Encrypting Troublesome PII



arguments for / against using 1 property or multiple –




Property Moving

GA4 Properties are able to be moved between accounts, but as of now data streams currently cannot. This could impact businesses going through mergers and acquisitions. For example, if a company sells off one of their brands, they could migrate a Universal Analytics property from the old account to the acquirer's account as part of the acquisition.

If instead, that brand was one of several data streams in a property, that data stream would not be able to be migrated to the acquirer's account without migrating the entire property. In this case, the selling company could offer an export of the BigQuery data for the acquired brand's data stream in their agreement terms, but would not be able to migrate the property.




If your websites and apps are loosely tied together and will each need their own set of custom dimensions and user properties, you may consider breaking them out into different properties to avoid the feature limitation.

BigQuery may be another consideration for your setup. If all of your data streams are in one property, all of your data will end up in the same BigQuery dataset. Also note that GA4 properties have a 1:1 relationship with Google Cloud projects, and each Cloud project can only be associated with one billing account. If your business uses different billing accounts for projects managed by different business units, you might want to align your GA4 property hierarchy to match.



Tag Manager Environments



I have multiple environments for my web app to run: localhost, testing and then production.



There is a built-in variable in GTM called Page Hostname, so you can set it as a condition for your tag's triggers. For example, you may change a Google Analytics tag's trigger from All Page Views to Some Page Views, where page hostname matches your site's hostname. enter image description here



ealing with PII in Google Analytics

Ask Question

Asked 8 years, 4 months ago

Modified 6 years, 2 months ago

Viewed 941 times




I want to set up User ID in GA using GTM, by getting a UID via the cookie. The problem is that we store only the account email address in the cookie, and we don't store any unique UID. We can't send this email address to GA since sending personally identifiable information (PII) is not allowed.

A UID is stored on the back-end, but it would take development effort to retrieve it and store it in the cookie. That's a no bueno because I really need this implemented as soon as possible without involving developers.

Can I somehow encrypt the email address from the cookie to a unique code in GTM using Custom Javascript so that it's NOT personally identifiable, and cannot be easily decrypted to find the email address? I can send this unique encrypted code to GA.


Improve this question


asked May 7, 2015 at 13:10

Vikram's user avatar


13988 bronze badges

Add a comment


2 Answers

Sorted by:

Highest score (default) Date modified (newest first) Date created (oldest first)







Can I somehow encrypt the email address from the cookie to a unique code in GTM using Custom Javascript so that it's NOT personally identifiable

Absolutely you can. Unless it cannot be used by Google (or any third-party to match it to a person) – you could and should. One option would be to hash it using SHA-256 (irreversible) and save the value to GA



Improve this answer


edited Jun 16, 2017 at 1:28

John Conde's user avatar

John Conde

86.1k2727 gold badges146146 silver badges240240 bronze badges

answered Jun 16, 2017 at 1:21

Dmitry's user avatar


12611 bronze badge

  • Thanks. I don't know if this answer was valid in 2015, but it certainly is correct now. From this page: "You can send Google Analytics an encrypted identifier or custom dimension that is based on PII, as long as you use the proper encryption level. Google has a minimum hashing requirement of SHA256 and strongly recommends the use of a salt, with a minimum of 8 characters. Notwithstanding any of the foregoing, you may not send Google Analytics encrypted Protected Health Information (as defined under HIPAA), even if it is hashed or salted."


    Jun 19, 2017 at 2:22

Add a comment





It appears that would violate the GA terms of service. According to this Analytics help page:

The Google Analytics terms of service, which all Google Analytics customers must adhere to, prohibits sending personally identifiable information (PII) to Google Analytics (such as names, social security numbers, email addresses, or any similar data), or data that permanently identifies a particular device (such as a mobile phone’s unique device identifier if such an identifier cannot be reset), *even in hashed form*. Your Google Analytics account could be terminated and your data destroyed if you use any of this information.









