You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
European Union have noticed that default setup of Google Analytics does not comply with GDPR as data is sent unrestricted to an american service possibly outside of Europe.
42
-
This includes the use of `gtag.js` as JavaScript pushes the request from visitors device including their IP-Address.
43
-
44
-
Server Side Tracking, however, does only send information specified inside the body and about your server.
32
+
## Europe - GDPR Notice
45
33
46
-
Relying solely on Google Analytics 4 Events - that is not pushed through the `gtag.js` script - can be scraped of GDPR-related information.
34
+
The European Union have notified that Google Analytics does not comply with GDPR by default. This is because the frontend Client sends visitor details like their IP Address and device information with events. This can be avoided with a middle-man server inside the European Region.
-Options: [Privacy controls in Google Analytics](https://support.google.com/analytics/answer/9019185?hl=en)
50
38
51
39
## Getting started
52
40
53
-
To setup Analytics you need a Measurement ID and API Secret.
41
+
Setup requires a **Measurement ID** and **API Secret**. Go to Administrator (Bottom left) -> Account -> Data Streams -> {Your Stream}. Here you should find Measurement ID at top and "Api Secrets for Measurement Protocol" a little down the page, where you can create yourself an `API secret`.
54
42
55
43
Go to `Administrator` (bottom left) and then select your `Account` -> `Data Streams` -> your stream.
56
44
Here you will find `Measurement-ID` at top from and further down `Api Secrets for Measurement Protocol`, in there you can create yourself an `API Secret`.
57
45
58
-
**PLEASE** note that Google Analytics will look out from traffic gathered by the `gtag.js` library, as Server Side Events are supposed to supplement the frontend through its `_ga`/`_gid` cookie sessions.
46
+
Once you have obtained the credentials, you can initialise the Analytics like this:
59
47
60
48
```php
61
49
use AlexWestergaard\PhpGa4\Analytics;
62
50
63
51
$analytics = Analytics::new(
64
52
measurement_id: 'G-XXXXXXXX',
65
53
api_secret: 'xYzzX_xYzzXzxyZxX',
66
-
debug: true|false
54
+
debug: true|false #Default: False
67
55
);
68
-
69
-
// You can set CONSENT here if not done through the gtat.js
70
-
// Read full docs here: https://support.google.com/tagmanager/answer/13802165
71
-
$consent = $analytics->consent(); // returns a consent handler
72
-
73
-
// Sets consent for sending user data from the request's events
74
-
// and user properties to Google for advertising purposes.
75
-
$consent->setAdUserDataPermission();
76
-
$consent->getAdUserDataPermission();
77
-
$consent->clearAdUserDataPermission();
78
-
79
-
// Sets consent for personalized advertising for the user.
80
-
$consent->setAdPersonalizationPermission();
81
-
$consent->getAdPersonalizationPermission();
82
-
$consent->clearAdPersonalizationPermission();
83
56
```
84
57
85
58
### Data flow
86
59
87
-
`session_id` > Google Analytics does not specify a required type of **session or user id**. You are free to use any kind of **unique identifier** you want; the catch, however, is that Google Analytics populates some internal data with `gtag.js`, that is then referenced to their `_ga` cookie session id. Just be aware that `gtag.js`is using _client-side Javascript_ and can therefore have some **GDPR complications** as requests back to Google Analytics contains client information; such as their IP Address.
60
+
Server Side Tagging is not supposed to replace the frontend Client and session initiation should happen through the `gtag.js` Client. The default flow is supposed to happen as follows:
88
61
89
-
1. Acquire proper GDPR Consent
90
-
2. Client/GTAG.js sends session_start and first_visit to GA4
91
-
3. GA4 sends `_ga` and `_gid` cookies back to Client/GTAG.js
92
-
4. Server uses `_ga` (or `_gid`; or your unique session_id) to populate events
62
+
1. Obtain proper GDPR Consent
63
+
2. Client/GTAG.js initiates session with Google Analytics
64
+
3. Google Analytics sends `_ga` and `_gid` cookies back to Client/GTAG.js
65
+
4. Server uses `_ga` (or `_gid`) to send/populate events
66
+
- Eg. GenerateLead, Purchase, Refund and other backend handled events.
93
67
94
-
Note: It is entirely possible to push events to backend without acquiring the session cookies from Google Analytics; you will however lose information bundled inside the `GTAG.js` request if you do not figure out how to push that via backend too.
68
+
Note: It is entirely possible to push events to backend without acquiring the session cookies from Google Analytics; you will, however, lose information bundled inside the `GTAG.js` request if you do not figure out how to push that via backend too. You can replace the `_ga` and `_gid` sessions with your own uniquely generated id.
95
69
96
-
### Layers
97
-
98
-
The code is following 3 layers that should be considered; 5 layers at max.
70
+
All requests should follow this structure and contain at least 1 event for Google Analytics to accept it.
0 commit comments