[gcp]

The general consensus is that normal GA tracking alone does not meet the standards to trigger either the EU or the stricter Dutch cookie notification requirements since they are using first-party cookies not tied to PII and don't follow you across sites

Do you have a good reference for this? Especially the "don't follow you across sites" seems weird as Google will end up collecting hits from the same IP/browser/etc combo across sites, which trivially allows following.

[amichal]

Found a source for this opinion. Here [1] are instructions from the Dutch Government's "Personal Data Authority" on setting up GA in compliance with their laws in a way that does (did?) not require an explicit notice. See [2] for an explanation in english

[1] https://autoriteitpersoonsgegevens.nl/sites/default/files/at... [2] https://www.iabeurope.eu/eucookielaws/nl/

TLDR: If you use the following code. You are fine to use GA without a notice under Dutch law.

ga('set', 'forceSSL', true); ga('set', 'anonymizeIp', true);

[gcp]

Thank you! This is really useful.

[kuschku]

Be aware, this changes in 316 days, when the EU GDPR comes into force, and makes even for those cases opt-in required.

[amichal]

Opt-in via published policy or some silly explicit checkbox?

[kuschku]

Opt-in via an explicit dialog, and, most importantly, you have to give the user the ability to select "no" and still use your website (in which case you aren’t allowed to do any tracking).

[amichal]

I don't know what firefox addon pages does (and i see they have a special arrangement) and am not taking sides but for IP at least there is an option partially scrub it before it gets to disk at Google.

https://support.google.com/analytics/answer/2763052?hl=en

Edit: what do we think?