Using Email Addresses as Google Analytics User Ids without Failing at GDPR



While setting up a basic email marketing flow for a client, I hit a few snags trying to come up with an easy way to keep website activity in sync between the CRM & Google Analytics using the email address. There were issues related to both compliance and technology. In the end, the solution was pretty simple but it took a lot of searching around, so here’s a summary.

(Scroll all the way down to the bottom if you just want the javascript that makes it work.)


The Goal

In Google Analytics you can use a feature called User-ID to associate a unique identifier with your website visitors. This has tons of great benefits, mostly related to being able to unify your analytics for a particular user across multiple sessions and devices. For me, though, the big goal is to eventually be able to link website activity data from Google Analytics back to specific lead and contact records in Salesforce. In order to accomplish that goal at some point in the future, there are some pieces which need to be put in place right away.

The Strategy

In order to make this work I need a “user id” that can tie everything together. Salesforce is the system of record. But rather than use the Salesforce lead or contact id (which can change if duplicate records are merged), I want to use the email address.

The email address is a natural key rather than a synthetic key, which makes it well suited to use cases where duplicate records are a persistent issue. CRM contacts often end up with dupes due to common things like filling out website forms multiple times and uploading lead lists from marketing events. By using the email address as the Google Analytics “user id” I can reduce the risk that GA will get out of sync with the CRM.

Of course, “natural keys” that relate to humans go by another name: Personally Identifiable Information (PII). Using PII as our user id has some downsides, but we’ll get to those in a minute.

The Components

Here’s a breakdown of the client’s setup.

  • CRM: Salesforce is the primary system of record for leads and contacts.
  • Email Marketing Tool: Mailchimp is used for marketing automation. It’s not the most sophisticated tool but it’s cheap, reliable and fairly simple for end users to use on a day-to-day basis. Also, the Mailchimp Salesforce integration is surprisingly full featured (and works even on their cheapest plans) and lets you build queries of contacts & leads which are automatically pulled from Salesforce into Mailchimp in a nightly batch job.
  • Website: The website is running on WordPress. 🤷🏼‍♂️
  • Tracking: Google Analytics, naturally. Eventually I’m planning on setting up a system to automatically ingest website activity back into Salesforce. But for now my goal is just to make sure that the GA is tracking activity in a way that at least sets me up to link it back to Salesforce in the future.

The Flow

  1. Salesforce pushes contacts and leads to Mailchimp. The email address (obviously) comes along for the ride.
  2. Mailchimp sends emails to the users. The emails contain CTA links. We’ve appended “?email=|EMAIL|” to the end of each link URL which causes Mailchimp to include the user’s email as a query parameter.
  3. When the user hits the website I will write some javascript which sees the email address and passes it to Google Analytics as the User Id.
    (This is the problematic step, details below.)
  4. That’s it! Once we tell GA who the user is, it will cookie them and ensure that all future (and past) data tracked against the current browser session is linked to their email address. This will ensure that we can eventually link that activity back to specific Salesforce records.

The Problem

So what’s the issue? Well, you’re not supposed to send personally-identifiable information to Google Analytics, primarily due to the EU’s GDPR regulations. Not only do we want to be in compliance with Google’s policies (so they don’t shut down our GA account) but we also really need to comply with GDPR (so the European government doesn’t track us down and sue us). And frankly, we also need to be good stewards of our users’ valuable data if we really want to forge tenable business paths into the bold, data-driven future.

Ok, so we need to be careful with PII. And email addresses definitely count as PII, so what do we do? We encrypt them! Per Google’s documentation:

You can send Google Analytics an encrypted identifier or custom dimension that is based on PII, as long as you use the proper encryption level. Google has a minimum hashing requirement of SHA256 and strongly recommends the use of a salt, with a minimum of 8 characters.

