Hi everyone, I'm wondering if using GA on my site without using the now pervasive "Cookie alert" pop up could be prosecutable under GDPR.<p>I've search on the interwebs and the only thing I can find is legalese that I could not understand.<p>Can someone assist?
Some say as long as you anonymize user IP (call: ga('set', 'anonymizeIp', true);), you can only mention GA usage in privacy policy.
You have to take into account two different things. The ePrivacy directive and the GDPR. The ePrivacy directive is what generated the cookie popup you mentioned, while GDPR is tackling what happens with personal data once it is on someone's server.<p>You can check this article:
<a href="https://gdpr.eu/cookies/" rel="nofollow">https://gdpr.eu/cookies/</a><p>But it basically states that you should give your users the possibility of opting-out from tracking cookies, like the ones used by Google, and this is not GDPR, this is ePrivacy. To comply with GDPR, you should give your users the possibility to see their data, delete the data, etc. Since this is done by Google, it is their responsibility to comply with GDPR, and not yours (more or less... Let's say, it is YOUR responsibility, but you offloaded it to Google, which is compliant with GDPR apparently).<p>In any case, you should ask yourself why are you giving Google your users' data. Aren't your server logs enough to see who visits you?