Recherche avancée

Sur d’autres sites (10222)

• Switch to Matomo for WordPress from Google Analytics

  10 mars 2020, par Joselyn Khor — Plugins, Privacy
  While Google Analytics may seem like a great plugin option on the WordPress directory, we’d like to present a new ethical alternative called Matomo for WordPress, which gives you 100% data ownership and privacy protection.

  Firstly what does Google Analytics offer in WordPress ?

  When you think of getting insights about visitors on your WordPress (WP) sites, the first thing that comes to mind might be Google Analytics. Why not right ? Especially when there are good free Google Analytics plugins, like Monster Insights and Site Kit. 

  These give you access to a great analytics platform, but the downside with Google Analytics is the lack of transparency around privacy and data ownership.

  

  Matomo Analytics for WordPress is an ethical alternative to Google Analytics for WordPress

  If you’re more interested in a privacy-respecting, GDPR compliant alternative, there’s now a new option on the WP plugins directory : Matomo Analytics – Ethical Stats. Powerful Insights. 

  It’s free and can be considered the #1 ethical alternative to Google Analytics in terms of features and capabilities. Why is it important to choose a web analytics platform that respects privacy ?

  

  Risk facing fines for non-GDPR compliance and privacy/data breaches

  In Europe there’s an overarching privacy law called GDPR which provides better privacy protection for EU citizens on the web. 

  Websites need to be GDPR compliant and follow rules governing how personal data is used or risk facing fines up to 4% of their yearly revenue for data/privacy breaches or non-compliance. Even if your website is based outside of Europe. If you have visitors from Europe, you can still be liable.

  

  In the US, there isn’t one main privacy law, there hundreds on both the federal and state levels to protect the personal data (or personally identifiable information) of US residents – like the California Consumer Privacy Act (CCPA). There are also industry-specific statutes related to data privacy like HIPAA.

  To protect your website from coming under fire for privacy breaches, best practise is to find platforms that are privacy and GDPR compliant by design. 

  When you own your own data – as with the case of Matomo – you have control over where data is stored, what you’re doing with it, and can better protect the privacy of your visitors.

  At this point you may be asking, “what’s the point of an analytics platform if you have to follow all these rules ?”

  The importance of analytics for your WordPress site

  • Figuring out how your audience behaves to increase conversions
  • Setting, tracking and measuring conversion goals
  • Being able to find insights to improve and optimize your site 
  • Making smarter, data-driven decisions so your company can thrive, rather than risk being left behind

  Analytics is used to answer questions like :

  • Where are your website visitors coming from (location) ?
  • How many people visit your website ?
  • Which are the most popular pages on your site ?
  • What sources of traffic are coming to your site (social, marketing campaigns, search) ?
  • Is your marketing campaign performing better this month compared to last ?

  Matomo can answer all of the above questions. BONUS : On top of that, with Matomo you get the peace of mind knowing you’re the only one who has access to those answers.

  

  Matomo Analytics vs Google Analytics on WordPress

  The top 5 most useful features in Matomo Analytics that’s comparable to GA

  1. Campaign measurement – traffic. Matomo also has a URL builder that lets you track which campaigns are working effectively
  2. Tracking goals. Matomo empowers you to set goals you can track. Being able to see this means you can accurately measure your return on investment (ROI) 
  3. Audience reports to learn about visitors. Matomo’s powerful visitors feature lets you learn who is visiting your site, what their journey is and the steps they take to conversion.
  4. In depth view of behaviour with Funnels in Matomo. This tracks the journey of your visitors from the moment they enter your site, to when they leave. Giving you insight into where and why you lose your visitors.
  5. Custom reports. Where you create your unique reports to fit your business goals.

  Other benefits of using Matomo :

  • No data sampling which means you get 100% accurate reporting
  • 100% data ownership
  • Free Tag Manager
  • Search engine keyword rankings
  • Unlimited websites
  • Unlimited team members
  • GDPR manager
  • API access
  • Hosted on your own servers so you have full control over where your data is stored

  Learn more about the differences in this comprehensive table.

  

  Matomo Analytics for WordPress is free !

  Matomo Analytics is the best free Google Analytics alternative on the WordPress Directory. In addition to having comparable features where you can do pretty much do everything you wanted to do in GA. Matomo Analytics for WordPress makes for an ethical choice because you can respect your visitor’s privacy, can become GDPR compliant, and maintain control over your own data.

  Google Analytics leads the market for good reasons. It’s a great free tool for those who want analytics, but there’s no clarity when it comes to grey areas like privacy and data ownership. If these are major concerns for you, Matomo offers complete peace of mind that you’re doing the best you can to stay ethical while growing your business and website.

  It’s just as easy to install in a few click !

  Install and see for yourself !

• Google Analytics Now Illegal in Austria ; Other EU Member States Expected to Follow

  18 janvier 2022, par Erin — Privacy

  Breaking news : The Austrian Data Protection Authority (“Datenschutzbehörde” or “DSB” or “DPA”) has ruled that Austrian website providers using Google Analytics are in violation of the GDPR. 

  This ruling stems from a decision made in 2020 by the Court of Justice of the European Union (CJEU) that stated that cloud services hosted in the US are incapable of complying with the GDPR and EU privacy laws. The decision was made because of the US surveillance laws requiring US providers (like Google or Facebook) to provide personal data to US authorities. 

  The 2020 ruling, known as “Schrems II”, marked the ending of the Privacy Shield, a framework that allowed for EU data to be transferred to US companies that became certified. 

  The tech industry was sent into a frenzy following this decision, but many US and EU companies decided to ignore the case. The choice to ignore is what landed one Austrian business in the DPA’s line of fire, damaging the brand’s reputation and possibly resulting in a hefty fine of up to €20 million or 4% of the organisation’s global turnover. 

  About the Austrian DPA’s Model Case 

  In this specific case, noyb (the European Center for Digital Rights) found that IP addresses (which are classified as personal data by the GDPR) and other identifiers were sent to the US in cookie data as a result of the organisation using Google Analytics. 

  This model case led to the DPA’s decision to rule that Austrian website providers using Google Analytics are in violation of GDPR. It is believed that other EU Member States will soon follow in this decision as well.

  "We expect similar decisions to now drop gradually in most EU member states. We have filed 101 complaints in almost all Member States and the authorities coordinated the response. A similar decision was also issued by the European Data Protection Supervisor last week."

  What does this mean if you are using Google Analytics ?

  If there is one thing to learn from this case, it is that ignoring these court rulings and continuing to use Google Analytics is not a viable option. 

  If you are operating a website in Austria, or your website services Austrian citizens, you should remove Google Analytics from your website immediately. 

  For businesses in other EU Member States, it is also highly recommended that you take action before noyb and local data protection authorities start targeting more businesses. 

  "Instead of actually adapting services to be GDPR compliant, US companies have tried to simply add some text to their privacy policies and ignore the Court of Justice. Many EU companies have followed the lead instead of switching to legal options."

  Removing Google Analytics from your site doesn’t mean that you need to give up website analytics altogether though. There are a variety of Google Analytics alternatives available today. Matomo in particular is a powerful open-source web analytics platform that gives you 100% data ownership and GDPR compliance. 

  

  Matomo is one of the best Google Analytics alternatives offering privacy by design on our Cloud, On-Premise and Matomo for WordPress. So you can get the insights you need while remaining compliant. As the GDPR continues to evolve, you can rest assured that Matomo will be at the forefront of these changes. 

  In addition, all Google Analytics data can be imported into Matomo so no historical data is lost. To make your migration as seamless as possible, we’ve put together a guide to migrating from Google Analytics to Matomo. 

  Ready to begin your journey to GDPR compliance ? Check out our live demo and start your 21-day free trial now – no credit card required.

  If you are interested in learning more about GDPR compliance and Matomo, check out our GDPR resources below :    

  • GDPR Manager user guide
  • How to fill in the information asset registration when using Matomo
  • How to make Matomo GDPR compliant in 12 easy steps
  • How to not process any personal data with Matomo and what it means for you
  • PII, personal data and GDPR. Discover what this means for your privacy
  • How should I write my privacy notice for Matomo Analytics under GDPR
  • Lawful basis for processing personal data under GDPR with Matomo
  • How to complete your privacy policy with Matomo Analytics under GDPR
  • GDPR compliance for Premium Features
  • How to get your Matomo plugin ready for GDPR
  • Subprocessors on Matomo Cloud (subprocessors not applicable to On-Premise)
  • Privacy in Matomo

  What does this mean if you are using Matomo ? 

  Our users can rest assured that Matomo remains in compliance with GDPR as all data is stored in the EU (Matomo Cloud) or in any country of your choice (Matomo On-Premise). With Matomo you’re able to continue analysing your website and not worry about GDPR.

  Final thoughts

  For EU businesses operating websites, now is the time to act. While Google pushes out false narratives to try and convince users that it is safe to continue using Google Analytics, it’s clear from these court rulings that the data protection authorities across the EU disagree with Google’s narrative.

  The fines, reputational damage and stresses mounting from using Google Analytics are imminent. Find an alternative to Google Analytics as this problem is not going away. 

  Getting started with Matomo is easy. Make the switch today and start your free 21-day trial – no credit card required. 

• Google Analytics 4 and GDPR : Everything You Need to Know

  17 mai 2022, par Erin

  Four years have passed since the European General Data Protection Regulation (GDPR, also known as DSGVO in German, and RGPD in French) took effect.

  That’s ample time to get compliant, especially for an organisation as big and innovative as Google. Or is it ? 

  If you are wondering how GDPR affects Google Analytics 4 and what the compliance status is at present, here’s the lowdown. 

  Is Google Analytics 4 GDPR Compliant ?

  No. As of mid-2022, Google Analytics 4 (GA4) isn’t fully GDPR compliant. Despite adding extra privacy-focused features, GA4 still has murky status with the European regulators. After the invalidation of the Privacy Shield framework in 2020, Google is yet to regulate EU-US data protection. At present, the company doesn’t sufficiently protect EU citizens’ and residents’ data against US surveillance laws. This is a direct breach of GDPR.

  Google Analytics and GDPR : a Complex Relationship 

  European regulators have scrutinised Google since GDPR came into effect in 2018.

  While the company took steps to prepare for GDPR provisions, it didn’t fully comply with important regulations around user data storage, transfer and security.

  The relationship between Google and EU regulators got more heated after the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield — a leeway Google used for EU-US data transfers. After 2020, GDPR litigation against Google followed. 

  This post summarises the main milestones in this story and explains the consequences for Google Analytics users. 

  

  2018 : Google Analytics Meets GDPR 

  In 2018, the EU adopted the General Data Protection Regulation (GDPR) — a set of privacy and data security laws, covering all member states. Every business interacting with EU citizens and/or residents had to comply.

  GDPR harmonised data protection laws across member states and put down extra provisions for what constitutes sensitive personal information (or PII). Broadly, PII includes any data about the person’s :

  • Racial or ethnic origin 
  • Employment status 
  • Religious or political beliefs
  • State of health 
  • Genetic or biometric data 
  • Financial records (such as payment method data)
  • Address and phone numbers 

  Businesses were barred from collecting this information without explicit consent (and even with it in some cases). If collected, such sensitive information is also subject to strict requirements on how it should be stored, secured, transferred and used. 

  7 Main GDPR Principles Explained 

  Article 5 of the GDPR lays out seven main GDPR principles for personal data and privacy protection : 

  • Lawfulness, fairness and transparency — data must be obtained legally, collected with consent and in adherence to laws. 
  • Purpose limitation — all personal information must be collected for specified, explicit and legal purposes. 
  • Data minimisation — companies must collect only necessary and adequate data, aligned with the stated purpose. 
  • Accuracy — data accuracy must be ensured at all times. Companies must have mechanisms to erase or correct inaccurate data without delays. 
  • Storage limitation — data must be stored only for as long as the stated purpose suggests. Though there’s no upper time limit on data storage. 
  • Integrity and confidentiality (security) — companies must take measures to ensure secure data storage and prevent unlawful or unauthorised access to it. 
  • Accountability — companies must be able to demonstrate adherence to the above principles. 

  Google claimed to have taken steps to make all of their products GDPR compliant ahead of the deadline. But in practice, this wasn’t always the case.

  In March 2018, a group of publishers admonished Google for not providing them with enough tools for GDPR compliance :

  “[Y]ou refuse to provide publishers with any specific information about how you will collect, share and use the data. Placing the full burden of obtaining new consent on the publisher is untenable without providing the publisher with the specific information needed to provide sufficient transparency or to obtain the requisite specific, granular and informed consent under the GDPR.”

  The proposed Google Analytics GDPR consent form was hard to implement and lacked customisation options. In fact, Google “makes unilateral decisions” on how the collected data is stored and used. 

  Users had no way to learn about or control all intended uses of people’s data — which made compliance with the second clause impossible. 

  Unsurprisingly, Google was among the first companies to face a GDPR lawsuit (together with Facebook). 

  By 2019, French data regulator CNIL, successfully argued that Google wasn’t sufficiently disclosing its data collection across products — and hence in breach of GDPR. After a failed appeal, Google had to pay a €50 million fine and promise to do better. 

  2019 : Google Analytics 4 Announcement 

  Throughout 2019, Google rightfully attempted to resolve some of its GDPR shortcomings across all products, Google Universal Analytics (UA) included. 

  They added a more visible consent mechanism for online tracking and provided extra compliance tips for users to follow. In the background, Google also made tech changes to its data processing mechanism to get on the good side of regulations.

  Though Google addressed some of the issues, they missed others. A 2019 independent investigation found that Google real-time-bidding (RTB) ad auctions still used EU citizens’ and residents’ data without consent, thanks to a loophole called “Push Pages”. But they managed to quickly patch this up before the allegations had made it to court. 

  In November 2019, Google released a beta version of the new product version — Google Analytics 4, due to replace Universal Analytics. 

  GA4 came with a set of new privacy-focused features for ticking GDPR boxes such as :

  • Data deletion mechanism. Users can now request to surgically extract certain data from the Analytics servers via a new interface. 
  • Shorter data retention period. You can now shorten the default retention period to 2 months by default (instead of 14 months) or add a custom limit.  
  • IP Anonymisation. GA4 doesn’t log or store IP addresses by default. 

  Google Analytics also updated its data processing terms and made changes to its privacy policy. 

  Though Google made some progress, Google Analytics 4 still has many limitations — and isn’t GDPR compliant. 

  2020 : Privacy Shield Invalidation Ruling 

  As part of the 2018 GDPR preparations, Google named its Irish entity (Google Ireland Limited) as the “data controller” legally responsible for EEA and Swiss users’ information. 

  The company announcement says : 

  

  Initially, Google assumed that this legal change would help them ensure GDPR compliance as “legally speaking” a European entity was set in charge of European data. 

  Practically, however, EEA consumers’ data was still primarily transferred and processed in the US — where most Google data centres are located. Until 2020, such cross-border data transfers were considered legal thanks to the Privacy Shield framework. 

  But in July 2020, The EU Court of Justice ruled that this framework doesn’t provide adequate data protection to digitally transmitted data against US surveillance laws. Hence, companies like Google can no longer use it. The Swiss Federal Data Protection and Information Commissioner (FDPIC) reached the same conclusion in September 2020. 

  The invalidation of the Privacy Shield framework put Google in a tough position.

   Article 14. f of the GDPR explicitly states : 

  “The controller (the company) that intends to carry out a transfer of personal data to a recipient (Analytics solution) in a third country or an international organisation must provide its users with information on the place of processing and storage of its data”.

  Invalidation of the Privacy Shield framework prohibited Google from moving data to the US. At the same time, GDPR provisions mandated that they must disclose proper data location. 

