GDPR - Deleting analytics data for end users in mobile app

[Pablo Ivars]

Hi, in order to comply with the GDPR when using analytics in an app, and reading the Firebase guidance (https://support.google.com/firebase/answer/9019185): is it enough to call ResetAnalyticsData() or do I have to request the deletion of the user data as well?

I've been looking for information about the deletion API for Firebase Analytics but it is unclear, when I make the POST request it will always return 401. I've been looking at the authentication scope (https://developers.google.com/analytics/devguides/config/userdeletion/v3/authorization) but it seems to me that it targets a different type of user data, not the plain analytics reports.

Any ideas? Working with Unity.

Thanks

[Kato Richardson]

Hi Pablo,

We can't advise you on how to comply. You should seek legal advice for that portion.

Calling resetAnalyticsData will remove all analytics data for the given app and change the app's ID. So you're essentially deleting all analytics data you've stored; maybe not the best scenario if a single user wants their data deleted.

The user deletion API, combined with setAnalyticsCollectionEnabled are sufficient to completely remove a user's data from Analytics and ensure it isn't collected in the future.

You are also correct that Auth credentials don't have any relationship to Analytics users.

☼, Kato

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/e7bfec04-0136-45d7-b6a7-0d264770ab2e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Kato Richardson |

Developer Programs Eng |

kato...@google.com |

775-235-8398

[Pablo Ivars]

Thanks for that.

I'm not convinced you're correct about how resetAnalyticsData works, I think it's clear that it does not remove ALL analytics data in general, only from the user that calls the function: "so that users can delete Analytics data collected for the app from a specific device, and reset the app-instance ID in the process".

Also the SDK states: "Clears all analytics data for this app from the device and resets the app instance id.", referring to the app instance id, which is the instance in the device. (https://firebase.google.com/docs/reference/unity/class/firebase/analytics/firebase-analytics)

Would you know whether resetAnalyticsData deletes all personal data from Google's servers? ie: IP addresses, personal information, etc. 

[Kato Richardson]

Sorry, I clearly didn't proofread that confusing mess before sending : ( 

Calling resetAnalyticsData removes only data local to the device; it doesn't clear any data off of the server. It then changes the device id so info collected moving forward will be stored using a different device id. 

Hopefully that's less obfuscated and explains why I don't think this is very useful to ensure user data is removed.

Note also that if you have designated user ids with setUserId(), that data might be linked to multiple devices. So the user deletion API would be needed to ensure all user data is taken care of in this case, even if you find a way to delete device-specific data.

☼, Kato

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/bf2c197b-0035-4d99-a299-4ef7addac6be%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Pablo Ivars]

OK, then assuming that there is no personal data stored, resetAnalyticsData has been called and the instance id has been reset:

- Can the data left behind in Google's servers be associated with an user at all (ie: by google account or IP address) or is it completely anonymous?

Thanks

[Kato Richardson]

Yes, the data is anonymized. Data collected is detailed here.

☼, Kato

To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/35c64e55-2124-4674-8200-07000e39dd72%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.