Recherche avancée

Sur d’autres sites (2983)

• The 7 GDPR Principles : A Guide to Compliance

  11 août 2023, par Erin — Analytics Tips, GDPR

  We all knew it was coming. It’s all anyone could talk about — the General Data Protection Regulation (GDPR) took effect on 25 May 2018. 

  You might think five years would have been plenty of time for organisations to achieve compliance, yet many have failed to do so. As of 2022, 81% of French businesses and 95% of American companies were still not compliant.

  If you’re one of these organisations still working on compliance, this blog will provide valuable information about the seven GDPR principles and guide you on your way to compliance. It will also explore how web analytics tools can help organisations improve transparency, ensure data security and achieve GDPR compliance.

  What is GDPR ?

  The European Union (EU) created the General Data Protection Regulation (GDPR) to grant individuals greater control over their data and promote transparency in data processing. 

  Known by many other names across Europe (e.g., RGPD, DSGVO, etc.), the GDPR created a set of rules surrounding the handling of personal data of EU citizens and residents, to make sure organisations aren’t being irresponsible with user names, locations, IP addresses, information gleaned from cookies, and so on. 

  Organisations must assume several responsibilities to achieve GDPR compliance, regardless of their physical location. These obligations include :

  • Respecting user rights
  • Implementing documentation and document retention policies
  • Ensuring data security 

  Why is GDPR compliance important ?

  Data has become a valuable asset for businesses worldwide. The collection and use of data is a feature of almost every sector. However, with increased data usage comes a greater responsibility to protect individuals’ privacy and rights. 

  A YouGov study conducted in 17 key markets found that two in three adults worldwide believe tech corporations across all markets have too much control over their data.

  

  GDPR is the most extensive government framework aiming to tackle the increasing concern over data collection and handling. GDPR safeguards personal data from misuse, unauthorised access and data breaches. It ensures that businesses handle information responsibly and with respect for individual privacy. It also provided a foundation for similar laws to be created in other countries, including China, which is among the least concerned regions (56%), along with Sweden (54%) and Indonesia (56%).

  GDPR has been pivotal in safeguarding personal data and empowering individuals with more control over their information. Compliance with GDPR builds trust between businesses and their customers. Currently, 71% of the countries in the world are covered by data protection and privacy legislation.

  What are the risks of non-compliance ?

  We’ve established the siginficance of GDPR, but what about the implications — what does it mean for your business ? The consequences of non-compliance can be severe and are not worth being lax about. 

  According to Article 83 of the GDPR, you can be penalised up to 4% of your annual global revenue or €20 million, whichever is higher, for violations. For smaller businesses, such substantial fines could be devastating. Non-compliance could even result in legal action from individuals or data protection authorities, leading to further financial losses.

  Potential outcomes are not just legal and financial. GDPR violations can significantly damage your reputation as a company. Non-compliance could also cost you business opportunities if your policies and processes do not comply and, therefore, do not align with potential partners. Customers trust businesses that take data protection seriously over those that do not.

  

  Finally, and perhaps the most timid outcome on the surface, individuals have the right to complain to data protection authorities if they believe you violate their data rights. These complaints can trigger an investigation, and if your business is found to be breaking the rules, you could face all of the consequences mentioned above. 

  You may think it couldn’t happen to you, but GDPR fines have collectively reached over €4 billion and are growing at a notable rate. Fines grew 92% from H1 2021 compared with H1 2022. A record-breaking €1.2 billion fine to Meta in 2023 is the biggest we’ve seen, so far. But smaller businesses can be fined, too. A bank in Hungary was fined €1,560 for not erasing and correcting data when the subject requested it. (Individuals can also be fined in flagrant cases, like a police officer fined €1,400 for using police info for private purposes.)

  

  The 7 GDPR principles and how to comply

  You should now have a good understanding of GDPR, why it’s important and the consequences of not being compliant. 

  Your first step to compliance is to identify the personal data your organisation processes and determine the legal basis for processing each type. You then need to review your data processing activities to ensure they align with the GDPR’s purpose and principles.

  There are seven key principles in Article 5 of the GDPR that govern the lawful processing of personal data :

  Lawfulness, fairness and transparency

  This principle ensures you collect and use data in a legal and transparent way. It must be collected with consent, and you must tell your customers why you need their data. Data processing must be conducted fairly and transparently. 

  How to comply

  • Review your data practices and identify if and why you collect personal data from customers.
    • Learn what personally identifiable information (PII) is.
  • Update your website and forms to include a clear and easy-to-understand explanation of why you need their data and what you’ll use it for.
  • Obtain explicit consent from individuals when processing their sensitive data.
  • Add a cookie consent banner to your website, informing users about the cookies you use and why.
    • Website analytics tools like Google Analytics and Matomo offer the ability to create cookie consent banners and integrate with Consent Management Platforms (CMPs) to manage user consent and privacy settings.
    • Matomo also offers a setting without tracking cookies, in which case you would not need to add the cookie consent banner. 
  • Privacy notices must be accessible at all times. 
  • To ensure your cookies are GDPR compliant, you must :
    • Get consent before using any cookies (except strictly necessary cookies). 
    • Clearly explain what each cookie tracks and its purpose.
    • Document and store user consent.
    • Don’t refuse access to services if users do not consent to the use of certain cookies.
    • Make the consent withdrawal process simple. 

  Use tools like Matomo that can be configured to automatically anonymise data so you don’t process any personal data.

  Purpose limitation

  You can only use data for the specific, legitimate purposes you told your visitors, prospects or customers about at the time of collection. You can’t use it for anything else without asking again. 

  How to comply

  • Define the specific purposes for collecting personal data (e.g., processing orders, sending newsletters).
  • Ensure you don’t use the data for any other purposes without getting explicit consent from the individuals.

  Data minimisation

  Data minimisation means you should only collect the data you need, aligned with the stated purpose. You shouldn’t gather or store more data than necessary. Implementing data minimisation practices ensures compliance and protects against data breaches.

  How to comply

  • Identify the minimum data required for each purpose.
  • Conduct a data audit to identify and eliminate unnecessary data collection points.
  • Don’t ask for unnecessary information or store data that’s not essential for your business operations.
  • Implement data retention policies to delete data when it is no longer required.

  Accuracy

  You are responsible for keeping data accurate and up-to-date at all times. You should have processes to promptly erase or correct any data if you have incorrect information for your customers.

  How to comply

  • Implement a process to regularly review and update customer data.
  • Provide an easy way for customers to request corrections to their data if they find any errors.

  Storage limitation

  Data should not be kept longer than necessary. You should only hold onto it for as long as you have a valid reason, which should be the purpose stated and consented to. Securely dispose of data when it is no longer needed. There is no upper time limit on data storage. 

  How to comply

  • Set clear retention periods for the different types of data you collect.
  • Develop data retention policies and adhere to them consistently.
  • Delete data when it’s no longer needed for the purposes you specified.

  Integrity and confidentiality

  You must take measures to protect data from unauthorised or unlawful access, like keeping it locked away and secure.

  How to comply

  • Securely store personal data with encryption and access controls, and keep it either within the EU or somewhere with similar privacy protections. 
  • Train your staff on data protection and restrict access to data only to those who need it for their work.
  • Conduct regular security assessments and address vulnerabilities promptly.

  Accountability

  Accountability means that you are responsible for complying with the other principles. You must demonstrate that you are following the rules and taking data protection seriously.

  How to comply

  • Appoint a Data Protection Officer (DPO) or someone responsible for data privacy in your company.
  • Maintain detailed records of data processing activities and any data breaches.
  • Data breaches must be reported within 72 hours.

  Compliance with GDPR is an ongoing process, and it’s vital to review and update your practices regularly. 

  What are GDPR rights ?

  Individuals are granted various rights under the GDPR. These rights give them more control over their personal data.

  

  The right to be informed : People can ask why their data is required.

  What to do : Explain why personal data is required and how it will be used.

  The right to access : People can request and access the personal data you hold about them.
  What to do : Provide a copy of the data upon request, free of charge and within one month.

  The right to rectification : If data errors or inaccuracies are found, your customers can ask you to correct them.
  What to do : Promptly update any incorrect information to ensure it is accurate and up-to-date.

  The right to object to processing : Your customers have the right to object to processing their data for certain purposes, like direct marketing.
  What to do : Respect this objection unless you have legitimate reasons for processing the data.

  Rights in relation to automated decision-making and profiling : GDPR gives individuals the right not to be subject to decisions based solely on automated processing, including profiling, if it significantly impacts them.
  What to do : Offer individuals the right to human intervention and express their point of view in such cases.

  The right to be forgotten : Individuals can request the deletion of their data under certain circumstances, such as when the data is no longer necessary or when they withdraw consent.
  What to do : Comply with such requests unless you have a legal obligation to keep the data.

