Recently, Google Analytics sent out emails to users related to their use of Remarketing with Google Analytics to inform that they might need to update their Privacy Policy of their websites.

This is because the remarketing functionalities of Google Analytics service will work cross-device starting from May 15, 2017.

Here's the email that Google Analytics sent out:

Email in May 2017 from Google Analytics on Cross-Device Remarketing Update

It reads:

Dear Google Analytics User,

Marketing with Google Analytics will soon be enhanced to take advantage of new cross-device functionality available in AdWords and DoubleClick.

Please log in to your account for an important update to your remarketing settings, which may relate to your privacy policy.

If you received this email from Google Analytics, it means that you have Remarketing enabled on your Google Analytics account:

Remarketing and Advertising Reporting Features enabled in Google Analytics

If you log-in to your Google Analytics account you will be notified about this update through an announcement bar:

Announcement Bar on Google Remarketing Update in 2017

It reads:

Starting May 15, 2017, all properties using Remarketing with Google Analytics will be enhanced to take advantage of new cross-device functionality. This is an important update to your remarketing settings, which may relate to your privacy policy. See details or visit your data collection settings.

Here's how Google explains this update (when you click "See details" link from the announcement bar):

Important update to Remarketing with Google Analytics in May 2017

It reads:

Important update to Remarketing with Google Analytics

Starting May 15, 2017, Remarketing Audiences created in Google Analytics will be enhanced to automatically take advantage of new cross-device remarketing functionality now available in AdWords and DoubleClick. This will allow you to reach your customers across devices when using Google Analytics Audiences.

Our research shows that six in ten internet users start shopping on one device but continue or finish on a different one. With cross-device remarketing in AdWords and DoubleClick, if someone visits your website on one device, you can now reach them with more relevant ads when they search or browse on another device.

Where users have chosen to enable Google to associate their web and app browsing history with their Google account, and to use information from their Google account to personalize ads they see across the web, Google will use data from its signed-in users together with your Google Analytics data to build and define audience lists for cross-device remarketing. In order to support this feature, Google Analytics will collect these users' Google-authenticated identifiers, which are Google's personal data, and temporarily join them to your Google Analytics data in order to populate your audiences.

No action is required for these changes to take effect but please review your privacy policies and make any necessary updates to explain what data your business collects and shares with Google.

These changes do not affect your rights to your Google Analytics data, which is still owned by you.

As always, Google users can control their ads experience (or opt out of personalized ads altogether) at My Account.

If you don't wish to enable Remarketing with Google Analytics, please turn off remarketing data collection.

So what does it mean for your Google Analytics account and/or your websites? Here's what you need to do:

  • If you use remarketing and you have the Remarketing option enabled at the "Data Collection Settings", then update your Privacy Policy to inform users that your website uses Google Analytics for remarketing purposes.
  • If you don't use remarketing and you don't have any intention to run remarketing campaigns, you can simply disable the Remarketing option at the "Data Collection Settings". According to Google, you won't need to update your Privacy Policy in this case.

If you need to update your Privacy Policy because you use remarketing, follow these steps:

  1. Go to our Privacy Policy Generator to create a Privacy Policy for your website.

    If you already have a Privacy Policy, you can use the Privacy Policy Generator to create the necessary clause to update your policy with.

  2. Answer "Yes" at the "Do you use remarketing services for advertising purposes?" question.
  3. TermsFeed Privacy Policy Generator: Do you use remarketing platforms? question

  4. Select "Google AdWords" at the "Select what platforms are you using for remarketing purposes" question.
  5. TermsFeed Privacy Policy Generator: Google AdWords selected as remarketing platform

  6. Our Privacy Policy Generator will create the necessary Privacy Policy with clause informing users about your use of remarketing campaigns.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your website or app.

    TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.

If you do not plan to use remarketing, follow these steps:

  1. Login to your Google Analytics account
  2. Select a website property
  3. Click "Admin" to reach the Administration section
  4. Google Analytics: Admin link

  5. Click "Tracking Info"
  6. Google Analytics: Tracking Info option

  7. Select "Data Collection"
  8. Google Analytics: Data Collection at Tracking Info

  9. You can disable the "Remarketing" option
  10. Remarketing and Advertising Reporting Features enabled in Google Analytics

A Privacy Policy is required by Google Analytics even if you use remarketing or not because Google Analytics uses cookies to track users' visits on your website. The Terms of Service agreement of Google Analytics informs users on the requirement of having Privacy Policy agreement in place:

Google Analytics Terms of Service: Privacy Clause

This clause in the Terms of Service agreement requires users who signed up for Google Analytics to disclose the use of Google Analytics, disclose how the data is collected and processed, and provide notice of the use of cookies to visitors of the website.

Using cookies to track visits is enough to trigger the requirement of having a Privacy Policy if you are based in the EU or you have customers/visitors from the EU according to the EU Cookies Directive.

If you run remarketing campaigns, you'll need to update your Privacy Policy even if you don't use Google Analytics to run remarketing campaigns through Google AdWords.

Here's how Google AdWords is requiring customers to update their Privacy Policy if they create remarketing campaigns:

  • You're required to disclose how you are using remarketing
  • You're required to disclose that third-party vendors (like Google) show your ads across other websites
  • You're required to disclose that third-party vendors (like Google) use "cookies" to show your ads based on past visits to your website
  • You're required to disclose how users can opt-out of such third-party's use of cookies (like Google)

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy