Data Deletion in Google Analytics 4
Users have high expectations for privacy and data protection. Google Analytics offers governance and security features such as privacy controls to meet these expectations. Google’s blog about its privacy by design approach to analytics provides an executive summary of the features that allow organizations to control how data is used in order to respect user privacy.
Google Analytics 4, like Universal Analytics properties, offer organizations the ability to control how data is used in Google Analytics. We’ve written about strategies for data privacy and about Google Analytics 4 privacy features in the past. One question we sometimes get asked is how data deletion requests work at a tactical level. This post dives into the process for data deletion requests in Google Analytics 4.
Let’s start with why a company would submit a data deletion request.
Data Deletion Use Cases
The most common use case for deleting data is to protect user privacy.
Google's policies prohibit Personally Identifiable Information (PII) to be sent to their systems.
If PII is found by Google, they will generate a Data Deletion Request to allow you to review the PII that was found and make changes to your property, or to object if you believe the request was invalid.
If PII is found by you, you can create a Data Deletion Request to rectify any incidents.
Note: You need the Editor role at the Property level to make data-deletion requests for a Google Analytics property, including Google Analytics 4 properties. Learn more about prerequisites here.
Option A: Delete Data from the Admin > Data Deletion Request screen
Suppose you have event data containing PII.
In the example screenshot above, there are two events (event_with_pii_in_name, event_with_pii_in_param
). There is also an event-scoped custom dimension with pretend PII (ep_pii_example
).
Let’s assume you need to delete the custom dimension from all events where it appears.
From the Google Analytics Admin screen, select Property > Data Deletion Requests.
You will be greeted by a step-by-step form where you can specify the deletion type, the start date, and for event-scoped deletions, an end date.
Deletion Types Available in the Data Deletion Request
You will be prompted to choose from the following options:
Deletion type | Description |
---|---|
Delete all parameters on all events | Delete all registered and automatically collected custom dimensions across any/all events. Google Analytics does not delete custom metrics, custom dimensions derived from internal trusted identifiers, or the reserved values "", "(not set)", and "(data deleted)". |
Delete all registered parameters on selected events | Select specific events for which all registered and automatically collected dimensions are to be deleted. |
Delete selected parameters on all events | Select specific dimensions to be deleted from every event. |
Delete selected registered parameters on selected events | Select specific dimensions to be deleted from specific events. |
Delete selected user properties | Select user properties to be deleted. |
In this example, you’re looking to delete the custom dimension ep_pii_example
from all events, so you would select that deletion type, then find the custom dimension in the list of event parameters, and schedule the deletion.
When the request is confirmed, an Incident ID will be generated for tracking and audit purposes. All property admins will receive an email notification to review the request. Admins get one week, known as the preview window, to cancel any deletion request before Google Analytics begins to delete data. The deletion can be canceled during the preview window.
During the preview window, all users will be able to preview the effects of the deletion in reporting and analysis. For example, we can run a Free Form report in the Explorations tool and preview the data to be deleted. Compare the following screenshots.
Before:
After:
In the “after” screenshot, the row value, “Delete this event param PII!” is replaced by “(data deleted).”
Property admins will receive an email notification once the deletion has begun.
Additional Considerations
Data Deletion Requests Do Not Delete the Following Dimensions:
age
app_instance_id
audience
browser
browser_version
city
continent_name
country
gender
hour
latitude
longitude
platform
platform_version
region
stream_name
sub_continent_region
user_property_name
Given that stream_name
cannot be deleted, it is important to note that entire data streams cannot be deleted. This question arises during mergers, acquisitions, and spinouts: if a company had a digital property collecting data in a data stream in part of a bigger property, can that data be moved to the acquiring company, or deleted from the selling company’s property?
The answer is no. If a line of business could be packaged and sold as a distinct entity, it needs its own property, rather than a data stream, so that the property can be moved from the Google Analytics account of the seller to that of the buyer. See our article on properties vs. data streams for more information.
You Can Only Delete Active Registered Custom Dimensions.
If you have never registered the custom dimension, there is no stored data for that request to delete.
If you have ever unregistered a custom dimension and subsequently need to perform a deletion of that field, you can do one of the following: delete all parameters for a set of events, or delete all parameters across all events.
Data Deletions Can Impact Campaign Attribution.
When a deletion is completed, from that point forward, all historical campaign information is no longer available for attribution. Attribution credit could go to other campaigns or it may be considered “direct” traffic.
Option B: Delete User Data from the User Explorer Report
In order to find the user whose data must be deleted, you will need that user’s App Instance ID (for mobile data streams), Client ID (for web data streams), or User ID (if you’re setting this field in logged-in user journeys).
Then, from the Explorations section, create a report using the User Explorer technique. Find the user from the list and click to drill down on that user. Click the trash can in the upper-right-hand corner to delete that user’s data.
All data in Google Analytics associated with that user will be deleted from the report within 24 hours and from Google Analytics’ servers within 63 days.
To verify that the request was processed, wait 24 hours and look in the User Explorer report with the same time frame selected. The user’s data will no longer appear.
Option C: Delete User Data Using the User Deletion API
The User Deletion API allows you to programmatically process data deletions associated with a specific user identifier. For example, a common use case for the User Deletion API is to honor requests from users to delete data on a per-app, per-device basis.
At a high level, the User Deletion API allows you to insert or update a user deletion request based on the App Instance ID, the Client ID, or the User ID.
Here is an example.
Suppose you need to delete data associated with a User ID.
With User Deletion API, you would delete all data for that user by sending an HTTP request with the following request body:
{
"kind": "analytics#userDeletionRequest",
"id": {
"type": "USER_ID",
"userId": "SEAN"
},
"propertyId": "222100927",
"deletionRequestTime": "2022-02-23T20:17:39.255Z"
}
If successful, you will receive a 200 status response.
Once the request is made, the user’s data will be removed from the User Activity Report within 72 hours. It will be deleted from Google Analytics’ servers during the next deletion process, which occurs approximately every two months.
Metrics based on previously aggregated data, such as user counts in the standard reports, will be unaffected.
Deleting Data in BigQuery
The options discussed so far describe how to delete data from Google Analytics.
If you use the BigQuery Export integration, you can delete the offending data from your own analytics tables by running data manipulation statements. Bear in mind that Google Analytics 4 can cache offline events from apps locally and send them to Google Analytics when an internet connection is available. This can continue for up to 72 hours. Include these days in the timeframe of your DELETE statement.
Related Resources
- How To Find Personally Identifiable Data In Your Google Analytics
- Advancing Privacy and Data Control with Google Tag Manager Server-Side Containers
- 2021 Strategies for Data Privacy & Cookie Consent Management
- Privacy Features in Google Analytics 4 Properties