A hashing algorithm is a process of turning a secret string (like an email) into a jumbled version of itself (a hash) via a process which is easy to do in one direction (email → hash) and difficult to do in the other (hash → email). Hashing allows us to handle the email address in a way that lessens the risk of exposure to third parties like, in this case, Google Analytics. MD5 is one of the most common ways to hash an email address, but it’s not very secure and Google requires something better. SHA-256 is better, and it’s widely supported in most programming languages, including Salesforce’s Apex language. So I’m going to use SHA-256.

The Solution — Part 1

Somewhere in our data flow we’re going to need to encrypt the email using the SHA-256 algorithm. Mailchimp can’t do it. Salesforce can definitely do it — and in fact that would be a better solution — but for this project I’m trying to avoid adding custom server-side code to Salesforce. So that only leaves one place: javascript running on the website itself.

I’m already using a free plugin to insert the Google Analytics tracking code javascript into the header of the Wordpress website, so that part is easy. I’ll just add a bit more code to the bottom of that script tag and be good to go.

The first tricky bit is figuring out how to do SHA-256 hashing in vanilla javascript in a web browser. The code to do this is below. Note: It relies on the Web Crypto API, which is currently supported in all browsers but evidently requires some sort of opt-in process for IE 11. If maximum browser support was critical I could import a third party crypto library, but that would slow down page loads and add complexity so I’m skipping it since IE support isn’t critical for my use case.

This is only part of the solution. We still need to send this info to Google Analytics.

The Solution — Part 2

We’re almost there but we have one last problem: the URL of the page. We just used our email marketing tool to put the user’s email address in a query parameter in the URL. This is what allows our javascript to parse it and encrypt it. But when Google Analytics tracks the page view for this visit, the email address will get tracked along with it. In its unencrypted state. 🤦🏼‍♂️

That’s not good! In fact, if we go live with this solution we could technically still be causing a GDPR violation. So we need to fix that. If you google around, you’ll come across Simo Ahava’s solution which very elegantly redacts all sorts of PII from every single hit we send to Google Analytics. This approach is very sophisticated. It’s also pretty complex to implement, especially if you’re not already using GTM. And for my use case it feels like overkill. I’m really just trying to remove one specific url parameter.

Luckily there is a simpler solution. We just need to make a little change to the GA tracking code. This is the default header tracking code which is automatically generated for you in the Google Analytics admin UI:

// This is the default, it tracks a page view with the current URL
gtag('config', 'GA_MEASUREMENT_ID');

The documentation for the gtag() command explains that the command also accepts an object containing overwrites for the page view parameters. Using that syntax, here’s what it would look like to erase the word “something” from our URLS before tracking them in GA:

// We can modify the URL if desired
gtag('config', 'GA_MEASUREMENT_ID', {
  'page_location': document.location.href.replace(/something/gi, '')

So we just need to erase our email parameter before passing it to GA. Putting it all together looks like this:

This is the final solution. This code needs to be updated with your own Google Analytics tracking id and a unique hash salt string (like the name of your company). And if you go with a URL query parameter named something other than “email” you’ll need to change that too.


Now all of the Google Analytics website data will automatically be linked with the SHA-256 encrypted version of the user’s email address when they click a CTA link in a marketing email. This will make it possible, in a later project, to link that activity back with the original contact records in our CRM.






[GA4] Measure activity across platforms with User-ID

Send user IDs generated by your business to your Analytics property

The User-ID feature lets you associate your own identifiers with individual users so you can connect their behavior across different sessions and on various devices and platforms. Analytics interprets each user ID as a separate user, which provides you with more accurate user counts and a more holistic story about a user's relationship with your business.

When you collect user IDs and you have linked Analytics to BigQuery, that information is exported to BigQuery regardless of the consent status of your users.

Before you begin

To send user IDs to Analytics, you need to create a unique ID for each user on your own and assign and consistently reassign the IDs to your users. This is typically done during login. For example, when a user signs in, you could use their email address to generate a unique ID that you can reference throughout your website or application. Each user ID must be fewer than 256 characters long.

