GA4 vs UNIVERSAL ANALYTICS: Main differences in privacy treatment
Google Analytics Universal vs GA4. The main difference between the two is that the former is based on page views and sessions, and GA4 focuses on events and parameters.
A session is a group of user interactions (visits) with a website that takes place over a given period of time. A session can contain, for example, multiple page views, events, and e-commerce transactions.
In contrast, Google Analytics 4 uses a measurement model based on events and parameters. The principle here is that any interaction can be captured as an event. As a result, all types of visits in Universal Analytics are translated into events in GA4.
This change came about because nowadays not all internet traffic comes from websites, but also from mobile apps. For all of these content types, events allow us to measure the data collected.
Google Analytics 4 is actually nothing new. It is the Google Analytics “Web+App” property, which has now been renamed Google Analytics 4.
This means that all data sent to GA 4 has adopted the Firebase data model in the form of events and so each event is distinguished by the event_name parameter, with additional parameters to describe the event.
It is important to note that Google Analytics 4 is not an update to Universal Analytics (UA).
How does Google Analytics 4 work vs. Universal Analytics?
GA4 session metrics are derived from the “session_start” event, which is automatically collected when a user uses an application or a website. In addition, session duration is calculated based on the time interval between the first event and the last event of the session.
Page views in Universal Analytics are converted to page_view events in GA4 properties. This means that when we configure GA4, the page_view event is automatically triggered from the gtag.js code snippet or the GA4 configuration code in GTM.
Google Analytics events are automatically logged from the gtag or gtm configuration.
Let’s now look at an important issue: how Google Universal Analytics vs GA4 behaves in privacy mode.
Google Analytics works by setting cookies in a user’s browser when they visit a website. These allow the website to collect information about the user. That information can be as simple as “this user has visited this website before”, or more detailed, such as how a user interacted with the site before… However, cookies also pose a privacy risk because they share data with third parties.
Due to the latest legal regulations such as GDPR and ePrivacy, many companies have to sacrifice data to respect those who choose not to be tracked by cookies.
Google Analytics says GA4 is designed with privacy in mind, but what does that mean?
GA4 introduces a variety of privacy features, including default IP anonymization, does not store IP addresses and relies on proprietary cookies, which supposedly comply with privacy laws. For this reason, GA4 cannot provide us with location information or user identification.
The previous version of Google Analytics collected users’ IP addresses by default, which means that Google Analytics will no longer store the IP addresses of your devices. This was in violation of GDPR as an IP address is considered personally identifiable information, protected by law.
GA4 also establishes differences regarding the location of servers, the mode of consent, the deletion of users’ personal data, rules regarding the use of personal data, and a shorter data storage duration.
But there is still one issue left, Google still has to regulate EU-US data protection. At present, the company does not sufficiently protect the data of EU citizens and residents from US surveillance laws. As negotiations are still underway, it is expected that it will take years to reach a workable agreement. As European Commission, President Ursula von der Leyen said, “work is ongoing with the Biden administration on the new agreement that will allow for predictable and trustworthy data flows between the EU and the US, while safeguarding the privacy and civil liberties.”
To sum up, we are seeing that despite having established new ways to ensure data privacy, these new features of GA4 do not automatically make a website GDPR compliant, and each country has its own privacy requirements, even within the EU.