  But Google Analytics (like many other products) had no a mechanism for : 

  • Guaranteeing intra-EU data storage 
  • Selecting a designated regional storage location 
  • Informing users about data storage location or data transfers outside of the EU 

  And these factors made Google Analytics in direct breach of GDPR — a territory, where they remain as of 2022.

  2020-2022 : Google GDPR Breaches and Fines 

  The 2020 ruling opened Google to GDPR lawsuits from country-specific data regulators.

  Google Analytics in particular was under a heavy cease-fire. 

  • Sweden first fined Google for violating GDPR for no not fulfilling its obligations to request data delisting in 2020. 
  • France rejected Google Analytics 4 IP address anonymisation function as a sufficient measure for protecting cross-border data transfers. Even with it, US intelligence services can still access user IPs and other PII. France declared Google Analytics illegal and pressed a €150 million fine. 
  • Austria also found Google Analytics GDPR non-compliant and proclaimed the service as “illegal”. The authority now seeks a fine too. 

  The Dutch Data Protection Authority and  Norwegian Data Protection Authority also found Google Analytics guilty of a GDPR breach and seek to limit Google Analytics usage. 

  New privacy controls in Google Analytics 4 do not resolve the underlying issue — unregulated, non-consensual EU-US data transfer. 

  Google Analytics GDPR non-compliance effectively opens any website tracking or analysing European visitors to legal persecution.

  In fact, this is already happening. noyb, a European privacy-focused NGO, has already filed over 100 lawsuits against European websites using Google Analytics.

  2022 : Privacy Shield 2.0. Negotiations

  Google isn’t the only US company affected by the Privacy Shield framework invalidation. The ruling puts thousands of digital companies at risk of non-compliance.

  To settle the matter, US and EU authorities started “peace talks” in spring 2022.

  European Commission President Ursula von der Leyen said that they are working with the Biden administration on the new agreement that will “enable predictable and trustworthy data flows between the EU and US, safeguarding the privacy and civil liberties.” 

  However, it’s just the beginning of a lengthy negotiation process. The matter is far from being settled and contentious issues remain as we discussed on Twitter (come say hi !).

  

  For one, the US isn’t eager to modify its surveillance laws and is mostly willing to make them “proportional” to those in place in the EU. These modifications may still not satisfy CJEU — which has the power to block the agreement vetting or invalidate it once again. 

  While these matters are getting hashed out, Google Analytics users, collecting data about EU citizens and/or residents, remain on slippery grounds. As long as they use GA4, they can be subject to GDPR-related lawsuits. 

  To Sum It Up 

  • Google Analytics 4 and Google Universal Analytics are not GDPR compliant because of Privacy Shield invalidation in 2020. 
  • French and Austrian data watchdogs named Google Analytics operations “illegal”. Swedish, Dutch and Norwegian authorities also claim it’s in breach of GDPR. 
  • Any website using GA for collecting data about European citizens and/or residents can be taken to court for GDPR violations (which is already happening). 
  • Privacy Shield 2.0 Framework discussions to regulate EU-US data transfers have only begun and may take years. Even if accepted, the new framework(s) may once again be invalidated by local data regulators as has already happened in the past. 

  Time to Get a GDPR Compliant Google Analytics Alternative 

  Retaining 100% data ownership is the optimal path to GDPR compliance.

  By selecting a transparent web analytics solution that offers 100% data ownership, you can rest assured that no “behind the scenes” data collection, processing or transfers take place. 

  Unlike Google Analytics 4, Matomo offers all of the features you need to be GDPR compliant : 

  • Full data anonymisation 
  • Single-purpose data usage 
  • Easy consent and an opt-out mechanism 
  • First-party cookies usage by default 
  • Simple access to collect data 
  • Fast data removals 
  • EU-based data storage for Matomo Cloud (or storage in the country of your choice with Matomo On-Premise)

  Learn about your audiences in a privacy-centred way and protect your business against unnecessary legal exposure. 

  Start your 21-day free trial (no credit card required) to see how fully GDPR-compliant website analytics works ! 

  21 day free trial. No credit card required.

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I hereby accept the terms and conditions and the data processing agreeement (DPA).

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  

  » Start improving your websites now