One of the most common mistakes when setting up Google Analytics 4 is the accidental collection of personally identifiable information, or PII. This is not just a privacy problem. It also goes against the platform’s terms and conditions. If Google detects that this kind of information is being stored, it could suspend or even close the account. That is why it is essential to review what data is being sent and apply measures to prevent it.
In GA4, some sensitive data can be captured unintentionally, such as email addresses or URL parameters. To help prevent this, the platform includes a redaction feature that allows this information to be hidden or modified before it is stored on Google’s servers.
In this article, we’ll look at why it is important to apply this measure, what types of data can be redacted, how to configure it in GA4, what its limitations are, and which additional steps can help strengthen data privacy.
Contents
Why it is important to avoid collecting personal data in GA4
Google Analytics 4 is designed to analyse user behaviour without storing information that can identify users personally. Even so, many websites accidentally send personal data to GA4, either because a form includes an email address in a URL or because an event collects information such as names or phone numbers. This is not only a privacy risk for users, but also a breach of Google’s policies.
If Google detects that a GA4 property is collecting PII, it may take measures ranging from deleting the affected data to suspending the account entirely. Depending on the severity of the case, this could mean losing all the analytical data collected for the website. For that reason, it is essential to review the tracking setup and make sure no sensitive information is being sent to the platform.
Beyond the risk of sanctions from Google, collecting PII can also have legal implications. Regulations such as the GDPR in Europe or the CCPA in California set strict rules around how personal data must be handled. In some cases, storing this information without the proper consent can result in significant penalties.
Implementing data redaction in GA4 not only helps avoid problems with Google. It also supports compliance and helps protect user trust.
Sensitive data you can redact in Google Analytics 4
At the moment, Google allows two types of personally identifiable information to be redacted: email addresses and URL query parameters. It is also important to keep in mind that this feature is only available for web data streams.
In the case of email addresses, Google looks for patterns that match email formats and redacts any value that fits those patterns before the information is stored.
For query parameters, the platform allows you to enter up to 30 parameters whose values should be redacted. It is worth remembering that this redaction only applies to these event parameters: page_location, page_referrer, page_path, link_url, video_url, and form_destination.
How data redaction works in GA4
Data redaction in Google Analytics 4 makes it possible to modify or remove sensitive information before it is stored on Google’s servers. Unlike other solutions, such as Google Tag Manager, which can block data before it is sent, GA4 includes its own internal feature to prevent certain values from being recorded within the platform.
When data redaction is enabled in GA4, sensitive values are replaced with (redacted) or with an empty value. This is done directly from the stream settings, without needing to modify the site’s code.
It is important to keep in mind that data redaction in GA4 only affects future data. If the property has already collected PII before redaction is enabled, that data will still remain in historical reporting. This mechanism also has limitations: it does not allow advanced transformation rules, and some cases, such as values sent through custom events, may require additional solutions to ensure proper anonymisation.
Step-by-step guide to redacting data in GA4
Configuring data redaction in Google Analytics 4 is relatively simple, but it does require identifying exactly what information is being sent and where it appears. The steps below cover how to redact the most common types of sensitive data in GA4.
Redacting email addresses
Email addresses are one of the most common types of personal data that can leak into GA4, whether through custom events or URL parameters. In this case, Google looks for patterns that usually match email addresses and redacts any data that matches one of those patterns, even when it is not actually an email address.
To configure this option, follow these steps:
- Go to the Admin section in GA4, located in the lower-left corner.
- Find Data streams under Data collection and modification.
- Select the data stream you want to edit.
- Look for the Data redaction section.
- Enable the option to redact email addresses automatically.
- Save the changes and verify that email addresses are no longer being collected in future events.
Redacting URL parameters
For URL query parameters, the platform allows you to enter up to 30 parameters to ignore. To do this, you need to know the name of the parameter that contains the sensitive information, because unlike email addresses, GA4 cannot detect this type of data through patterns.
Once you know which query parameters you want to exclude, go to the same section used for email addresses. There, enable the option to redact URL query parameters and enter the names of the parameters you want to block.
As mentioned earlier, remember that this functionality only applies to certain event parameters.
Testing data redaction
After configuring redaction, it is important to verify that sensitive data is no longer being stored by the platform. To do this, Google provides a Test data redaction section within the same configuration screen.
Its behaviour is straightforward. You simply enter a URL containing an email address or the parameter you want to block into the text box. After clicking Preview redacted data, GA4 shows how that URL would appear in reports. This makes it possible to confirm whether the configuration is correct.
Limitations of data redaction in GA4 you should keep in mind
Although GA4’s data redaction feature is useful for preventing the collection of sensitive information, it comes with some limitations that are worth understanding. It is not a foolproof solution, and in some cases it needs to be complemented with other tools or additional configurations.
One of the main limitations is that redaction only applies to future data. If personal data has already been sent to GA4 before redaction was configured, that information will remain in historical reporting and cannot be removed or anonymised directly from the feature itself. In those cases, the only option is to submit a data deletion request, although that does not always solve the issue completely.
Another important point is that GA4 does not allow advanced redaction rules. The platform offers basic options to hide email addresses and exclude certain URL parameters, but it does not allow more complex transformations, such as replacing names or modifying values inside custom events.
For more advanced cases, it is advisable to use Google Tag Manager or even an intermediate layer such as server-side Google Tag Manager in order to intercept and modify the data before it is sent to GA4.
Finally, it is essential to understand that data redaction in GA4 does not exempt you from regulatory compliance. Although this feature helps avoid the collection of personally identifiable information, it is still the website owner’s responsibility to make sure the implementation complies with regulations such as the GDPR or the CCPA.
Depending on the case, additional measures may be required, such as IP anonymisation or obtaining explicit user consent before collecting data.
Best practices for protecting privacy in GA4
Although GA4 provides options for redacting sensitive data, the best strategy for avoiding problems with PII collection is to prevent that data from being sent in the first place. Putting safeguards in place before the information reaches Google Analytics is far safer and more effective than relying only on redaction within the platform.
The first thing to do is make sure the GA4 implementation is not sending personal data by mistake. This means reviewing event configuration in Google Tag Manager or in the site code itself, and avoiding variables such as email addresses, names, or personal identifiers being captured in events, URL parameters, or cookie values. An audit of the data being sent to GA4 can help detect leaks and correct them before they become a problem.
In websites where data redaction is a critical requirement, it is also advisable to use more advanced solutions such as server-side tracking. This makes it possible to intercept, modify, and anonymise information before it is sent to Google Analytics, giving you much greater control over the data being collected.
It is also good practice to document all the data protection measures that have been implemented, both for internal audits and for compliance purposes.
As you can see, although GA4 provides tools to redact sensitive information, the best solution is still to take a preventive approach and make sure personal data never reaches the platform in the first place. That is what minimises compliance risks and ensures safer, cleaner data collection.
In the end, data redaction in Google Analytics 4 is an essential feature for protecting user privacy and supporting compliance with regulations such as the GDPR. Even so, it is not a complete solution on its own and should be combined with preventive measures, such as a clean event implementation, careful parameter design, and more advanced tracking controls where necessary.
