Skip to content
MIGHTYminnow Logo
  • Our Work
  • Our Services
  • Our Story
  • Our Work
  • Our Services
  • Our Story
Contact Us

Should You Use Google Analytics?

  • Tech Tip
  • By kristin

A Privacy-First Guide for WordPress (and Squarespace) Sites

Disclaimer: This post provides general information about privacy considerations and website analytics options. It is not legal advice, and we are not attorneys. Privacy laws are complex and evolving, and their application depends on your specific circumstances. For legal guidance on compliance with CIPA, CCPA/CPRA, GDPR, or other privacy regulations, please consult with a qualified attorney. The recommendations here reflect our experience as web developers working with privacy-conscious clients, not legal counsel.

When you’re building or managing a website, adding analytics often feels like a default step. “Of course we’ll use Google Analytics – everyone does.” But in a world of increasing privacy regulation, heightened user awareness, and legitimate ethical concerns about data collection, that assumption is worth revisiting.

This post is about deciding whether you actually want to use Google Analytics, what the tradeoffs are, and what your options look like on both WordPress and Squarespace if privacy is a priority.

There’s no single right answer – but there is a right decision for your site, your audience, and your values.

The Privacy Landscape Has Changed and Will Continue to Change

In addition to GDPR and CCPA/CPRA, website owners now need to be aware of the California Invasion of Privacy Act (CIPA). Originally enacted in 1967 to prevent wiretapping, CIPA is increasingly being applied to website tracking technologies.

Unlike CCPA—which has revenue and data thresholds that exempt most small organizations—CIPA applies to any website accessible to California residents that uses tracking tools without proper consent. Recent lawsuits have specifically targeted Google Analytics and similar third-party tracking tools, with statutory damages of $5,000 per violation.

This doesn’t mean you can’t use analytics. It means the compliance requirements have become clearer, and the decision about which analytics tools to use has become more consequential.

Why Analytics Are No Longer a Neutral Choice

Analytics tools answer important questions:

  • Are people finding your site?
  • What pages are most useful?
  • Where are users getting stuck?

But many analytics platforms – Google Analytics included – do this by collecting behavioral data about visitors and sending it to third-party servers. That has implications under laws like GDPR, CPRA/CCPA, and CIPA, and it raises broader questions about user trust and transparency.

As we’ve written about before in our post on solutions for privacy compliance, privacy compliance isn’t just about checking legal boxes – it’s about being intentional about the tools you choose and the data you collect.

Google Analytics: Powerful, but with Privacy Tradeoffs

Google Analytics is extremely powerful. It offers:

  • Detailed traffic and behavior reports
  • Integration with Google Ads and Search Console
  • Advanced event tracking and attribution

But it also:

  • Relies on third-party scripts
  • Sends data to Google’s servers
  • Typically uses cookies or other identifiers
  • Requires opt-in consent management under CIPA (and GDPR)
  • Is specifically named in recent privacy lawsuits

Even when IP anonymization or Google Consent Mode is enabled, you’re still asking users to trust Google with their data. For some organizations, that’s acceptable. For others, it can be a real concern.

We used to recommend adding Google Analytics by default, but in the current privacy landscape, more nuanced thinking is required—particularly regarding CIPA compliance.

A Better Question: What Do You Actually Need?

Before choosing an analytics tool, ask:

  • Do we need detailed user-level behavior and attribution?
  • Or do we mostly want high-level insights like page views, referrers, and trends?
  • Are we trying to optimize ad spend – or simply understand how our content is used?
  • How important is minimizing consent friction for our audience?
  • Are we actually using our analytics data to make decisions?

If you don’t need everything Google Analytics offers, you may be taking on unnecessary privacy and compliance overhead.

The removal option: If you’re currently using Google Analytics but rarely or never look at the data, consider removing it entirely. The same applies to other tracking tools you’re not actively using—Meta Pixel without active ad campaigns, chat widgets with no inquiries, etc. Removing unused tracking is the simplest path to CIPA compliance.

