  • Let users know that your ads will be shown on other websites because the user visited your website in the past.
  • Let users know how they can opt out of this remarketing campaign through the Google Ad Settings page.

Here's a clause from AdRoll's Privacy Policy that's a great example of how to let users know all of this information:

AdRoll Service Privacy Notice: Cookies clause

The very next clause in the Privacy Policy addresses how users can opt out of or adjust targeted ads and the use of personal data:

AdRoll Service Privacy Notice: Excerpt of cookies opt-out and choices clause

AdRoll provides an Adjust Ad Preferences feature where a user can adjust advertising preferences quickly and easily. It's linked in the website footer along with other legal agreements:

Screenshot of AdRoll website footer

Users who click on the link are taken to a screen where they are given the ability to adjust individual ad remarketing settings. Consent can be revoked or granted for all advertising and analytics cookies with one click, or individually adjusted:

Screenshot of AdRoll

If you use AdRoll, AdWords, or a different remarketing tool, you can add a link on your website to a page or module like this. Having something like this one is a great way to allow your users to choose which cookies they wish to allow and opt out of behavioral ads if they want to.

The following example from Storkie makes it clear that the website is using Google's cookies and lets users know how they can opt out of this:

Storkie Privacy Policy: Cookies clause with opt-out information highlighted

Privacy Policy for the advertising features of Google Analytics

Google Analytics Advertising tools lets you take the usage data and information you obtain from Google Analytics and use it for advertising purposes. Remarketing, also known as retargeting, is a widely used and incredibly popular function of Google Analytics.

If you choose to enable remarketing or any of the Google Analytics Advertising features, Google requires that you notify your visitors by disclosing the following 3 main points in your Privacy Policy, as stated in the Policy Requirements from Google:

Google

1. Which Google Analytics Advertising Features have you implemented?

In your Privacy Policy, include a list of all features and links to more information about each of the features you have implemented for your website so that users can be aware of them.

For example, if you use Google AdWords for remarketing purposes, declare this and consider including links to both Google's Remarketing website, as well as the general Google Privacy Policy as it applies to AdWords usage.

2. Disclose that you and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together.

Do this through a Cookies Policy or at least a cookies clause in your Privacy Policy.

You need to let users know that you use third-parties for advertising and how these third-parties may use cookies.

If your business is based in the EU or you sell to EU customers, there are additional requirements you must meet in order to satisfy the EU Cookies Directive because all remarketing service are based on cookies usage.

Visitors to your website or mobile app must give informed, specific, and voluntary consent to have cookies placed on their devices before any cookies are placed.

The most common way that this requirement is satisfied is through the use of pop-up banners that appear prominently on a web page the first time a user visits a website. The banner informs a user about the use of cookies and requires some sort of active action from the user to give consent.

In this example from BBC, a user must click the "Continue" button before cookies can be used. The notification box clearly states that by clicking the "Continue" button, the user is consenting to BBC's use of cookies.

BBC Notification: Cookies on website

How to Add Your Cookie Consent Solution

TermsFeed: Cookies Consent - How to add Your Solution

Use our free Cookie Consent Solution to create, customize and add a Cookie Consent notice to your website.

  1. Click on the Cookie Consent link at the top of our website. Our Free Cookie Consent Solution will open:

    2. TermsFeed: Cookies Consent Solution

  2. Choose your consent preference: Implied or Express:

    3. TermsFeed Cookies Consent: Choose your consent preference - Step 1

  3. Customize your Cookie Consent widget with your website name, banner notice type and color palette:

    4. TermsFeed Cookies Consent: Customize your consent - Step 2

  4. Copy your Cookie Consent code and add it to your website page code before the closing of the </body> tag.

    5. TermsFeed Cookies Consent: Copy your Cookie Consent code - Step 3

  5. Adjust your website's JavaScript to accommodate your users' selections for consent:

    6. TermsFeed Cookies Consent: Adjust your website&#039;s JavaScript to users - Step 4

3. How visitors can opt-out of the Google Analytics Advertising Features you use, including through Ads Settings, Ad Settings for mobile apps, or any other available means (for example, the NAI's consumer opt-out).

Google has its own available opt-out tool for Google Analytics that they encourage you to linking to, as noted earlier in this article.

Linking to it is a great way to satisfy the requirement that users must be informed on how to opt-out.

If you're developing a mobile app and not a website, your Privacy Policy should be accessible from within the app.

Dropbox accomplishes this by putting a "Legal and Privacy" section in its "Settings" tab that links to its Privacy Policy.

Highlight Legal &amp; Privacy Item in Dropbox iOS App

Here's an example from The Sierra Trading Post's Privacy Policy that discloses its use of the Google Analytics features:

Sierra Trading Post Privacy Policy: Section on Interest-Based Ads

The section titled "Interest-Based Online Advertising and Google Analytics" includes the required information to comply with Google's requirements:

  1. What Google Analytics Advertising Feature is implemented
  2. How both this website and third-party vendors use first-party cookies, first-party identifiers, third-party cookies, and other third-party identifiers together
  3. How users can opt out of the cookies information being collected and used

It says:

"we use Google Analytics' 3rd-party audience data such as age, gender, and interests to better understand the behavior of our customers and work with companies that collect information about your online activities to provide advertising targeted to suit your interests and preferences... These companies also use automated technologies to collect information when you click on our ads, which helps track and manage the effectiveness of our marketing efforts."

This makes it clear what information is being collected by Google Analytics, who is using it, and how it is being used.

The last paragraph of this section satisfies the requirement about informing users on how they can opt-out:

"you may opt out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests, by visiting the consumer opt-out page for the Self-Regulatory Principles for Online Behavioral Advertising at http://www.aboutads.info/choices/ and edit or opt-out your Google Display Netowrk ads' preferences at http://www.google.com/ads/preferences/."

If you enabled the Advertising Features in your Google Analytics account, update your Privacy Policy by adding a new clause titled "Interest-Based Online Advertising and Google Analytics" and make sure it includes the required information about your usage of these features.

TermsFeed Privacy Policy Generator: How to Create a Privacy Policy for Your Website

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your website. Just follow these steps:

  1. Click on the "Start the Privacy Policy Generator" button.
  2. At Step 1, select the Website option and click "Next step":

    3. TermsFeed Privacy Policy Generator: Create Privacy Policy for Website - Step 1

  3. Answer the questions about your website and click "Next step" when finished:

    4. TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  4. Answer the questions about your business practices and click "Next step" when finished:

    5. TermsFeed Privacy Policy Generator: Answer questions about business practices - Step 3

  5. Enter your email address where you'd like your policy sent, select translation versions and click "Generate My Privacy Policy." You'll be able to instantly access and download your new Privacy Policy:

    6. TermsFeed Privacy Policy Generator: Enter your email address - Step 4

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy