Encrypt users’ personally identifiable information using Google Tag Manager

Google+Tweet about this on TwitterShare on FacebookShare on LinkedIn

In this post I’ll show how to encrypt personally identifiable information using Google Tag Manager before sending it elsewhere (say, Google Bigquery or Google Sheets). Fairly speaking, you can encrypt any data you like using the solution described. But since web/app analysts often deal with users’ personal information, I’d prefer using PII for demonstration purposes.

Talking about PII. Please remember that you are not allowed to send pure PII to Google Analytics under any circumstances. Remember, notwithstanding any of the foregoing, you may not send Google Analytics encrypted Protected Health Information (as defined under HIPAA), even if it is encrypted, hashed or salted.

However, official recommendations say you actually can send other encrypted data based on PII. Plus, the rule saying you can’t send PII to GA does not mean you can’t actually handle it elsewhere.

encrypt personally identifiable information using Google Tag Manager - drake

Why do it?

Oftentimes, PII like mobile phone number can serve as an ultimate userId. Say, a user fills out an application on you site. The app’s information goes to CRM where your backoffice colleagues handle it. After a while the application receives a certain status (“approved” or “wrong-phone” or “cancelled”).

You grab that information and match it with GA source/medium data using a phone number. Thus you get insights on how many applications from source “A” have been approved and/or how much money you earn from this particular marketing channel.

Now, let’s see how we can encrypt personally identifiable information using Google Tag Manager. All we need is a proper cipher and a small custom JS variable.


In this guide we’re going to use a JS library of crypto standards called CryptoJS. Here are sources on GitHub and Google Code. As a matter of fact, here we’re going to use an Advanced Encryption Standard for data encryption. But you can use any encryption algorithm you like (say, SHA according to GA requirements).

I’m not going to particularize here library’s logic and/or its operation peculiarities, you can get all the details you’re interested in using source links above. Though the project is no longer officially supported, it works perfectly.

Step 1

Add AES.js to those pages on your site where you already collect PII. To do this, create a custom HTML tag and paste a minified code from here into it.

Create a trigger allowing you to fire the above tag on every page with users’ PII you want to collect & encrypt. Perhaps, it’s a good idea to load the script after the page have been fully loaded (page load trigger).

Step 2

Say, you have user’s PII pushed to dataLayer once he/she submits an application form. The object pushed onto DL may look something like this:

What we need here is to encrypt the value of applicantPhone property. We’ll use a custom JS variable for this:

You can name the variable something like encryptedApplicantPhone. This function will return a string like this U2FsdGVkX1+WdnsFmjCQpuwZB6TpOr2oegCbCaGRuNw=

To decrypt the value afterwards simply use the decrypt method. Here’s a full example:

See? It’s quite easy.

Step 3

Now you can send encrypted PII elsewhere. I personally send it to Google Bigquery. Here’s an example:

So the result looks like this:

encrypt personally identifiable information using Google Tag Manager - result

Here you can see source/medium information for a certain application enriched with user’s encrypted phone. Afterwards I use this to find these applications in CRM.

DISCLAIMER: Though in the official GA documentation I couldn’t find a single line prohibiting to send AES-encrypted PII to Google Analytics, I strongly recommend NOT TO SEND ANY PII TO GA using the described method.

There are plenty of analytics services allowing PII. Use them, not Google Analytics. However, if you still want to send it to GA, you can use More Settings -> Fields to set option like this:

encrypt personally identifiable information using Google Tag Manager - fields


Please mind the following while using this guide:

  1. Test, test and test once again before pushing any changes live. If you blunder, the encrypted data could never be decrypted or even worse – you can blow your users’ PII.
  2. Since the described encryption process runs client-side, NEVER EVER (!!!) use this to encrypt credit card numbers, passwords, CVV2 etc
  3. Since the AES.js script is quite heavy and is loaded through GTM, don’t load it on all pages on your site. Run it only on those pages where you collect PII.

As always, the comment section below is at your service in case you have any questions concerning how to encrypt personally identifiable information using Google Tag Manager.

Google+Tweet about this on TwitterShare on FacebookShare on LinkedIn
  • Marco Porracin Dieguez

    Great post! I ll consider using it with the GTM to BigQuery Solution plus i can let the app encrypt the information and avoid slowing down navigation on the site.

    • Dmitri Ilin

      Hey Marco,

      thanks. This is the exact way I’m using it, too. Let me know if you need any help in writing a function for encrypting PII before sending it to GBQ

      • Marco Porracin Dieguez

        I would like to know what IDE do u use for writing GTM to GBQ? I think sublime its starting to fall short.

        • Dmitri Ilin

          Yes, Sublime is my everyday tool. Besides that I’d recommend leveraging Visual Studio Code. It’s more flexible and has some awesome features.