Server-side proxy requirements

PrisilaSH

Google servers the location of which is not specified . So if we cannot rely on the GA "automatic proxy", we must set up an additional proxy, directly controlled by us. In this way we will be able to control the data that the guarantor explicitly asks us to pseudonymize. Operation of the server-side GA proxy Here's a broad outline of what happens with a server-side GTM proxy GA setup The user starts browsing your site The request and analysis of the data passes through one of our servers physically located in Europe The data is cleaned by us on this first server with a server-side Google Tag Manager container The clean data then passes to the GA automatic proxy in the European Union This way we can mask or remove the identifying data that we need to manage for GDPR compliance purposes even before it reaches Google's automatic proxy.

We can, for example, remove IP addresses even before Google is able to obtain metadata photo editing servies relating to the geographical location of users. Server-side proxy requirements Again, the CNIL, regarding the proxy solution, states the following The proxy server must also be hosted in conditions that ensure that the data it processes is not transferred outside the European Union to a country that does not provide a level of protection substantially equivalent to that provided within the European Economic Area. We can therefore say that the use of a server-side proxy must meet three requirements to be an adequate solution to the problem The server must be physically located in the EU.



The company that owns the server must be regularly registered in the EU . Any user data that can be used to trace their identity or the characteristics of their device must be removed ; it is also advisable to modify some data before sending it to the US tool. What data to remove to be GDPR compliant? Below is a non-exhaustive list of the type of data to be removed to make GA compliant with the GDPR, according to the indications provided by the CNIL French guarantor IP addresses IP addresses must not go to analytics servers GA in this case . Parameters in URLs It is necessary to remove any parameters contained in the collected URLs e.g. UTM, but also URL parameters that allow internal site routing.