aaronhans
commented
4 years ago This was reported by our advisor James Steward from Public Digital who recommended we make sure all the tracking we are doing is CCPA compliant and theorizes that this was probably triggered when we enabled the demographics tracking feature. This allows us to see the gender, age groupings of visitors and while it does not give us PII it authorizes google to be more invasive in its tracking in order to provide this data to us
The https://themarkup.org/blacklight?url=covid19.ca.gov tool flags the covid site with one privacy violation related to google analytics remarketing audiences.
After reading the tool's description of the violation I am not sure what setting we have enabled or could disable to fix this or how that would affect the data we have on people.
We intentionally avoid collecting PII unintentionally Google Analytics does not provide us with any PII, IP addresses are hidden, etc.
I reviewed the alpha.ca.gov site as a comparison and it also fails this check. There are no inbound marketing campaigns on alpha so none of the marketing firms enabled any settings for extra ad tracking there.
We should research this further in case there are more steps we should take to be privacy conscious.