Meta has recently released a partner integration for Google Analytics (GA). Via this integration, advertisers are able to pull reporting data from GA directly into their Meta Ads Manager account to supplement campaign and conversion reporting. Meta is also able to use this performance information to optimize campaigns being run across their advertising suite. As Meta rolls out the integration ability across accounts, they are citing an additional 5 percent average increase in conversions driven by Meta in their analytics tools and also incentivizing advertisers to adopt the integration by pushing “early access to updates that can improve campaign performance.”
For many advertisers, this sounds too good to be true. A common question we have been asked is, “are there any privacy implications for this?” And a great question to ask! Let’s review the details of the integration to assess any privacy compliance considerations that should be made.
What data is passed from Google Analytics to Meta Events Manager with the integration?
Based upon the available documentation (of which there is not much), event data from GA is disclosed to Meta as a part of the integration. The specific permissions listed when granting access to any GA Property selected are for Meta to be able to:
- “See your reporting data, including all dimensions and metrics about your site or app”, and
- “See how your site or app data is organized, processed, and integrated with other Google products”.
Based upon our extensive usage of Google Analytics APIs, these details seem to indicate that Meta would be using the GA Data API to pull reporting data from GA. While this means that Meta would be able to pull in all event information from GA, along with configured associated dimensions and metrics, importantly none of the standard dimensions or metrics available from GA would include user or device identifiers.
In non-technical terms, this means that Meta will be able to access aggregate metrics for actions that have happened on the website (purchase events), along with context about those actions (transaction amount, campaign information related to the conversion) but would not include identifying information for any of the users that completed those actions.
Is it possible for personal information or personal data to be disclosed to Meta as a result of the integration?
As mentioned above, none of the standard dimensions or metrics available from GA include user or device identifiers. However, it is possible that a website has implemented custom dimensions which could include information such as the GA Client ID (device identifier) or a User ID. In this case, these datapoints would be disclosed to Meta as a part of the implementation thus triggering possible privacy compliance considerations.
Taking this scenario in context, however, unless a GA Client ID or User ID is also collected directly by Meta, either via a Meta Pixel implementation or via a Conversion API implementation on the same website, on the receiver (Meta) end there would be no context with which to combine these datapoints to identify neither the user nor the device. In effect these datapoints would be random values not associated with a user/device nor with the ability to track that user over time or across websites.
In addition, in the terms agreed to when configuring the implementation, it is explained that data you provide to Meta or that Meta is authorized to obtain can be used for Meta’s improvement of products and services. It is stipulated that the data provided for this purpose does not contain and is not personal information, personally identifiable information, or personal data.
Taken together, it is unlikely that the data disclosed as a part of the integration would be in scope for personal information/personal data for relevant privacy compliance obligations.
What is the processing purpose for the data that is disclosed to Meta from Google Analytics?
Reporting data disclosed to Meta from GA is used within the Meta Ads Manager reporting for measurement and optimization. Upon configuring the integration, advertisers can select whether they want all key event information to be disclosed to Meta or only that which is driven from Meta campaigns (using the utm_source campaign parameter for filtering). In either case, key events which match the filters applied are mapped to events configured in Meta Events Manager and will be available in Meta reporting, along with conversion and campaign context. This added conversion information can also be used by Meta for automated campaign optimization being introduced in the Ads Manager platform. It is important to note that in the absence of user identifiers, optimization would be based upon campaign performance and not individual user characteristics.
So are there any privacy compliance considerations?
Based upon the available information, it does not appear that personal information or personal data is being disclosed from GA to Meta as a result of the integration. As such, formal obligations or considerations for things like CCPA or GDPR would not be likely to apply.
For opt-out obligations in the United States, no personal information is being “sold” or “shared”. The data is being collected and processed for a measurement purpose (not “targeted advertising” or “cross-context behavioral advertising”) and is unlikely to contain personal information. Due to this, even if GA is not configured for opt out (if data there is only used for a measurement purpose and therefore not implicated in “sale”/”share” opt-out requirements) then this processing purpose remains consistent even after the integration is made.
For GDPR purposes, again no personal data appears to be disclosed as a result of the integration. As data collected by GA is likely to already be classified as for a measurement or performance purpose for consent, this additional processing purpose would remain consistent with that categorization.
At the end of the day, some data is being disclosed between platforms, although it is unlikely to be considered personal data. For notice requirements, the purposes of collection and use remain consistent with how most sites treat both GA and the Meta Pixel. No new categories of information nor processing purposes are introduced as a result of the integration. For most websites, current notice disclosures likely address the integration use case.
What’s the value for advertisers?
For most advertisers, their GA implementation is far more robust as it relates to conversion information, campaign information, and general user behavior tracking on a website. By passing this information directly from GA to Meta, advertisers are able to get better campaign performance insights directly in Meta reporting with far less effort than trying to implement a robust tracking architecture for the Meta Pixel. With better performance information, Meta is also able to introduce improved campaign optimization tools to help advertisers get more out of their investment in the platform.
