0

For logged-in users on my site, I want to expose customer email address and name in our dataLayer for each page so that GTM can push these variables to various third parties via their tags, such as Fullstory and Intercom. This will make it easier to understand which customer we are working with when we're using those third party systems.

I believe that GTM is not subject to the same PII concerns as GA because the PII data never moves from the client browser to Google.

However, are there any other significant risks around exposing PII information in this manner? Googling around, I cant find any indication of best practices for what information you should/ shouldn't include in a dataLayer.

Thanks!

oridley
  • 1
  • 1
  • 1

3 Answers3

1

Any PII data that you push onto the dataLayer could technically be seen by a curious (and technical) user if they were motivated enough. Usually this data will either be directly visible on the screen or it will reside in JavaScript variables or cookies. By pushing this data onto the dataLayer, you may be making it slightly more visible (all a user would have to do is inspect the dataLayer to see it). If you are worried about this, you can always hash the PII before pushing it onto the dataLayer. This will ensure that any party eavesdropping between the browser and the 3rd party where you're sending the data cannot make use of it. Of course this is not bullet proof and the most idea situation is to send this PII to the 3rd party over HTTPS.

faridghar
  • 1,445
  • 2
  • 13
  • 25
1

Since your user is logged in, you can instead push your customer id number to the data layer and some attributes like member type. You will need to add the customer id and attribute fields as new custom dimensions in Google Analytics, but then you can send the customer id to know who are your active folks without sending any pii through google. Also emails change frequently and last names can change-your customer's id is likely more stable. Additionally your customer id can support the user-id feature in Google which will better your returning vs new user metric accuracy. https://support.google.com/analytics/answer/3123666?hl=en

PIWIK is touted to be just like Google Analytics, but it allows pii. You may want to look into that if you'd like to have all the data in one place. https://piwik.org/

EllieB
  • 11
  • 1
1

As policies are written, it does seem that the entire GA product is an extremely risky tool to put stock in.

Given that Google can terminate an account for simply containing PII, what's stopping any given user from visiting https://example.com/my-social-security-number-is-123456789 and injecting this information without any action from a site owner?

Why can't I open up the developer console and run window.dataLayer.push({event: 'oh no...', name: 'John Doe', ssn: '123456789'}); -- worse yet, what if a bad actor purchases some real information and dumps it into your GA account via the datalayer? What if they use thousands of distinct actors in a bot farm, slowly over the course of several months to make it look legit? Is this poisoning enough to cause account termination if there isn't someone monitoring it 24/7?

My advice is to ask a lawyer to parse out exactly what you're on the hook for. As policies are written, the datalayer seems to be a very dangerous thing to even allow if you're going strictly by how policies are written.

Luke A. Leber
  • 702
  • 6
  • 17