  The right to data portability : People can request their personal data in a commonly used and machine-readable format.
  What to do : Provide the data to the individual if they want to transfer it to another service provider.

  The right to restrict processing : Customers can ask you to temporarily stop processing their data, for example, while they verify its accuracy or when they object to its usage.
  What to do : Store the data during this period but do not process it further.

  Are all website analytics tools GDPR compliant ?

  Unfortunately, not all web analytics tools are built the same. No matter where you are located in the world, if you are processing the personal data of European citizens or residents, you need to fulfil GDPR obligations.

  While your web analytics tool helps you gain valuable insights from your user base and web traffic, they don’t all comply with GDPR. No matter how hard you work to adhere to the seven principles and GDPR rights, using a non-compliant tool means that you’ll never be fully GDPR compliant.

  When using website analytics tools and handling data, you should consider the following :

  Collection of data

  Aligned with the lawfulness, fairness and transparency principle, you must collect consent from visitors for tracking if you are using website analytics tools to collect visitor behavioural data — unless you anonymise data entirely with Matomo.

  

  To provide transparency, you should also clarify the types of data you collect, such as IP addresses, device information and browsing behaviour. Note that data collection aims to improve your website’s performance and understand your audience better.

  Storage of data

  Assure your visitors that you securely store their data and only keep it for as long as necessary, following GDPR’s storage limitation principle. Clearly state the retention periods for different data types and specify when you’ll delete or anonymise it.

  Usage of data

  Make it clear that to comply with the purpose limitation principle, the data you collect will not be used for other purposes beyond website analytics. You should also promise not to share data with third parties for marketing or unrelated activities without their explicit consent. 

  Anonymisation and pseudonymisation

  Features like IP anonymisation to protect users’ privacy are available with GA4 (Google Analytics) and Matomo. Describe how you use these tools and mention that you may use pseudonyms or unique identifiers instead of real names to safeguard personal data further.

  Cookies and consent

  Inform visitors that your website uses cookies and other tracking technologies for analytics purposes. Matomo offers customisable cookie banners and opt-out options that allow users to choose their preferences regarding cookies and tracking, along with cookieless options that don’t require consent banners. 

  Right to access and correct data

  Inform visitors of their rights and provide instructions on requesting information. Describe how to correct inaccuracies in their data and update their preferences.

  Security measures

  Assure visitors that you take data security seriously and have implemented measures to protect their data from unauthorised access or breaches. You can also use this opportunity to highlight any encryption or access controls you use to safeguard data.

  Contact information

  Provide contact details for your company’s Data Protection Officer (DPO) and encourage users to reach out if they have any questions or concerns about their data and privacy.

  When selecting web analytics tools, consider how well they align with GDPR principles. Look for features like anonymisation, consent management options, data retention controls, security measures and data storage within the EU or a similarly privacy-protecting jurisdiction. 

  Matomo offers an advanced GDPR Manager. This is to make sure websites are fully GDPR compliant by giving users the ability to access, withdraw consent, object or erase their data, in addition to the anonymizing features. 

  And finally, when you use Matomo, you have 100% data ownership — stored with us in the EU if you’re using Matomo Cloud or on your own servers with Matomo On-Premise — so you can be data-driven and still be compliant with worldwide privacy laws. We are also trusted across industries as we provide accurate data (no trying to fill in the gaps with AI), a robust API that lets you connect your data to your other tools and cookieless tracking options so you don’t need a cookie consent banner. What’s more, our open-source nature allows you to explore the inner workings, offering the assurance of security firsthand. 

  Ready to become GDPR compliant ?

  Whether you’re an established business or just starting out, if you work with data from EU citizens or residents, then achieving GDPR compliance is essential. It doesn’t need to cost you a fortune or five years to get to compliant status. With the right tools and processes, you can be on top of the privacy requirements in no time at all, avoiding any of those hefty penalties or the resulting damage to your reputation. 

  You don’t need to sacrifice powerful data insights to be GDPR compliant. While Google Analytics uses data for its ‘own purposes’, Matomo is an ethical alternative. Using our all-in-one web analytics platform means you own 100% of your data 100% of the time. 

  Start a 21-day free trial of Matomo — no credit card required.

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.

• Privacy in Business : What Is It and Why Is It Important ?

  13 juillet 2022, par Erin — Privacy

  Privacy concerns loom large among consumers. Yet, businesses remain reluctant to change the old ways of doing things until they become an operational nuisance. 

  More and more businesses are slowly starting to feel the pressure to incorporate privacy best practices. But what exactly does privacy mean in business ? And why is it important for businesses to protect users’ privacy ? 

  In this blog, we’ll answer all of these questions and more. 

  What is Privacy in Business ?

  In the corporate world, privacy stands for the business decision to use collected consumer data in a safe, secure and compliant way. 

  Companies with a privacy-centred culture : 

  • Get explicit user consent to tracking, opt-ins and data sharing 
  • Collect strictly necessary data in compliance with regulations 
  • Ask for permissions to collect, process and store sensitive data 
  • Provide transparent explanations about data operationalisation and usage 
  • Have mechanisms for data collection opt-outs and data removal requests 
  • Implement security controls for storing collected data and limit access permissions to it 

  In other words : They treat consumers’ data with utmost integrity and security – and provide reassurances of ethical data usage. 

  What Are the Ethical Business Issues Related to Privacy ?

  Consumer data analytics has been around for decades. But digital technologies – ubiquitous connectivity, social media networks, data science and machine learning – increased the magnitude and sophistication of customer profiling.

  Big Tech companies like Google and Facebook, among others, capture millions of data points about users. These include general demographics data like “age” or “gender”, as well as more granular insights such as “income”, “past browsing history” or “recently visited geo-locations”. 

  When combined, such personally identifiable information (PII) can be used to approximate the user’s exact address, frequently purchased goods, political beliefs or past medical conditions. Then such information is shared with third parties such as advertisers. 

  That’s when ethical issues arise. 

  The Cambridge Analytica data scandal is a prime example of consumer data that was unethically exploited. 

  Over the years, Google also faced a series of regulatory issues surrounding consumer privacy breaches :

  • In 2021, a Google Chrome browser update put some 2.6 billion users at risk of “surveillance, manipulation and abuse” by providing third parties with data on device usage. 
  • The same year, Google was taken to court for failing to provide full disclosures on tracking performed in Google Chrome incognito mode. A $5 billion lawsuit is still pending.
  • As of 2022, Google Analytics 4 is considered GDPR non-compliant and was branded “illegal” by several European countries. 

  If you are curious, learn more about Google Analytics privacy issues. 

  The bigger issue ? Big Tech companies make the businesses that use their technologies (unknowingly) complicit in consumer data violations.

  In 2022, the Belgian data regulator found the official IAB Europe framework for user consent gathering in breach of GDPR. The framework was used by all major AdTech platforms to issue pop-ups for user consent to tracking. Now ad platforms must delete all data gathered through these. Biggest advertisers such as Procter & Gamble, Unilever, IBM and Mastercard among others, also received a notice about data removal and a regulatory warning on further repercussions if they fail to comply. 

  Big Tech firms have given brands unprecedented access to granular consumer data. Unrestricted access, however, also opened the door to data abuse and unethical use. 

  Examples of Unethical Data Usage by Businesses 

  • Data hoarding means excessively harvesting all available consumer data because a possibility to do so exists, often using murky consent mechanisms. Yet, 85% of collected Big Data is either dark or redundant, obsolete or trivial (ROT).
  • Invasive personalisation based on sensitive user information (or second-guesses), like a recent US marketing campaign, congratulating women on pregnancy (even if they weren’t expecting). Overall, 75% of consumers find most forms of personalisation somewhat creepy. 22% also said they’d leave for another brand due to creepy experiences.
  • Hyper-targeted advertising campaigns based on data consumers would prefer not to share. A recent investigation found that advertising platforms often assign sensitive labels to users (as part of their ad profiles), indicative of their religion, mental issues, history with abuse and so on. This allows advertisers to target such consumers with dubious ads. 

  Ultimately, excessive data collection, paired with poor data protection in business settings, results in major data breaches and costly damage control. Given that cyber attacks are on the rise, every business is vulnerable. 

  Why Should a Business Be Concerned About Protecting the Privacy of Its Customers ?

  Businesses must prioritise customer privacy because that’s what is expected of them. Globally, 89% of consumers say they care about their privacy. 

  As frequent stories about unethical data usage, excessive tracking and data breaches surface online, even more grow more concerned about protecting their data. Many publicly urge companies to take action. Others curtail their relationships with brands privately. 

  

  On average, 45% of consumers feel uncomfortable about sharing personal data. According to KPMG, 78% of American consumers have fears about the amount of data being collected. 40% of them also don’t trust companies to use their data ethically. Among Europeans, 41% are unwilling to share any personal data with businesses. 

  Because the demand for online privacy is rising, progressive companies now treat privacy as a competitive advantage. 

