Sensitive data categories and analytics
The GDPR designates 'special categories' of personal data — racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetic and biometric data, health, sex life, and sexual orientation — that warrant heightened protection and generally require an explicit lawful condition. Analytics can accidentally collect or infer such data via URLs, search terms, or profiling, which is a serious risk to avoid. This is educational, not legal advice.
What this means
Article 9 of the GDPR prohibits processing special categories of personal data unless a specific condition applies — such as explicit consent or another narrow legal ground. The categories include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data used for identification, and data concerning health, sex life, or sexual orientation. Other regimes have analogous 'sensitive data' definitions.
How analytics stumbles into it
Analytics rarely sets out to collect sensitive data, yet it can leak in: a page path like /conditions/diabetes, a site-search query, a campaign parameter, or a profiling segment can reveal or imply a special category. Once you process such data, the heightened Article 9 rules apply. The practical defence is avoidance — strip or hash sensitive URL paths, exclude sensitive query terms, and do not build segments that infer protected traits. Treat 'don't collect it' as the default, not an afterthought.
- Article 9 categories need a specific lawful condition
- URLs, queries, and segments can leak sensitive data
- Avoidance beats justification for analytics
How it appears in analytics and logs
If page URLs, search queries, or segments reveal health, religion, or similar traits, your analytics may be processing special-category data with heightened duties.
Diagnostic use case
Audit analytics for accidental capture or inference of special-category data via page paths, queries, or segments, and exclude it rather than process it.
What WebmasterID can help detect
WebmasterID's minimised, aggregate-leaning model and avoidance of profiling reduce the chance of incidentally collecting or inferring special-category data.
Common mistakes
- Logging full URLs that reveal health or belief categories.
- Capturing site-search terms that imply sensitive traits.
- Building profiling segments that infer protected characteristics.
Privacy and accuracy notes
This page is educational, not legal advice. The safest posture is to avoid collecting or inferring sensitive data in analytics rather than to justify it.
Related pages
- Data minimisation in analytics
Data minimisation is the principle that personal data should be adequate, relevant, and limited to what is necessary for the purpose. In analytics it translates to: do not collect identifiers you will not use, prefer aggregates over per-person rows, and avoid storing precise values like full IPs. Minimising at collection beats trying to protect data you never needed. This is educational, not legal advice.
- Purpose limitation in analytics
Purpose limitation is a GDPR principle (Article 5(1)(b)): personal data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes. For analytics it limits scope creep — data gathered to measure site usage should not be quietly repurposed for, say, targeting or sale without a fresh look at lawfulness. This is an educational overview, not legal advice.
- Children's privacy and COPPA
The Children's Online Privacy Protection Act (COPPA) and the FTC's COPPA Rule regulate the online collection of personal information from children under 13 in the US. They require verifiable parental consent and restrict tracking on child-directed services. This page explains how COPPA shapes analytics choices for sites and apps aimed at children.
- Privacy-first analytics
Minimised, non-profiling measurement avoids sensitive data.
Sources and verification notes
- EUR-Lex — GDPR Article 9 (special categories of data)Primary text on special-category data. Educational, not legal advice.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.