WordPress: Privacy-First Analytics Are a Real Option

One advantage of WordPress is flexibility. You’re not limited to Google Analytics – and many WordPress professionals are intentionally choosing alternatives.

Independent Analytics (WordPress-Native)

A privacy-safe option is Independent Analytics.

Why it stands out:

  • Runs entirely inside WordPress
  • No third-party data sharing
  • No cookies by default
  • No personal data collection
  • No consent banner required (satisfies CIPA because there’s no third-party tracking)

You still get useful insights:

  • Page views
  • Referrers
  • Popular content
  • Basic device and location data (non-identifying)

For many sites, this is enough. And because data never leaves your server, privacy compliance becomes dramatically simpler. You get complete data from all visitors, not just those who consent to tracking.

This reflects a broader shift we’re seeing among WordPress professionals: collect less data, but collect it responsibly.

Other Privacy-Focused WordPress Options

Depending on your needs, you might also consider:

  • Plausible Analytics – privacy-first, no cookies, simple dashboards (self-hosted or cloud)
  • Matomo – more powerful, open-source, self-hosted alternative to GA
  • Koko Analytics / Umami – lightweight, open-source options

These tools all reduce reliance on third-party tracking and make privacy disclosures clearer and more honest. Note that cloud-hosted versions may still require consent management, so check how each tool processes data.

Squarespace: Built-In Analytics, Cookie Banners, and Google Analytics

Squarespace handles analytics differently than WordPress, and that difference matters when you are thinking about privacy, consent, and how much data you actually need.

Squarespace’s Built-In Analytics

All Squarespace sites include a native analytics dashboard. This provides first-party insights such as:

  • Page views and traffic trends
  • Referring sources
  • Top content
  • Basic geographic and device information

Because this data is collected as part of the Squarespace platform itself, it does not rely on adding a third-party analytics script like Google Analytics. The reporting is more limited, but for many organizations it answers the most important questions: whether people are visiting the site, what content they use, and how traffic changes over time.

For sites that are not running ads, tracking conversions, or analyzing detailed user behavior, Squarespace Analytics alone may be sufficient.

CIPA consideration: First-party analytics (data that stays within the platform) presents significantly less legal risk than third-party tools like Google Analytics, since there’s no “interception” by external parties.

Squarespace’s Built-In Cookie Banner

Squarespace also includes a native cookie banner that you can enable in site settings. When turned on, it allows you to:

  • Notify visitors about cookie usage
  • Offer Accept, Decline, and Manage options
  • Block non-essential cookies until consent is given

This distinction is important: Squarespace treats Google Analytics as a non-essential cookie.

If the cookie banner is enabled and configured correctly:

  • Google Analytics will not load until a visitor consents
  • Consent signals are passed through using Google Consent Mode
  • Visitors can decline analytics tracking entirely

This improves compliance, but it also means analytics data will be incomplete, since only consenting users are tracked. That is not a flaw. Allowing users to opt out of tracking is the entire point of consent-based analytics.

Using Google Analytics on Squarespace

Squarespace makes it easy to add Google Analytics by pasting a GA Measurement ID into site settings, but ease of setup does not remove responsibility.

If you choose to use Google Analytics on a Squarespace site:

  • You should enable the cookie banner and verify it blocks GA until consent
  • You should clearly disclose Google Analytics usage in your privacy policy
  • You should understand that consent directly affects data quality
  • You may need additional consent tooling (like Termageddon) if you require more robust compliance

Squarespace’s native banner is a solid baseline, but it is intentionally simple. For organizations concerned about CIPA exposure, some are choosing to use only Squarespace’s built-in analytics rather than adding Google Analytics at all.

