Google Analytics 4 Privacy Fundamentals: Executing DSAR and Deletion Requests

Google Analytics 4 Privacy Fundamentals: Executing DSAR & Deletion Requests
Estimated Reading Time: 6 minutes

Organizations across the globe are facing an influx of new requirements related to privacy legislation. While regulations vary significantly from one region to another, one consistent right being granted to consumers is the right to access and delete data that has been collected about them. These rights require the deletion of data across all platforms to which personal data has been sent, including analytics and advertising technologies. 

Luckily for users of Google Analytics, Google Analytics 4 (GA4) offers several different means of executing these requests. Here’s a handy guide for the ways in which an organization can effectively execute Data Subject Access Requests (DSARs) and deletion requests when using GA4. 

Data Access

Pull Event Information Via the UI

To pull event information for any given user identifier via the UI, you can use the User Explorer report or the User Activity report within GA4. This feature allows you to analyze and export event-level data for a single user identifier. To do this, you will need to first have the user identifier for the user in question. This will either be a user ID (if you have implemented this in your GA4 Property) or the device ID (default option if you have not implemented user ID as a user property and configured on your website). 

The User Explorer functionality in GA4 is within the “Analysis” section of reporting. Once there, you will create a segment or filter to include just the user identifier for the requesting user and then export the results to provide to the user and satisfy their access request.

Pull Event Information Via the API

GA4 has a User Activity API that allows a GA4 property owner to retrieve all analytics measurement data associated with a single user. Again, you will need to have the user identifier associated with the user in question (either the device ID or user ID depending upon your specific implementation). With the user identifier you will then use the User Activity API to pull down all the relevant data. 

Pull Information Via BigQuery

A feature of GA4 is that all organizations can integrate their GA4 properties with BigQuery to create full exports of all event data associated with all of their users in a single queryable repository. If you have this set up, you can then easily and programmatically access the data in a more scalable way.

Resources

Data Deletion

Delete Data Associated with a Specified User 

GA4 offers two methods of deleting the data associated with specific users from GA4. These types of deletion will be used when a user executes their “right to be forgotten” under privacy legislation such as GDPR or CCPA.

Similar to the methods available for user access requests, you can satisfy user deletion requests via both the GA4 interface, as well via an API. 

Deleting User Data Via the UI

To delete user data via the UI, you will use the User Explorer report within the Analysis section of GA4. You will first need to know the user identifier for the user in question (either the user ID or device ID depending upon your implementation). Using this user identifier you can filter or segment the User Explorer report to find that user record and all associated data. Once identified, there is a trash can icon that can be clicked to ‘Delete User’. Using this will delete all of the event and parameter data associated with the user identifier from the Google Analytics servers. 

Deleting User Data Via the API

Google Analytics has a User Deletion API that allows a GA4 property owner to programmatically request deletion of all data associated with a specified user identifier. You will need a user identifier to specify the associated records to delete. With the API you can use either the client ID (still called this in the documentation but would be the “device ID” in GA4 nomenclature), user ID, or the app instance ID. Here is Google’s documentation for executing these requests.

Some important notes from Google’s documentation regarding data deletion requests:

  • For user data deletion requests, once deletion is requested, data associated with the user identifier will be removed from the Individual User Report within 72 hours, and then deleted from Analytics’ servers during the next deletion process. Deletion processes are scheduled to occur approximately every two months.
  • If data has been exported outside of GA4, they recommend you delete it there prior to making the GA4 deletion request. The data deletion request will only delete data in GA4 and not in BigQuery or other potentially connected products. You will need to delete data in these downstream connected locations separately.
  • Note that reports based on previously aggregated data (for example, user counts in the audience overview report) will be unaffected.

Resources

Collecting Client ID Necessary to Execute Requests

Pro Tip: The device ID for GA4 is the “client ID”. This value is stored on the user’s browser in the ‘_ga’ first party cookie. You can collect this cookie value as a hidden field with the form used for submitting DSAR and deletion requests. Extracting the client ID from the cookie value provides the information necessary to execute the request even for a pseudonymous user.

  • The cookie value is in the format of [version.domain components.cliendid.timestamp]:
  • Example: GA1.1.1069988591.1657793649 – 
    • Version number – 1
    • Number of components in the domain – 1
    • Client ID – 1069988591
    • Timestamp – 1657793649

Have questions about the best ways to architect GA4 for compliant data analytics?

Contact us today to connect with one of our privacy specialists!

Author

  • Lucas Long

    Lucas Long is co-author of the Amazon best-selling book, Crawl, Walk, Run: Becoming a Privacy-Centric Marketing Organization. He is also the Director of Privacy Strategy at InfoTrust, working with global organizations at the intersection of digital strategy, privacy regulations, and technical data collection architecture. Through these efforts, Lucas helps companies understand their limitations for data enablement due to privacy challenges and design optimal ways to accomplish core use cases in a compliant manner.

    When not discussing the intricacies of GDPR and cookie laws with clients, Lucas enjoys traveling and exploring new cultures, one bite at a time. Based in Barcelona, he is also a presenter, featured at industry events organized by Google, the Digital Analytics Association, the American Marketing Association, and the Journal of Applied Marketing Analytics.

Facebook
Twitter
LinkedIn
Email
Originally Published: September 6, 2023

Subscribe To Our Newsletter

September 6, 2023

Other Articles You Will Enjoy

How Does BigQuery Data Import for Google Analytics 4 Differ from Universal Analytics?

How Does BigQuery Data Import for Google Analytics 4 Differ from Universal Analytics?

All Google Analytics 4 (GA4) property owners can now enable ‌data export to BigQuery and start to utilize the raw event data collected on…

2-minute read
App Install Attribution in Google Analytics 4: What You Need to Know

App Install Attribution in Google Analytics 4: What You Need to Know

App install attribution in Google Analytics for Firebase (GA4) is a feature that helps you understand how users discover and install your app. It…

6-minute read
Google Tag Best Practices for Google Analytics 4

Google Tag Best Practices for Google Analytics 4

After collaborating with several of my colleagues at InfoTrust including Bryan Lamb, Head of Capabilities, Corey Chapman, Senior Tag Management Engineer, Chinonso Emma-Ebere, Tech…

4-minute read
Leveraging Custom Dimensions and Metrics in Google Analytics 4 for Content Performance Measurement: Best Practices and Real-World Examples

Leveraging Custom Dimensions and Metrics in Google Analytics 4 for Content Performance Measurement: Best Practices and Real-World Examples

In today’s digital landscape where content reigns supreme, understanding how your audience interacts with your content is paramount for success. For news and media…

5-minute read
Leveraging Attribution Models in Google Analytics 4 to Improve Your Marketing Strategy: Tips and Best Practices

Leveraging Attribution Models in Google Analytics 4 to Improve Your Marketing Strategy: Tips and Best Practices

In the dynamic landscape of digital marketing, understanding the customer journey is crucial for optimizing strategies and maximizing ROI. Google Analytics 4 (GA4) introduces…

5-minute read
How Data Maturity Can Cultivate a Data-Driven Culture

How Data Maturity Can Cultivate a Data-Driven Culture

Data-driven decisions are a buzz topic in Martech. It is essential for C-suite executives to understand and more importantly, use their data to move…

4-minute read
Is It Time to Upgrade? 4 Signs Your Organization Needs Google Analytics 4 360

Is It Time to Upgrade? 4 Signs Your Organization Needs Google Analytics 4 360

As VP of Partnerships at InfoTrust, I’ve had the opportunity to talk with hundreds of decision-makers about their interest in upgrading to Google Analytics…

4-minute read
Advanced Analysis Techniques in Google Analytics 4: How to Use AI-Powered Insights and Predictive Analytics for Effective Marketing

Advanced Analysis Techniques in Google Analytics 4: How to Use AI-Powered Insights and Predictive Analytics for Effective Marketing

AI-powered insights and predictive analytics are revolutionary tools reshaping the modern marketing landscape. These advanced analytics techniques, particularly prominent in Google Analytics 4 (GA4),…

8-minute read
How to Integrate Google Analytics 4 with BigQuery for Enhanced Data Analysis and Reporting

How to Integrate Google Analytics 4 with BigQuery for Enhanced Data Analysis and Reporting

Has your business found that its reporting needs require advanced analysis of your analytics data beyond what is practical in the Google Analytics 4…

4-minute read

Get Your Assessment

Thank you! We will be in touch with your results soon.
{{ field.placeholder }}
{{ option.name }}

Talk To Us

Talk To Us

Receive Book Updates

Fill out this form to receive email announcements about Crawl, Walk, Run: Advancing Analytics Maturity with Google Marketing Platform. This includes pre-sale dates, official publishing dates, and more.

Search InfoTrust

Leave Us A Review

Leave a review and let us know how we’re doing. Only actual clients, please.