Ethical analytics is mostly a matter of asking yourself what you would be comfortable saying to the user whose data you are about to collect. Here are the things we keep coming back to.

1. Treat your tagging URL like product infrastructure. It is not a marketing toy. Put it on the same uptime monitoring as your checkout.
2. Use a custom domain from day one. Switching later is annoying and almost always loses some history.
3. Hash PII before it leaves your server. SHA-256 the email, normalise it first, and never log the plaintext.
4. Keep a written event taxonomy. It does not need to be elegant. It does need to exist somewhere people can find it.
5. Version your container changes. GTM gives you versions for free. Use them. Future-you will be grateful.
6. Test in preview mode for everything. Including the things you are sure work. Especially those.
7. Reconcile with backend data weekly. A small drift is normal. A growing drift is a fire.
8. Default to less, not more. Adding fields later is easy. Removing them after a leak is not.

None of these are revolutionary. They are the boring habits that separate teams who trust their data from teams who argue about it. Ethical analytics is mostly habit, not heroics.