To comply with most privacy laws, including the GDPR, Google does not allow users to collect personally identifiable information (PII) in GA4. Collecting PII through GA4 is considered a violation of Google’s Terms of Service, and Google has the right to delete all of a user’s data if PII is found.
GDPR Article 4 defines personal data: “Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Personal data also includes:
Ethnic origin and identities