- Normative e Privacy
Many website owners have received an email from a certain Federico Leva (he is an activist) requesting the removal of their data from Google Analytics, let's see in detail if this is possible and how to do it. Personally I consider this act simply a provocation and the massive sending passable for Spam and Phishing. Respond to the request through an online survey conducted with limesurvey.org and without any verifiable reference. The same sending email, email@example.com , is questionable. So much so that I reported the email received to the Italian Guarantor, on Tecnoacquisti.com we do not use Google Analytics . But everyone will have to hear who follows them for privacy by following their advice on whether to respond or not.
I would like to point out that you may have Google Analytics tracks that you are not aware of, which are used by services implemented on your ecommerce or website, through iframe or external JS code. For example, some verified review services do this. Obviously it is always the owner of the site who has to answer for it.
I await some information from the trade associations, and to the request for information on the matter sent to the Guarantor. Federico Leva , however, raises a real problem that we have already covered here . So I decided to write this article to tell you how to remove a user from Google Analytics or how to make the correct request for removal. Personally I sent it to limesurvey.org having had to visit the site to learn more about the activity of this activist.
Can we remove a user's data from Analytics?
Yes, of course we can do it, but Federico Leva's email is missing an important data, namely his Client ID associated with the cookies issued through our domain. It is missing because obviously the ID changes for each site visited. If he had released a real email and not a survey to answer I might as well ask him to provide me with his and remove it from the GA account which I haven't had for almost a year. To find your Client ID, the simplest solution is to use the EditThisCookie extension which I have often talked about as it is very useful.
In the images an example of GA Client ID associated with three websites: PayPal.it, PrestaShop.com and ilfattoquotidiano.it. These IDs are exclusively associated with the cookie generated by my workstation during the visit. Using EditThisCookie is very simple, just:
1. Click on the cookie- shaped icon
2. Search for _ga in the list of cookies associated with the site we are visiting, open the entry and copy the present value that begins with GA ...
With Firefox just click CTRL + Shift + I and go to Archive
Keep in mind that a website can have multiple GA properties, for example one with a truncated IP (what they say anonymous) and a complete one behind cookies law or a UA and a GA4 property. For this reason, rather than being removed from the Google Analytics statistics, do a lot of before deleting the navigation cookies and related data of your visit to a particular website.
How to remove Federico Leva on duty from Google Analytics?
Anyone has the right to request the removal or modification of their data, as required by the GDPR. And we are required to remove them and respond. In fact I have performed this activity several times towards some spam newsletters including political parties, without ever receiving a reply. And making a complaint to the Guarantor takes time and above all it is not free, so I have never gone further.
Google allows it by having the Client ID we can do it. Through a truncated IP (even if it is complete) or other data, we cannot do this.
In particular, the IP address provided by Leva is found in 2 bytes, so there are 65025 - 1 possible IPs of other users that would match.
To do this, go to Public -> User Exploration
We look for the user with the ID that he gave us
A simple click on delete and that's it, that user's data is gone
Once completed, you can communicate to the user that his data is deleted, perhaps inviting him to delete the navigation cookies and above all, if he cares about his privacy, to surf with a VPN and if really paranoid with a Double VPN on the Orion network via the Broswer Tor.
Continue to use Analytics or not?
As mentioned, Federico Leva raised a real question, verging on Phishing as it is a dynamic linked to this type of cyber attack. In light of what has already been raised by the Austrian, French and now Italian Guatante. In my opinion it's time to change, take back 100% of your data and use Matomo for statistics. As I addressed in the article:
To answer Federico Leva or not?
This you must ask to those who follow you for privacy or to your lawyer.
Although I find it very difficult the survey has disappeared from LimeSurvey replaced by: "We are sorry but this survey is currently not available - please come back later." LimeSurvey confirms that it has banned the user: " I am sorry for the inconvenience. This customer has abused our survey service for sending out this email. The customer is blocked permanently . "
As stated, the sending email is firstname.lastname@example.org and of the noreply type, so no one reads any replies, and it is not the activist's email. The link to the survey / forum even if it uses its domain, redirects to limesurvey.org. Sending a request to the Italian Guarantor through their PEC to email@example.com asking for clarification costs you nothing. Now that you know how to read your Google Analytics Client ID it doesn't even cost you anything to ask https://www.limesurvey.org/ to remove you from their Google Analytics stats. The support email is: firstname.lastname@example.org.
Surely it is an excellent Marketing activity now thousands of ecommerce owners and websites know the services offered by limesurvey.org, as well as the activities of this activist.
Not bad. You can both publish and quote his Activist Email, as it is public and sponsored by the activist himself on social media.
The above is purely the point of view on a technical level, for the legal question I refer to the excellent article by the LegalBlink Team:
Author: Loris Modena