Use encrypted - hashed e-commerce customer email as Google Analytics User ID
Is it ok to use encrypted - hashed e-commerce customer email as Google Analytics User ID? I found different privacy policy sections about the use of PII in Google Analytics. For example here it says , it is ok to use the encrypted hashed form of the Data . But here in the caution section it says we are not allowed to use the PII data. I will be using Measurement Protocol and GTM for sending the data to Google Analytics.
If I use a proper level of encryption + hashing , will that be ok to use the customer email address (in hashed encrypted form) as the User ID in google analytics?
Regards, Lina
Yes it is OK to use SHA256-hashed PII data like you pointed out as hashing destroys the original data, thus it's no longer PII: cryptographic hash functions such as SHA256 are one-way functions, thus from the output you can't figure out the input (FYI you can brute-force the generation of inputs matching a given output - especially with weaker algorithms such as MD5 - to break into a system - eg guessing a password - but for the purpose of hiding PII it still does its job: you simply cannot know with certainty what the original PII was, so mission accomplished as far as protecting PII).
The only downside with using hashing to generate a User ID is collision: SHA256 produces 2^256 possible outputs, so if you're really unlucky (# emails / 2^256 = chance of collision) it's possible that different emails produce the same SHA-256 hash and thus the same User ID in which case different users will be incorrectly identified as the same user. To reduce chances of collision you could combine the hash with other attributes, eg {user_signup_timestamp}-{email_hash}, but the only way to prevent collision is to rely on a database ID for each user as the DB will ensure each User ID is unique.
- Google Analytics 4 integration in react native
- Google Analytics Measurement Protocol Library For .NET
- setup Google Analytics 4 in nuxt.js
- How to delete a google tag manager container?
- How to group articles by meta article:tags in Google Analytics?
- My Google Analytics setup for hugo is not working
- Separate Google Analytics data based on dev environment
- Why Google Analytics Code Making Request to doubleclick.net?
- How can I create a single time series chart with lines for each device category (mobile, desktop, tablet)?
- How do you deal with multiple values in a single cell separated by comma?
- How to access the Google Analytics Data API via bash script using gcloud
- Adding google analytics code to all pages
- How to get/show the total website visits from google analytics?
- Running Google Analytics in iframe?
- How does google analytics avoid same origin policy?
- `?_gl` query parameter is added to my URL links to my subdomain - how to remove it?
- How to setup custom event tracking with new Google Analytics (GA4) on the server?
- How to use google analytics with next.js app?
- Session control with Google Analytics API v3 for iOS?
- how to disable google analytics on localhost
- Product-scoped custom dimensions in GA4
- how to get the Google analytics client ID
- Getting dates from google analytics API
- Can I add google analytic to an email (both html / text version)?
- Analysis hub report pdf export not working
- Google Analytics Web+App event config: Error 'gtag is not defined'
- How to make Google Analytics respond to "Do Not Track"
- Google Analytics service Intent crashes on Android Oreo
- Issue with IP Anonymization Using ReactGA
- How to Integrate Google Analytics to Track Item Views, Visitors, and Conversions on an E-commerce Site