I am setting up Google Analytics for a web application. In addition to the standard client-side implementation, I want to track some events from the server, using the measurement protocol.
This should enable me to track a count of events by both users that have accepted cookies on the app and those that haven't.
To be clear, I want the server side event data to be anonymous, do not want to link it to user data collected from the client application, and am not trying to circumvent GDPR. All I want is a basic count of a given event for all users of the app.
As part of the measurement protocol I need to set a client ID but my understanding is that this is PII and would breach GDPR for users that have not accepted cookies.
Can I use an Express session ID as the client ID in a post to Google Analytics?
An Express session ID is a 32 character string of letters and numbers, which I understand is different from the format of the client IDs generated by Google.
Is this a problem, or are there any potential issues with this approach? And should I hash the session ID if I'm going to use it for this purpose?