How To Delete Data in GA4 (Google Analytics)
This post is based on a published article written by our Google Marketing Platform consultant, Masayuki Ohta, in our Japanese website: GA4から計測データを削除する方法.
There are cases when, unexpectedly, our Google Analytics reports capture data that should not be there. Capturing data like Personally Identifiably Information (PII) is not only illegal in some regions, it can also get you in trouble with Google.
Some sites still populate PII in URL query parameters while communicating with third parties. Once this happens Google Analytics will automatically capture this URL making this PII available in the reports, which a violation of GA4 Terms Of Service. It’s a rare occurrence, but far more common than people suspect.
Should your data be victim of this scenario, #GA4 has a mechanism to delete the data sent to the server after it has been collected. This post is an introduction to the necessary steps to take to delete data from Google Analytics.
Table of Contents
- Deletion Request Overview
- Removal of URLs Containing PII
- Grace Period
Creating Deletion Request
To delete data from GA4 the first step is to select “Data Deletion Request” in the property settings of the Admin screen.
Start the process by clicking on “Schedule a data deletion request” from this screen. There are 5 deletion types for data deletion requests. Select the type that most applies to you. Don’t worry, you will have a chance to review conditions and specify the rules for deletion.
The current deletion request types are:
- Remove all parameters from all events
- Remove all registered parameters from selected events
- Remove selected parameters from all events
- Remove selected registered parameters from selected events
- Delete Selected User Properties
The type of deletion request will depend on your specific situation. However, a common issue we find with our clients is the unintentional collection of Personal Identifiable Information in the URLs. Be it intentionally or not, this is in violation of Google Analytics ToS.
Let’s take a look at a specific example of deleting data for a site that has collected personal information in the URLs. Our target site has loaded some pages containing sensitive information – e.g. emails and phone numbers. It is obvious the values are PII, but for the purpose of this example the query parameters in a intuitive are also intuitively named “email=”, “emx=”, “phone=” and “phx=”.
We noticed the problem in the regular reports and confirmed creating a custom table report including “views” for “page location” and “page referrer” dimensions.
Removal of URLs With Personal Identifiable Information (PII)
While it is good we have a way to delete data that can throw companies in hot water, the deletion system is not very flexible. We are usually forced to choose to either delete too much or delete too little. This can pose a challenge deleting PII while maintaining data’s actionable properties.
In this example we have a series of pages that have unintentionally captured PII.
We will request to delete two GA4 parameters, “page referrer” and “page location”. We are also choosing to limit the impact to those values that contain a specified text by clicking on “Only delete parameter values that contain the following text”. Our target value is set to “mail.com”.
Results from the request can be observed almost immediately. We had a total of 3 “page location” that included a parameter with a value “
mail.com” and 1 “page referrer”. They are now consolidated in a “(data deleted)”.
CAUTION: The wording gives the impression that only the targeted parameters would be deleted, this is not the case. The request will delete all query parameters from the GA4 parameter we specified. In other words, there is no way to delete a single parameter. Notice we had one dimension that had the parameter firstname.lastname@example.org (match), phx=6131234567 (not a match). Both parameters were deleted.
The second challenge is that bigger organizations have a lot of volume. Making requests specifying the target values might be practically impossible if there are many different patterns to the targeted value. That means the other option would be to delete all parameter values for those dimensions on specific dates.
Data Deletion Grace Period
There is a 7-day grace period before the data is permanently deleted. Google Analytics will be able to cancel the request before 7 days, which means it is possible to review the details of the request and cancel the change if necessary.
Follow the steps above to delete data in GA4. Perhaps we will see more flexibility on how Google approaches deletion requests to have a more surgical approach. Meanwhile, it may be good to consider setting up guardrails in Google Tag Manager or alerts in BigQuery to ensure no PII data is inadvertently getting into you reports.