When a privacy policy is necessary for your site


Privacy policies are more important than you might think. You might be doing a lot of cool stuff with your site; you might be sending out frequent newsletters; you might be collecting data on your visitors; you might be selling products; you might be throwing out the rules in order to make something awesome, but you need to make sure that you are following Google Analytics rules so that you continue to show up on Google.

When a Privacy Policy is Necessary

If you incorporate specific Google Analytics advertising features, you may need to have a privacy policy alerting your readers that you have third party features set up to collect their data. It might seem like an annoying task, but would you want your information, demographics, age, and search information to be collected without your knowledge? Probably not.

If you want an in-depth analysis, and if you enable any of Google Analytics’ more in-depth features (like demographics reports and interest reports), then you’ll have to include a privacy policy on your site. Basically, if it’s a feature that you have to “enable,” through Google Anayltics, you’re going to need a privacy policy. If it’s a feature that is included in Google Analytics’ general features (i.e. something you don’t have to enable), then a policy isn’t needed.

Features that Require a Privacy Policy (according to Google)

  • Remarketing with Google Analytics
  • Google Display Network Impression Reporting
  • Google Analytics Demographics and Interest Reporting
  • Integrated services that require Google Analytics to collect data via advertising cookies and anonymous identifiers

What if you don’t want to incorporate a privacy policy?

Google Analytics offers differing services: overview services, which collect data that you don’t need a privacy policy to gather, and more detailed services that have to be enabled, which require a privacy policy to incorporate. For example, if you use Google Analytics’ “overview” feature, which allows you to explore pageviews, average session time, and bounce rate, you don’t need to include a privacy policy because you’re not really going to be grabbing in-depth information or sensitive information about your customers. So if you just use the overview features, you are okay to leave out a privacy policy.

Keep in mind that Google’s services are pretty comprehensive, even without the deeper data, so you might not need to track more detailed customer data, and, therefore, you might not need to incorporate a privacy policy if you don’t want to.

What does a privacy policy need to contain?

According to Google,

If you’ve enabled any Google Analytics Advertising features, you are required to notify your visitors by disclosing the following information in your privacy policy:

  • The Google Analytics Advertising Features you’ve implemented.
  • How you and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together.
  • How visitors can opt-out of the Google Analytics Advertising Features you use, including through Ads Settings, Ad Settings for mobile apps, or any other available means (for example, the NAI’s consumer opt-out).

Want to check out some examples of privacy policies that we’ve seen on other sites? Let’s look at some privacy policy excerpts:

At Google, we are keenly aware of the trust you place in us and our responsibility to keep your privacy and data secure. As part of this responsibility, we let you know what information we collect when you use our products and services, why we collect it, and how we use it to improve your experience. The Google privacy policy & principles describes how we treat personal information when you use Google’s products and services, including Google Analytics.


In some cases, we may use a third party payment service to process purchases and/or collect donations made through the Sites.  In these cases, your Personal Information may be collected by this third party and not by us, and will be subject to the third party’s privacy policy, rather than this Privacy Policy.  We have no control over, and are not responsible for, this third party’s use or disclosure of your Personal Information.


Not all privacy policies are going to be the same, because not all websites collect the same type of data. To be sure your privacy policy is appropriate, check up with Google Analytics and make sure you let your customers know what you’re doing. If you don’t let your customers know what you’re doing, Google Analytics will shut down the pages until you update your privacy policies, so this is one case where following the rules really pays.




Seen enough? Get An Estimate