Avoiding sending Personally Identifiable Information (PII) to Google Analytics with Drupal
Mike Dixon
Having PII in Google Analytics is a big no no, it violates their terms of service and can cause you to have to remove all your analytics data - not fun.
The good news is, most 'standard' Drupal sites using most 'standard' GA implementations avoid sending any PII with one exception - and that is the user password reset page.
The problem occurs when a user attempts to login but enters and incorrect password. They are then presented with a message saying "Unrecognised username or password. Have you forgotten your password?". The "forgotten your password" bit is a link to the user/password page - which crucially passes the user's name (or email) in a query string parameter - something like
user/password?name=mike.dixon@example.com
And there lies the issue. That URL will be tracked by GA - and obviously that URL has a juicy bit of PII sat in it.
The quickest solution is to simply exclude the user/password page from the GA tracking. If you are using the Google Analytics module then this is simply a case of adding the page to the list of ignored URLs.
We often use GTM to add in the GA code, in which instance we just exclude that page from the trigger for adding the GA tracking code.