💡Key Insight
- Using Google Analytics on your website means your business collects personal data such as cookies and identifiers, and you must disclose this in a clearly accessible privacy policy to comply with privacy laws and Google’s own terms.
- Even if your Australian business has an annual turnover under $3 million, collecting personal data through Google Analytics triggers privacy obligations, so including analytics disclosures in your privacy policy helps meet legal requirements and avoid non-compliance.
- A compliant privacy policy for Google Analytics should explain what personal information is collected, how cookies and tracking occur, why the data is used, and how users can manage or opt out of data collection to ensure transparency and trust.
- Maintaining and updating your privacy policy whenever you change analytics practices or introduce new tracking tools ensures ongoing compliance and aligns your business with Australian privacy expectations.
Assessing how well your business is received by customers is an important part of ensuring business success. A common way businesses do this is by using Google Analytics to track the website and application activity of customers. Essentially, the tool enables you to have a deep insight into your consumer which could prove to be extremely valuable knowledge for your business. However, handling consumers’ personal information can raise serious legal concerns about privacy. Because of this, you are probably wondering whether your business would require a privacy policy if you use Google Analytics. In short, yes it does. In this article, we explain why this is the case.
What is a privacy policy?
A privacy policy is a document that explains to your users how your business will handle their personal information. It is an important document to ensure that businesses covered by the Privacy Act 1988 (Cth) are compliant with the law. It is a good way of letting your customers know that you value their privacy and safeguarding their personal information. If you would like further information on what a privacy policy is, this video is very helpful. Lawpath can assist you in setting up a privacy policy for your app or website in under 5 minutes.
You need a privacy policy if using Google Analytics for two main reasons: First, it means you are compliant with Australian privacy laws. Second, you have an obligation under the Google Analytics Service Agreement.
Australian Privacy Law
The Privacy Act covers Australia-operating businesses with an annual turnover of more than $3 million, private health service providers, and Australian or Norfolk Island government agencies. All entities within this category must have a privacy policy, regardless of whether they use Google Analytics. So if you are in one of these categories, be sure to have a privacy policy so you are compliant with the law. Unsure if you fit the bill? Check whether you are required to comply with the Privacy Act by heading to the Office of the Australian Information Commissioner website.
I run a small business, does that mean I don’t have to comply?
If you are a small business (your annual turnover is $3 million or less) and you wish to use Google Analytics, you must also comply with the Australian rules of privacy. This is because laws cover small businesses if they disclose or collect personal information about an individual for a benefit, service or advantage. Using Google Analytics would certainly mean you will be collecting the personal information of consumers for a benefit. Therefore, as an entity using consumer data to benefit your small business, you must also adopt a privacy policy.
Google’s Terms of Service
Google has its own Google Analytics service agreement. Its privacy clause states that it is your obligation to create your own privacy policy and comply with applicable laws. You are also required to set out how you use cookies or certain identifiers to collect personal data. You should also make clear that you use Google Analytics in your policy.
Updating your privacy policy
Already have a privacy policy? You would need to update your privacy policy according to the Google Analytics Terms of Service. Be sure to consult a business lawyer for further assistance.
Summary
Google Analytics is a useful tool to help you tailor your business to consumer needs. But remember to be cautious about the privacy of your users. Having a privacy policy lets your customers know you value the protection of their personal information. Importantly, you will able to conduct business confidently without the fear of non-compliance.
