I am not confident that the "anonymize IP" option is GDPR compliant.<p>This asks Google not to store the IP in full, however the IP is still transmitted to them (as an unavoidable side-effect of loading the library and sending the analytics events).<p>I am not sure if the other options they recommend disabling actually disable the initial <i>collection</i> of the data, or whether they only instruct Google to not <i>process</i> that data when they receive it.<p>Even if we assume that Google is acting in good faith (which at this point is a very big "if"), transmitting the data to Google still opens up a theoretical risk of that data being intercepted by a malicious attacker with access to Google's infrastructure, and no matter how small this risk is I can see someone potentially making an argument about it with the regulator.