Choosing Between Google Analytics and Privacy-First Tools

Here’s a framework for thinking it through:

Google Analytics may make sense if:

  • You rely heavily on Google Ads or attribution data
  • You need detailed event tracking and cross-platform analysis
  • You’re prepared to implement proper opt-in consent management
  • Your organization is comfortable with third-party data sharing
  • You’re actually using the data to inform decisions

Privacy-first analytics may be better if:

  • You want to minimize legal and compliance risk
  • You value user trust and transparency
  • You don’t need granular behavioral tracking
  • You want fewer banners, fewer scripts, and less friction
  • You want complete data (no loss from users declining consent)

Our Recommendation

We no longer default to Google Analytics just because it’s common (and free). We believe in choosing tools that align with:

  • Your analytical needs (not aspirational features you won’t use)
  • Your audience and their privacy expectations
  • Your legal risk tolerance
  • Your organizational values

For WordPress Sites:

Privacy-first by default: For most WordPress sites, tools like Independent Analytics provide the insights you need while eliminating third-party tracking concerns entirely. No consent banner required, complete data from all visitors, and dramatically simpler compliance.

If you need Google Analytics: Implement proper consent management (we recommend Termageddon at ~$12/month, use code MINNOW for 10% off). Accept that you’ll have incomplete data from users who decline consent.

For Squarespace Sites:

Consider built-in analytics first: Squarespace’s native analytics answer most questions for most organizations, with minimal privacy risk.

If adding Google Analytics: Enable Squarespace’s cookie banner, test that it properly blocks GA until consent, and be thoughtful about whether the additional features justify the compliance requirements.

For All Sites:

Audit what you’re tracking: If you’re using tools you never look at, remove them. This is the simplest form of compliance—not tracking things you don’t need in the first place.

Understanding CIPA Compliance

Since CIPA is relatively new in the website context, here’s what it requires:

Consent must come before tracking begins. This means cookie consent tools must actually block scripts from loading, not just display a notice. Many free cookie banner plugins don’t do this properly—they show a banner while still loading tracking tools.

First-party vs. third-party matters. Tools like Independent Analytics (WordPress) or Squarespace’s built-in analytics are first-party—data stays on your server/platform. Tools like Google Analytics are third-party—they send data to external servers. CIPA concerns focus primarily on third-party tracking.

You need an up-to-date privacy policy. Clearly disclose what tracking technologies you use, what data they collect, and who receives that data.

For more detailed compliance guidance, see our post on solutions for privacy compliance.

Final Thoughts

The era of “Google Analytics by default” is shifting. The tools and legal landscape have evolved, and there are now genuine alternatives that provide useful insights without the privacy and compliance overhead.

For many organizations, especially those in WordPress, privacy-first analytics are now the smarter choice—not because of fear, but because they offer complete data, require no consent friction, and align with growing expectations around user privacy.

For Squarespace sites, the built-in analytics may already give you what you need.

If you’re unsure which direction makes sense for your project, we’re always happy to help you think it through with both analytical and legal considerations in mind.

Related reading:

  • Solutions for Privacy Compliance
  • Termageddon’s CIPA Guide
PrevPrevious Post
Recent Posts
  • Should You Use Google Analytics?
  • Early Thoughts on Using AI for Web Projects
  • Squarespace vs. WordPress: How to Choose the Right Platform (Without Regret)
  • Is Your Website Hacked? A Guide to Malware Scanning
  • Is Your Website Backed Up? A Guide to Keeping Copies of Your Site
Categories
  • Did you know?
  • MIGHTYminnow News
  • Tech Tip
  • Website Features
  • WP
  • WP Plugins

Get in Touch

We would love to learn about your project, offer you a free quote and share our project planning tips and resources. 

Contact Us

Or call us : 510 629 1440

Facebook-f Twitter Instagram Youtube Yelp
Newsletter Sign Up

Blog | Sitemap | Privacy Policy | Cookie Policy | Terms of Service | Disclaimer
Copyright © 2026 MIGHTYminnow Web Design & Development

Newsletter

Subscribe and stay connected through our Newsletter. We send out important news, tips and special offers.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

MIGHTYminnow