How to solve the GDPR problem with a GTM server-side tag
Olga Mirgorodskaya, Creative writer at OWOX BI
Ruslan Obolonsky, Senior Product Manager of Product at OWOX BI
After the General Data Protection Regulation (GDPR) went into effect, Google Analytics users in Europe faced a problem. Google Analytics has become illegal to use for website operators in several countries due to decisions by European data protection authorities, as it does not comply with the GDPR.
The good news is that this problem has a solution. If you like the Google Analytics 4 data structure, you don’t have to give up on it. Instead, you can use server-side tracking in Google Tag Manager and use a special tag from OWOX to directly transfer data from your website to Google BigQuery without sending it to Google Analytics servers.
Google Analytics and the GDPR — What’s the problem?
In 2020, the non-profit organization NOYB filed 101 complaints against websites operating in the European Economic Area (EEA) that applied Google Analytics or Facebook Connect. After this, EEA data protection authorities started issuing rulings forcing EEA website operators to stop using these services on the grounds that they do not comply with the General Data Protection Regulation (GDPR).
The problem is in the method of applying Google Analytics in Europe, as Google stores data gathered about EU residents (user behavior data) on a US-based cloud service. The sticking point was — and still is — that the safeguards taken by Google are insufficient at preventing US intelligence services from accessing the personal data of EU residents. According to European data protection authorities, these overseas data transfers violate the GDPR.
How to solve the problem with GTM server-side tracking and Google BigQuery
GTM server-side tracking is an alternative to the traditional client-side tracking method that solves the problem of sensitive data transmission, ad blockers, and page loading speed.
To process data collected on the server side (server-side tracking), an intermediate destination is added (in the case of Google Tag Manager, this is a cloud server). From the client side, the request first goes to the cloud server, and then the cloud server processes this request and sends it to a third-party system. That is, instead of the client browser making a request to the third-party system, that request is made by a cloud server.
Advantages of GTM server-side tracking
- Server-side tracking allows you to hide the business logic of how your site interacts with third-party applications by moving it to the back end. That is, the data you transfer and the logic you use to transfer it will not be available to the user.
- Sending data to third-party systems does not depend on the user’s browser, since all requests are processed and sent on the server side and are not affected by ad blockers, as this method eliminates the possibility of detecting a script by identifying the domain sending the request.
- This tracking method is more secure, which means you can supplement user data collected on the client side with the necessary information without the risk of disclosure.
- You have full control over the data that will be sent to third-party systems, enabling you to comply with existing GDPR, CCPA, and CSP requirements.
- By using a subdomain when setting up a server container, you can set first-party cookies, increasing their lifetime. This helps to eliminate the influence of tracking prevention tools built into Safari, Chrome, and Firefox.
In order not to send data to Google Analytics, you can use Google Analytics 4 RawData to BigQuery Tag, which allows you to automatically redirect GoogleAnalytics 4 events to a Google BigQuery table.
Advantages of the OWOX tag for server-side GTM
Google Analytics 4 RawData to BigQuery Tag is free. Anyone who uses server-side GTM can install it and get the following benefits:
- GDPR compliance. Using our tag, you can configure GTM server-side so that data does not go to Google Analytics servers in the US at all but instead goes directly to the dataset with the location you specified in Google BigQuery. That is, the data does not go beyond the first-party contour of the business at all. Thus, the business itself guarantees 100% GDPR compliance.
- One-time setup. The tag only needs to be configured once. No need to go to settings and change the table structure in GBQ every time you add new GA4 events/parameters in site markup.
- Real-time data. Data is sent to GBQ in real time — no need to wait for a scheduled export.
- No restrictions. For example, you won’t run into the known 1 million hits per day limit that applies to native uploads from the free version of GA 4 to GBQ.
- The tag is free and available to anyone using GTM server-side tracking.
If you need a trustworthy analytics solution adapted to the GDPR and the world of privacy, sign up for a free demo.
How to set up the collection of raw data from Google Analytics 4 to BigQuery with the Google Analytics 4 RawData to BigQuery Tag
You can use Google Analytics 4 RawData to BigQuery Tag if you have enabled Google Analytics 4 and configured GTM as the server-side tag manager for GA 4 events. With this tag, you will get raw Google Analytics 4 data after each addition of a new event in the site markup without first setting up a schema in BigQuery.
How to add the Google Analytics 4 RawData to BigQuery Tag
Step 1. Create an appropriate table in your Google BigQuery
1. Create a dataset in a GBQ project:
2. Choose a data location:
3. Create a table with the following schema:
The fastest way is to run the SQL code below in GBQ:
CREATE TABLE IF NOT EXISTS [project_name].[dataset_name].ga4RawDataOwox (rawDataOwox STRING NOT NULL, createdAt TIMESTAMP NOT NULL) OPTIONS(description="GA4 Raw data transferred directly to GBQ from my server-side GTM using OWOX tag")
Note! In this SQL code example, you need to replace [project_name].[dataset_name] with the actual project and dataset names.
Step 2. Add the tag from Templates to your Workspace
1. Go to Templates → Tag Templates → Search Gallery in your server-side GTM container:
2. Find and choose the tag:
3. Add it to your workspace:
Step 3. Add the tag
Go to Tags and add this tag. Choose a trigger and set the path to your table in GBQ.
Note! Check the checkbox “Enable logging” only for debugging.
As long as your server container runs in the same GCP project with the BigQuery table, you’re all set. You don’t need to do anything in terms of authentication, as the default service account of App Engine has complete access to any BigQuery tables added to the project.
Step 4. Publish the container with a new tag
Submit and Publish the changes, then test the flow in Preview mode. If everything is correct, you’ll see Google Analytics 4 RawData to BigQuery Tag under Tags Fired:
And you will see the data in the Google BigQuery table:
How to use this data
Write SQL code to use this data in a convenient structure for your reports. Example:
SELECT JSON_EXTRACT_SCALAR(rawDataOwox, '$.page_referrer') AS page_referrer, JSON_EXTRACT_SCALAR(rawDataOwox, '$.page_title') AS page_title, JSON_EXTRACT_SCALAR(rawDataOwox, '$.event_name') AS event_name, JSON_EXTRACT_SCALAR(rawDataOwox, '$.user_agent') AS user_agent FROM `[project_name].[dataset_name].ga4RawDataOwox`
If you have enabled Google Analytics 4 and need to import cost data to Google BigQuery or need to build cross-channel reports, book a demo with OWOX.
Our specialists will show how you can use OWOX BI products (and our professional services) to achieve your goals and transform raw data into business-ready data.
grow 22% faster
Grow faster by measuring what works best in your marketing
Analyze your marketing efficiency, find the growth areas, increase ROIGet demo
What types of data should be considered when ensuring GDPR compliance?Any personal data that is collected or processed by your business should be considered for GDPR compliance, including name, email address, location information, and IP address.
How can I ensure ongoing compliance with GDPR regulationsRegular reviews of data processing practices, implementation of appropriate technical and organizational measures, and ongoing employee training are all important for ensuring ongoing compliance with GDPR regulations.