
How to make Google Analytics GDPR compliant - markosaric
https://plausible.io/blog/google-analytics-gdpr
======
Nextgrid
I am not confident that the "anonymize IP" option is GDPR compliant.

This asks Google not to store the IP in full, however the IP is still
transmitted to them (as an unavoidable side-effect of loading the library and
sending the analytics events).

I am not sure if the other options they recommend disabling actually disable
the initial _collection_ of the data, or whether they only instruct Google to
not _process_ that data when they receive it.

Even if we assume that Google is acting in good faith (which at this point is
a very big "if"), transmitting the data to Google still opens up a theoretical
risk of that data being intercepted by a malicious attacker with access to
Google's infrastructure, and no matter how small this risk is I can see
someone potentially making an argument about it with the regulator.