Note: You're responsible for ensuring that your use of the user ID is in accordance with the Google Analytics Terms of Service. This includes avoiding the use of impermissible personally identifiable information, and providing appropriate notice of your use of identifiers in your Privacy Policy. Your user ID must not contain information that a third party could use to determine a user's identity.

Send user IDs

For instructions on how to send a user ID, see Send user IDs.

Verify the reporting identity

Make sure your property uses a reporting identity that includes the User-ID option by doing the following:

  1. In Google Analytics, click Admin.

  2. Make sure you are in the correct account and property.

  3. In the Property column, click Reporting Identity.

  4. Select either:

    • Blended: evaluates user ID, Google signals, device ID, modeled data
    • Observed: evaluates user ID, Google signals, device ID

What you can do with User-ID

Compare signed in with non-signed in users

To compare the behavior of users who are signed in with the behavior of users who aren't signed in, build a comparison that uses the Signed in with user ID dimension and set the dimension value to "yes".


A comparison including the "Signed in with user ID" dimension and dimension value = yes



Report showing Users, New Users, Engagement Time, and Revenue for signed-in vs. non-signed-in users.


User exploration

The user exploration displays the users who make up an existing segment, or who make up the temporary segment that results from using other Explorations techniques. You can drill down into the list to see detailed information about individual users, including how and when that user was acquired, summary metrics for that user, and a timeline of their activities on your site or app.

Create remarketing audiences based on User-ID data

You can create remarketing audiences based on user IDs. If you've linked your Google Analytics and Ads accounts, these audiences are available in your shared library in Google Ads.

  • If you are using User-ID, then Analytics only includes the user identifier and the device identifier for the last device associated with each logged-in user.
  • If you're not using User-ID, Analytics includes all device and user identifiers in the audience information it exports to Ads.

How Analytics handles sessions with incomplete User-ID collection

Users sometimes trigger events on your site or app before signing in or after signing out. In the first instance, Analytics uses the session ID to associate that session with the user ID provided when the user signs in. In the second instance, once a user signs out, Analytics stops associating any subsequent events with that user ID.

For example, a user starts a session with no associated user ID and triggers Events 1 and 2. No user ID is associated with those events. The user then signs in and triggers Event 3. Events 1, 2, and 3 are now all associated with that user's ID. The user finally signs out and then triggers Event 4. No user ID is associated with Event 4. Events 1, 2, and 3 remain associated with that user.


  • The User-ID feature is built for use with Google Analytics technologies. All implementations must comply with the Analytics SDK / User-ID Feature Policy.
  • The user IDs you send to Google Analytics must be fewer than 256 characters long.
  • Any data in your Analytics account collected and recorded prior to implementation won't be reprocessed and associated with a user ID.
  • User-ID data collected in one property can't be shared or mixed with data in other properties.





Enchanced measurement

Enhanced measurement is the easiest way to enrich your GA4 reports with data about 7 different user activities on your website. More insights without writing a single line of code. Does that sound too good to be true? Let’s find out…


Key takeaways

What is enhanced measurement in GA4?

#1 Enhanced event measurement vs Automatically Collected, Recommended and Custom events

#2 Collecting more data without coding

#3 More accurate engagement metrics

Which user activities can you track with enhanced measurement?

Page views


Outbound clicks

Site search

Form interactions

Video engagement

File downloads

Where can you find enhanced measurement data in GA4?

How to switch on/off enhanced measurement in GA4?

Step 1: Open Data Streams in the Admin settings

Step 2: Open the Web Stream

Step 3: Toggle enhanced measurement on/off

Step 4: Open the event configuration panel

Step 5: Switch on/off an event

Step 6: Save your enhanced measurement settings

Key takeaways

  • Enhanced measurement is an easy way to collect data about what visitors are doing on your site.
  • You can activate and deactivate different types of activity tracking directly in GA4.
  • The data is accessible in several reports, but it also enhances the quality in less visible ways.
  • This is not a toggle and play solution. There are limitations you’d better be aware of.

