My response:

I think you may have a point there… Am I the only one whose eyes start watering reading this stuff?

Here’s a larger excerpt: “nor will You (or will You allow any third party to) associate any data gathered from Your website(s) (or such third parties’ website(s)) with any personally identifying information from any source as part of Your use (or such third parties’ use) of the Service.”

I’m having trouble believing that this would actually restrict anybody from doing exactly what they could otherwise do with log file or application server data, so long as no PII ends up in a third party’s hands. In fact, although I am also not a lawyer, I have a hard time believing that this would be enforceable.

People who log in as members are no longer anonymous to the site they are visiting, so any assurance of anonymity, as the GA TOS seeks, is baloney at that point. All the site operator can assure is that Google and third parties aren’t getting any PII.

I like it when lawyers include a description of the intent of statements like this one. That would go a long way toward clarifying the issue.

I am assuming that Google’s intent is to prevent PII from ending up in Google’s hands. You are suggesting that Google is going much further and asserting a right to tell me what I can do with data that originated on my site. The fact that it passed through Google’s servers doesn’t give them the right to create such restrictions, in my opinion.

In other words, I believe that they can restrict the kind of data I send them to avoid violating my visitors’ privacy, but I have a hard time with the idea that they can restrict how I use data that came from me (and my visitors) in the first place.