After July 2021, the 2.3.x release line will no longer receive quality updates, or user guide updates. PHP 7.3 reaches end of support in December 2021 and Adobe Commerce 2.3.x reaches end of support in September 2022. We strongly recommend planning your upgrade now to Adobe Commerce 2.4.x to help maintain PCI compliance.

Google Privacy Settings

The information on this page is intended for Adobe Commerce 2.3 customers who are on an extended support contract. The Adobe Commerce Merchant Documentation for current releases is published on the Adobe Experience League.

If your business is required to comply with privacy regulations such as the GDPR or CCPA, the default settings of Google Analytics, or Google Universal Analytics and Google Tag Manager (), can be changed to meet privacy requirements. Follow these steps to ensure that your use of customer data remains in compliance.

Google Analytics - data sharing settings Google Data Sharing Settings

Step 1: Update Google settings

  1. Sign in to your company’s Google Analytics account.

  2. At the bottom of the left sidebar, choose Admin. Then, navigate to the account that you want to edit, if applicable.

  3. In the Account column, click Account Settings.

  4. Turn off data sharing in order to meet privacy regulation requirements.

    The default Google Analytics settings share your company data with Google and other parties, To turn off data sharing, clear the selection checkbox for the following settings:

    • Google products & services
    • Benchmarking
    • Technical support
    • Account specialists
  5. Accept the Data Processing Amendment.

    The Google Ads Data Processing Terms describe how Google processes data, and the measures it takes to ensure data security for business that are subject to the GDPR. A record of your legal entities and contact information is also maintained with the amendment. To learn more, click the link in the message at the top of the page.

    • Scroll down the page to Data Processing Amendment.
    • Click Review Amendment to read the Google Ads Data Processing Terms.
    • Click Accept.
    • Click Save.
  6. Complete the DPA Administration details.

    • Click Manage DPA Details to open a DPA administration page where you can edit contacts and your organization’s legal entities.

    • In the Legal Entities section, click the Edit ( ) icon and add one or more registered name(s) for your organization. When complete, click Save.

    • In the Contacts section, click the Add ( ) icon and enter the information for the first contact. Then, select the checkbox of each applicable role and click Add.

      Primary Contact (Notification Email Address) The contact to whom notices are sent.
      Data Protection Officer (If applicable) The person who is designated to facilitate privacy regulation compliance.
      European Economic Area (EEA) Representative (If applicable) The person who represents customers outside of the EU regarding their GDPR obligations.

      Repeat to add another contact, if applicable.

Step 2: Modify your Google JS libraries

Google supports three JavaScript libraries to measure website usage, depending on the Google product: gtag.js, analytics.js, and ga.js. To meet privacy requirements, the standard code can be modified as follows:

Anonymize IP addresses

  1. To anonymize the IP addresses used by Google Universal Analytics, add the following snippet to the analytics.js library on your web server:

    ga('set', 'anonymizeIp', true);

    To learn more, see the Analytics.js Field Reference.

    If you use the legacy ga.js library, add the following snippet:

    ga('set', 'anonymizeIp', true);
  2. To anonymize the IP addresses used by Google Tag Manager, set the anonymize_ip parameter to true in the gtag.js library on your web server.

    gtag('event', 'your_event', { 'anonymize_ip': true })

    To learn more, see IP Anonymization in Analytics in Google Help.

Force SSL

To force all Google data to be transmitted over a secure socket layer (SSL), add the following snippet to the analytics.js library on your web server.

ga('set', 'forceSSL', true);

Step 3: Update your privacy policy

Update your privacy policy to state that your company:

  • Uses Google Analytics
  • Masks IP addresses to hide personal information
  • Has turned off Google Data Sharing
  • Does not use other Google services in conjunction with Google Analytics cookies