What is enhanced measurement in GA4?

Enhanced measurement in GA4 gives you the opportunity to automatically collect data about 7 typical activities users can perform on a website.

Apart from page view, you can activate or deactivatedata collection options directly in the GA4 administrator settings.


Before I get to the what, how, where and why of enhanced measurement, let me first explain what “enhanced” actually means in the context of GA4.

GA4 is an event-based model. To see the trees for the forest, events can be categorized into 4 groups.

  1. Automatically collected events. The data of these events is collected whether you want it or not. Think, for instance, of first_visit.
  2. Events that qualify for enhanced measurement. They are ready to collect everything (almost) automatically, but you need to activate them. This is what this wall of text you have entered is all about.
  3. Recommended events also track user activities, such as login or add_to_cart, but they require technical expertise.
  4. Custom events refer to everything else you want to track on your site, but cannot achieve with one of the above events.

So, enhanced measurement is for a small subset of specific events.

10 to be more precise, but I will get to that further below.

#2 Collecting more data without coding

In Universal Analytics you had to do a lot of things to collect data about certain user activities.

Thanks to the novelty of enhanced measurement, everybody and his cat can do this. (My best guess is that it’s faster without a cat that jumps on your keyboard.)

Skipping the heavy burden to understand the differences between GA and GTM?

Hooray for that.

#3 More accurate engagement metrics

The collected data is visible in reports and dimensions, but it also works in the background.





To keep things simple, if you activate enhanced measurement options, you will get more accurate engagement metrics.


Which user activities can you track with enhanced measurement?

GA4 can track 7 types of user activities on your site. That sounds great, but keep in mind that the data is limited. Also, some names of the enhanced measurement settings are kind of misleading.


Let’s get the party started.

Page views

When somebody visits a page, the page_view event is triggered. You can’t switch this option off in the enhanced measurement option panel.


There are two settings:

  • *Page load*: this is a trigger. When a page is loaded, GA4 collects the data for this event. You cannot change this in GA4, but with GTM, you can.
  • Page changes based on browser history events*.* This option is useful for Single Web Page Applications (SWAs), or pages with infinite scrolling.

If you disable enhanced measurement completely, you get a warning that says you will switch to standard page views.


GA4 is not very clear about what that means.

But, since GA4 is making it hard to deactivate this event, don’t play with it. Unless you have a good technical background in coding, GTM and GA.

The page_view event has two default parameters.

  1. page_location: this is the URL of the page that the user visited.
  2. page_referrer: the URL (on your domain) where the visitor was coming from.


This event is triggered if you have switched it on in enhanced measurement and if a visitor scrolls down to at least 90% of the page.


Nice, but alas, nobody but a web crawler and a writer reads a web page from top to bottom.

Besides, not all the good stuff is waiting at the end of a page to be picked up and noticed by visitors.

To trigger the scroll event for pixels or other percentages of the viewed page you have to use Google Tag Manager.

Outbound clicks

When you enable this option in enhanced measurement, GA4 automatically tracks clicks on links to an external domain. This doesn’t apply to domains you have set up for cross-domain tracking.


Clicks on outbound links are important for affiliate marketers, but there are other use cases too, as described in our GA4 click tracking guide.

What are people searching for on your site? To find the answer, you first need to activate the view_search_results event in the enhanced measurement panel.


The event is automatically triggered when one of the following 5 query parameters appears in the URL:

  • q
  • s
  • search
  • query
  • keyword

These are the most common ones. Even Google Support uses it.


If you are not sure what you are doing, ask your developers.

The reward of switching on this enhanced measurement option can be high, because it allows you to

  • detect content gaps. (“We want more. We want more. But can’t find it, so goodbye…”)
  • get insights on your site architecture. Is the content easy to find, or do people use the site search even when the answer is staring them in the eyes?
  • get ideas to extend your business. If people are looking on your site for products or services, they are probably willing to buy it from you.