  For example, the encrypted messaging app Signal gained over 42 million active users in a year because it offers better data security and privacy protection. 

  ProtonMail, a privacy-centred email client, also amassed a 50 million user base in several years thanks to a “fundamentally stronger definition of privacy”.

  The growth of privacy-mindful businesses speaks volumes. And even more good things happen to privacy-mindful businesses : 

  • Higher consumer trust and loyalty 
  • Improved attractiveness to investors
  • Less complex compliance
  • Minimum cybersecurity exposure 
  • Better agility and innovation

  It’s time to start pursuing them ! Learn how to embed privacy and security into your operations.

• Privacy-friendly analytics : The benefits of an ethical, GDPR-compliant platform

  13 juin, par Joe

  Your visitors shouldn’t feel like you’re spying on them — even if you’re just trying to improve the user experience or track your marketing efforts. 

  While many analytics platforms make customers feel that way thanks to intrusive cookie consent banners and highly personalised ads, there is a growing movement towards ethical, privacy-friendly analytics.

  In this article, you’ll learn what privacy-friendly analytics is, why it matters, what to look for in a solution and which of the leading providers is right for you. 

  What is privacy-friendly analytics ? 

  Privacy-friendly analytics is a form of website analytics that collects and analyses data in a way that respects the user’s privacy. It’s a type of ethical web analytics.

  Privacy-friendly platforms limit personal data collection and anonymise individual user data while being transparent about collection and tracking methods. They help companies adhere to data protection laws (like GDPR, CCPA, and HIPAA) and new privacy laws (like OCPA, FDBR, and TDPSA) without configuring custom settings. 

  Why use privacy-friendly analytics ? 

  Millions of businesses choose privacy-friendly analytics platforms like Matomo. Here are a few reasons why : 

  Build trust with customers

  Research shows that the vast majority of consumers don’t trust companies with their data, believing that they prioritise profits over data protection. 

  Privacy-friendly analytics can help businesses prove they aren’t out to profit from consumer data and regain customer trust. This can ultimately boost revenue. According to Cisco’s Data Privacy Benchmark Study, organisations gain $180 for every $100 spent on privacy. 

  Comply with privacy regulations

  Data privacy regulations, such as GDPR, protect consumer privacy and establish strict rules governing how businesses can collect and use personal data.

  The cost of non-compliance is high. Under GDPR, fines can be up to €20 million, or 4% of worldwide annual revenue.

  Thanks to features like data anonymisation and the default use of first-party cookies, privacy-friendly analytics platforms can support and strengthen compliance efforts. 

  In fact, the French Data Protection Authority (CNIL) approved Matomo as one of the only web analytics tools to collect data without tracking consent.

  Minimise the impact of a breach

  According to IBM’s Cost of a Data Breach report, the average cost of a data breach is nearly $4.5 million. The more personally identifiable information (PII) is involved, the higher the fines and penalties. 

  A privacy-friendly analytics tool can reduce the potential impact of a breach by minimising the amount of personal information you hold. 

  Is Google Analytics privacy-friendly ?

  Google may be the best-known analytics platform, but it’s not the best choice for businesses that want to collect data responsibly and ethically. 

  Here are just a few of Google Analytics’s privacy issues :

  • It uses analytics data to run its advertising business.
  • It may train large language models like Gemini with analytics data.
  • It requires a specific setup to be GDPR compliant that isn’t available out of the box.

  Google Analytics’s ongoing issues with privacy laws like GDPR also raise doubt. The French and Austrian Data Protection Authorities have banned Google Analytics in the past, and there is no guarantee they won’t do so again. 

  What to look for in privacy-friendly analytics ?

  Several privacy-friendly analytics tools are available. To find the right one for your brand, look for the following features.

  Data ownership

  Choose a provider that gives you as much control over your users’ data as possible. Ideally, this will be via an on-site solution where you store data on your servers. For cloud-based options, ensure your analytics provider can’t access, use or sell it.

  With 100% data ownership, you have the power to protect your users’ privacy. You know where your customer data is stored and what’s happening to it without external influence.

  Open source

  The only genuinely privacy-friendly software is open-source software. Open-source software means anyone can review the code to ensure it does what it promises — in this case, maximising privacy. 

  Matomo is an open-source software company. Our source code is on GitHub, where everyone can see precisely how our platform tracks and stores user data. A community of developers also regularly examines and reviews our code to further strengthen security. 

