3 ways to exclude or anonymize IP addresses with Google Tag Manager
Privacy is a hot topic more than ever. Managing IP addresses to ensure user privacy is part of this. This is often done with Google Analytics' standard features, filtering IP addresses within a certain range. The problem with this is that the data does arrive in Google Analytics.
Google Tag Manager (GTM) itself offers several methods to exclude or anonymize IP addresses, ensuring that the IP addresses never reach Google Analytics. In this blog, we discuss three effective ways to achieve this while complying with GDPR guidelines.
- TAGGRS GDPR Tool
- Server Side Transformations
- Exclude ip addresses via web container
Why would you want to anomize or exclude ip addresses?
Here are some reasons why you might want to consider anonymizing or excluding IP addresses:
- Strengthening data privacy: By anonymizing IP addresses, you ensure that personally identifiable information is not stored or processed, which helps comply with privacy laws such as the GDPR.
- Exclusion of internal traffic: Excluding IP addresses from your own company ensures that internal traffic is not included in the data analysis, leading to more accurate reports.
- Preventing data collection by third parties: By excluding IP addresses, you reduce the risk of sensitive data getting into the hands of third parties.
- Adapt to regional laws: Different regions have different data privacy requirements and laws. Anonymizing or excluding IP addresses may be necessary to comply with local regulations.
1. Anonymize IP addresses with TAGGRS GDPR Tool.
The TAGGRS GDPR Tool is a TAGGRS solution that helps anonymize IP addresses and user agents, which is essential for GDPR compliance. This tool allows users to easily adjust privacy settings through our user-friendly dashboard. By using this tool, you can ensure the privacy of your users without complex configurations.
Implementation steps:
- Navigate to the TAGGRS dashboard.
- Activate the IP anonymization function.
- Configure the desired settings for optimal privacy protection.
2. Applying Server Side Transformations in Google Tag Manager
Server-side transformations within GTM allow you to manipulate incoming data before it is processed. This provides a good method to filter or modify IP addresses immediately upon receipt. The big advantage of server-side transformations is that data quality is preserved and user privacy is protected.
Implementation steps:
- Set up GTM for Server Side use.
- Add transformation rules to exclude IP addresses.
- Test the configuration to ensure that no sensitive IP data is transmitted.
Can't figure it out? Check out our explanation of Server Side Transformations.
3. Exclude IP addresses via the Web Container Google Tag Manager
Excluding IP addresses in Google Tag Manager (GTM) via the web container is a direct method of preventing specific IP addresses from being forwarded to your analytics and other data processing services. With this, you also ensure that the data does not even arrive in the server. As a result, it is also not processed by, for example, a Server Side Tracking hosting party.
Steps for setting up IP exclusion in the GTM web container:
Step 1: Create Custom HTML IP Addresses tag
- Visit tagmanager.google.com and log in with your account.
- Choose the appropriate account and container you want to configure.
- Click "Tags" on the left menu and select "New Tag.
- For example, name the tag as "IP Exclusion."
- Choose "Tag Configuration" and select "Custom HTML.
- Paste the following JavaScript code that retrieves the IP addresses and forwards them to the dataLayer:htmlCopy code
- Select "all pages" as the trigger.
<script>
(function getIpAddress() {
fetch('https://api.ipify.org')
.then(function(response) {
return response.text();
})
.then(function(ip) {
window.dataLayer = window.dataLayer || [];
window.dataLayer.push({
event: 'IPAddressEvent',
IPAddress: ip
});
});
})();
</script>
Step 2: Creating a Custom Variable
With the tag and trigger ready, the next step is to create a custom variable that captures the IP address from the data layer.
- In Google Tag Manager, go to "Variables" via the left sidebar.
- Scroll to 'User-defined Variables' and click 'New'.
- Give the variable the name "IPAddress."
- Choose "Variable Configuration.
- Select "Data Layer Variable" as the type.
- Under "Data Layer Variable Name," enter "IPAddress" as used in the tag.
- Click 'Save' to save the variable.
Now that we have the custom variable "IPAddress" set up, here are the steps to use this variable in a new trigger that activates only under certain conditions, and how to then add this trigger as an exception to the Google Tag to exclude specific IP addresses.
Step 3: Set up Trigger for Specific IP Lockout
- Go to "Triggers" in the Google Tag Manager dashboard and select "New Trigger.
- Choose the "Initialization" type.
- Name the trigger, for example, "Exclude Specific IP."
- Set the condition so that this trigger activates only if the "IPAddress" variable equals a specific IP address you want to exclude. Replace "[Fill in IP Address]" with the actual IP address you want to exclude.
Step 4: Add the Trigger as an Exception to the Google Tag
- Go to 'Tags' and select the Google Tag
- In the 'Triggering' section of the tag configuration, add the newly created 'Exclude Specific IP' trigger as an exception.
- This ensures that the tag is not triggered when the site visitor has the specified IP address.
You have now ensured that certain ip addresses are not sent to the server container. Save all changes and use Preview mode to ensure that the tag is not firing for the specified IP address. Publish the changes after you have verified that everything is working correctly.
Outro: securely anonymizing ip addresses
In this blog, we discussed three methods via Google Tag Manager to anonymize or exclude IP addresses: using the TAGGRS GDPR Tool, server-side transformations, and exclusions via web containers. Each of these techniques allows you to manage IP data in different ways, from simple anonymization to more complex configurations that prevent specific IP addresses from being forwarded.
Relevant Blogs:
FAQ: Securely Anonymizing IP Addresses for Third Parties.
Why is it important to anonymize or exclude IP addresses?
Anonymizing or excluding IP addresses helps protect users' privacy and helps organizations meet the requirements of privacy laws such as the GDPR.
What are the consequences of not anonymizing IP addresses?
Failure to anonymize IP addresses can result in the collection of personally identifiable information without consent, which can violate privacy laws and result in fines and reputational damage for organizations.
Are there risks associated with excluding IP addresses?
Excluding IP addresses can lead to inaccurate data analysis, especially if important internal traffic is excluded. It is important to carefully select which IP addresses are excluded so as not to lose valuable insights.