Our plugin assists in different ways to comply with the CaCPA, but you also have to do some aspects yourself. This includes setting up several aspects within your Google Analytics. They are not as strict as the GDPR, but it has to be done.
Step 1: Make sure that Google Analytics is included in your DNSMPI
Within the CaCPA you have to inform users about which cookies are used. You do this in your DNSMPI (Do Not Sell My Personal Information) page.
Make sure you clearly indicate what activities you perform within Google Analytics. For example, do you anonymise IP addresses?
Within Google Analytics a lot is being shared with other Google services, such as Google Adwords, Google Optimizer etc. You also need to mention this if you have enabled this. Disabling can be done via this way:
Admin > Account Settings > Data Sharing Settings.
User ID Function
Within Google Analytics there is also an option that tracks surfing behavior of different devices and keeps track of the number of sessions. You should also describe this in your DNSMPI page if you have enabled this.
You can find the following way to check if you use this (you can also disable it here):
Admin > Property Settings > Tracking Info > User ID.
Sharing for advertising purposes
Google Analytics also shares data for advertising purposes, such as remarketing. Do you do remarketing? Put this in your DNSMPI. If you don’t want to do this, uncheck it on the next page:
Admin > Tracking Info > Data Collection.
Step 2: Sign a service providing agreement with Google
Service providing agreements are an important part of the CaCPA. You also need to sign one with Google Analytics. These can be found here:
Account Settings > Data Processing Agreement > Review Amendment.