  Data anonymisation 

  Privacy-friendly analytics should allow marketers to completely anonymise the data they collect. They achieve this through several techniques like IP anonymisation and pseudonymised user IDs that modify or remove personally identifiable data so it can’t be linked to individuals.

  

  Matomo’s data anonymisation settings 

  In Matomo, for example, you can anonymise the following things in the platform’s Privacy settings :

  • IP address
  • Location
  • User ID

  IP address anonymisation is enabled by default in Matomo.

  No data sampling 

  Data sampling involves extrapolating analytics reports from an incomplete data set. Google Analytics uses this practice and relies on estimates, leading to incomplete and potentially inaccurate results.

  Privacy-friendly analytics should provide 100% accurate insights without making assumptions about your users’ data.

  GDPR compliance

  Privacy-friendly web analytics platforms adhere to even the strictest privacy laws, including GDPR, HIPAA and CCPA, thanks to the following features :

  • Data anonymisation
  • Cookieless tracking
  • EU data storage
  • First-party cookies by default

  

  Matomo data subject access request settings
  (Image Source)

  Privacy-first platforms also make it easy for companies to fulfil data subject access requests. In Matomo, for example, a dedicated feature lets you find, download and delete all of the data you hold about specific individuals. 

  Cookieless tracking

  Cookieless tracking is a form of visitor tracking that uses methods other than cookies to identify individual users. It is more privacy-friendly because no personal data is collected, and users can withhold consent from cookie banners.

  Matomo uses the most privacy-friendly industry-leading cookieless tracking method, config_id, to anonymously track visitors without fingerprinting them. 

  Top 3 privacy-friendly analytics platforms

  We’ve shortlisted three of the leading privacy-friendly analytics platforms. Learn what they offer, what makes them different and how much they cost.

  Matomo

  Matomo is an open-source web analytics tool and privacy-focused Google Analytics alternative trusted by over one million sites in over 190 countries and over 50 languages. 

  

  Matomo dashboard

  Matomo prioritises privacy and keeping businesses compliant with global privacy regulations like GDPR, CCPA and HIPAA. The data you collect is 100% accurate and yours alone. We don’t share it or use it for other purposes. 

  Benefits

  • Matomo’s all-in-one solution offers traditional web and behavioural analytics, such as heatmaps and session recordings. It also includes a free, open-source tag manager. 
  • Matomo gives you the choice of where to store your user’s data. With Matomo Cloud, that’s in our European servers. With Matomo On-Premise, that’s on your servers.
  • Matomo is open-source. Hundreds of independent developers have reviewed our code, and you can view it yourself on GitHub.

  Pricing 

  Hosting Matomo On-Premise is free, while Matomo Cloud costs $26 per month. 

  Fathom

  Fathom Analytics is a simple, easy-to-use alternative to Google Analytics that puts a premium on privacy. 

  

  Fathom dashboard
  (Image Source)

  Fathom has made its platform as easy to use as possible. You can install Fathom on any website or CMS using a single line of code. It also means the platform won’t massively impact your site’s speed or SEO performance. 

  Benefits

  • Fathom complies with all major privacy regulations, including GDPR and CCPA.
  • Fathom doesn’t sample data. It also blocks bots and scrapers, so you only see human visitors.
  • Fathom anonymises IP addresses, so you don’t have to show cookie banners.

  Drawbacks

  • Fathom doesn’t offer many of Matomo’s advanced features like e-commerce tracking, heatmaps, and session recordings.
  • The premium version of Fathom is not open-source. 

  Pricing 

  From $15 per month.

  Plausible

  Plausible Analytics is an open-source, privacy-friendly analytics tool built and hosted in the EU.

  

  Plausible dashboard
  (Image Source)

  The platform launched in 2019 as a lightweight, easy-to-use alternative to Google Analytics. Its simplicity is a big selling point. Instead of dozens of menus, it presents the information you need on a single page.

  Benefits

  • Plausible boasts an ultra-lightweight script, which means it has a minimal impact on page loading times. 
  • Plausible is GDPR and CCPA-compliant by design, so there’s no need for cookie banners.
  • Plausible is an open-source software with the source code available on GitHub.

  Drawbacks

  • Plausible lacks advanced privacy controls like a GDPR manager.
  • It has none of Matomo’s advanced features like A/B testing, session recordings or heatmaps. 

  Pricing 

  From $9 per month

  Try Matomo for free

  Ready to try a privacy-friendly analytics solution ? Making the switch is easy with Matomo, as it’s one of the only platforms to import historical Google Analytics data. You can also try Matomo for free for 21 days — no credit card required.