Form interactions

Forms are of vital importance for every website. People use it to ask general questions, request a quote or subscribe to your newsletter.


When you activate this enhanced measurement, GA4 claims to automatically collect data for two events:

  • form_start: this is triggered per session. So if a user starts interacting with a form, leaves your site and comes back at a later time, you will see that this happened twice.
  • form_submit: this is triggered when a user submits a form.

In order to see the data in your reports, you have to set up custom dimensions.

The difference between starting and completing a form can tell you a lot, but I need to warn you.

Although this feature looks great, it doesn’t work well, for now.

Here is another warning.

Skip the next two lines if you don’t want to have an earworm today.

GA4, all my troubles seemed so far away…

Now it looks as though they're here to stay.

Video engagement

Including videos on your site is an excellent idea. Increased engagement, more time on your site and a low barrier to see and hear the people behind the brand.


The video enhanced measurement option only works

If both conditions are met, GA4 automatically tracks 3 video engagement events:

  • video_start
  • video_progress. This is measured as the percentage of the total duration of the video: 0%, 25%, 50%, and 75%.
  • video_complete

But why would you activate this in GA4 if you can use YouTube statistics?

  1. GA4 automatically creates a dimension called Visible. You can use this in audiences and exploration templates.
  2. Not every team member needs access to your YT account.
  3. The way people engage with a video on your site is completely different from what they do on the hyperactive and distractive YouTube platform. The videos are the same, but the environment is not. If you like hanging out there, make sure you follow our Data Driven YouTube channel

File downloads

Everybody loves files. Especially when you don’t have to create them yourself, but can download them from a site.


If that site is yours, you want to know if and which files are downloaded.

Activating this enhanced measurement option is easy. In return, you get a lot of insights, as you can read in our GA4 guide to track downloads of files.

Which is not a file itself.

But you can download an interesting one from there.

Where can you find enhanced measurement data in GA4?

The data collected with enhanced measurement can be found and used in reports, engagement metrics, dimensions and insight cards. From within the Events report, you can dive into the details of a specific activity.

To open it, click on Reports > Engagement > Events


The events are not grouped into types, so you have to look for nerdy_names_with_underscores.

This is the complete list of all the GA4 events related to enhanced measurement:

  • page_view
  • scroll
  • click
  • view_search_results
  • video_start
  • video_progress
  • video_complete
  • file_download
  • form_start
  • form_submit


If you click on an event, you are directed to a detailed report for the selected event, such as the page_view report.


Still here and convinced that enhanced data is useful for you? Let’s see how you can activate it.

How to switch on/off enhanced measurement in GA4?

You can configure enhanced measurement directly in your Google Analytics 4 account. Before you begin, make sure you are in the right account and property.

Step 1: Open Data Streams in the Admin settings


Click on the cog in the left lower corner of your GA4 account. Then click on Data Streams in the property column.

Step 2: Open the Web Stream


Enhanced measurement only applies to your website, so make sure you click Web Stream.

Step 3: Toggle enhanced measurement on/off


You can deactivate all events and switch to standard page views.
Or you can activate enhanced measurement and select which events you want to measure.

Step 4: Open the event configuration panel

Click on the cog to open the configuration panel.

Step 5: Switch on/off an event

Apart from Page view, you can switch an event on or off. Some events also have advanced settings.
There is no point in switching on actions that cannot be performed on your site.

Step 6: Save your enhanced measurement settings

Click on the blue button on top of the panel.

From that moment, you can access the data in your reports.

GA4 has some delay, but in the real-time report, you can see them instantly.

If you reached this point, you have at least triggered a page view and an impressive scroll. You deserve a thumbs up from the Data Driven U team. To find out more about how you can make the most out of your GA4 Enhanced Measurement – watch this video:

Before you set up enhanced measurement for your site, you can do one more activity for your career or business. Fill in a simple form and receive our newsletter for data driven marketers.


Scroll to Top