Recherche avancée

Sur d’autres sites (4899)

• On-premise analytics demand grows as Google Analytics GDPR uncertainties continue

  7 janvier 2020, par Jake Thornton — Privacy

  The Google Analytics GDPR relationship is a complicated one. Website owners in states like Berlin in Germany are now required to ask users for consent to collect their data. This doesn’t make for the friendliest user-experience and often the website visitor will simply click “no.”

  The problem Google Analytics now presents website owners in the EU is with more visitors clicking “no”, the less accurate your data will become.

  Why do you need to ask your visitors for consent ?

  At this stage it’s simply because Google Analytics collects data for its own purposes. An example of this is using your visitor’s personal data for retargeting purposes across their advertising platforms like Google Ads and YouTube. 

  Google’s Privacy & Terms states : “when you visit a website that uses advertising services like AdSense, including analytics tools like Google Analytics, or embeds video content from YouTube, your web browser automatically sends certain information to Google. This includes the URL of the page you’re visiting and your IP address. We may also set cookies on your browser or read cookies that are already there. Apps that use Google advertising services also share information with Google, such as the name of the app and a unique identifier for advertising.”

  

  The rise of hosting web analytics on-premise

  Managing Google Analytics and GDPR can quickly become complicated, so there’s been an increase in website owners switching from cloud-hosted web analytics platforms, like Google Analytics, to more GDPR compliant alternatives, where you can host web analytics software on your own servers. This is called hosting web analytics on-premise.

  Hosting web analytics on your own servers means :

  No third-parties are involved

  The visitor data your website collects is stored on your own internal infrastructure. This means no third-parties are involved and there’s no risk of personal data being used in the way Google Analytics uses it e.g. sending personal data to its advertising platforms. 

  When you sign up with Google Analytics you sign away control of your user’s personal data. With on-premise website analytics, you own your data and are in full control.

  NOTE : Though Google Analytics uses personal data for its own purposes, not all cloud hosted web analytics platforms do this. As an example, Matomo Analytics Cloud hosted solution states that all personal data collected is not used for its own purposes and that Matomo has no rights in accessing or using this personal data. 

  

  You control where in the world your personal data is stored

  Google Analytics servers are based out of USA, Europe and Asia, so where your personal data will end up is uncertain and you don’t have the option to choose which location it goes to when using free Google Analytics.

  Different countries have different laws when it comes to accessing personal data. When you choose to host your web analytics on-premise, you can choose the location of your servers and where the personal data is stored.

  More flexibility

  With self-hosted web analytics platforms like Matomo On-Premise, you can extend the platform to do anything you want without the restrictions that cloud hosted platforms impose.

  You can :

  • Get full access to the source code of open-source solutions, like Matomo
  • Extend the platform however you want for your business
  • Get access to APIs
  • Have no data limitations or restrictions
  • Get RAW data access
  • Have control over security

  >> Read more about on-premise flexibility for web analytics here

  

  So what does the future look like for Google Analytics and GDPR ?

  It’s difficult to assess this right now. How exactly GDPR is enforced is still quite unclear. 

  What is clear however, is now website owners in Berlin using Google Analytics are lawfully required to ask their visitors for consent to collect personal data. It has been reported that Google Analytics has already received 200,000 complaints in Germany alone and it appears this trend is likely to continue across much of the EU.

  When using Google Analytics in the EU you must also ensure your privacy policy is updated so website visitors are aware that data is being collected through Google Analytics for its own purposes.

  Moving to a web analytics on-premise platform

  Matomo Analytics is the #1 open-source web analytics platform in the world and has been rated as an exceptional alternative to Google Analytics. Check the reviews on Capterra.

  Choosing Matomo On-Premise means you can control exactly where your data is stored, you have full flexibility to customise the platform to do what you want and it’s FREE.

  Matomo’s mission is to give control back to website owners and the team has designed the platform so that moving away from Google Analytics is seamless. Matomo offers most of your favourite Google Analytics features, a leaner interface to navigate, and the option to add free and paid premium features that Google Analytics can’t even offer you.

  And now you can import your historical Google Analytics data directly into your Matomo with the Google Analytics Importer plugin.

  DOWNLOAD MATOMO (FREE)

  And if you can’t host web analytics on your own servers ...

  Hosting web analytics on-premise is not an option for all businesses as you do need the internal infrastructure and technical knowledge to host your own platform.

  If you can’t self-host, then Matomo has a Cloud hosted solution you can easily install and operate like Google Analytics, which is hosted on Matomo’s servers in the EU. 

  The GDPR advantages of choosing Matomo Cloud over Google Analytics are :

  • Servers are secure and based in the EU (strict laws forbid outside access)
  • 100% data ownership – we never use data for our own purposes
  • You can export your data anytime and switch to Matomo On-Premise whenever you like
  • User-privacy protection
  • Advanced GDPR Manager and data anonymisation features which GA doesn’t offer

  

  Interested to learn more ?

  If you are wanting to learn more about why users are making the move from Google Analytics to Matomo, check out our Matomo Analytics vs Google Analytics comparison page.

  >> Matomo Analytics vs Google Analytics

• Today we celebrate Data Privacy Day 2019

  28 janvier 2019, par Jake Thornton — Privacy
  Today we celebrate Data Privacy Day 2019 !!!

  What is Data Privacy Day ?

  Wikipedia tells us that : The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices.

  Our personal data is our online identity. When you think what personal data means – our phone records, credit card transactions, GPS position, IP addresses, browsing history and so much more. All so valuable and personal to us as human beings.

  That’s why we cannot take our personal data online for granted. We have a right to know which websites collect our data and how it’s then used, something that’s often not visible or easily recognisable when browsing.

  What Data Privacy Day means to Matomo

  Every year the team at Matomo uses this day as a chance to reflect on how far the Matomo (formerly Piwik) project has come. But then also reflect how far we still have to go in spreading the message that our data and personal information online matters.

  2018 saw the introduction of the EU General Data Protection Regulation (GDPR) to protect people’s data online. As a team, Matomo was at the forefront of this development in the analytics space and have since built a GDPR Manager to ensure our users can be fully compliant with the GDPR.

  With every new release of Matomo, we are ensuring that security continues to be at the highest standard and we will continue to be committed to our bug bounty program. Our most recent release of Matomo 3.8.0 alone added a Two Factor Authentication (2FA) feature and a password brute force prevention.

  What next for Matomo and data privacy ?

  As always, security is a top priority for every new release of Matomo and continues to only get better and better. We have a duty to spread our message further that the protection of personal data matters and today is a vital reminder of that. We are, and forever will be, the #1 open-source (and free to use) web analytics platform in the world that fully respects user privacy and gives our users 100% data ownership.

  In 2018 we changed our name, we updated our logo and website, and advanced our platform to compete with the most powerful web analytics tools in the world, all so we can spread our message further and continue our mission.

  Come with us on this exciting journey. Now is the time to take back control of your data and let’s continue creating a safer web for everyone.

  Please help us spread this message.

• How should I write my privacy notice for Matomo Analytics under GDPR ?

  24 avril 2018, par InnoCraft

  Important note : this blog post has been written by digital analysts, not lawyers. The purpose of this article is to show you an example of a privacy notice for Matomo under GDPR. This work comes from our interpretation of the UK privacy commission : ICO. It cannot be considered as professional legal advice. So as GDPR, this information is subject to change. We strongly advise you to have a look at the different privacy authorities in order to have up to date information.

  A basic rule of thumb is that if you are not processing personal data, then you do not need to show any privacy notice. But if you are doing so, such as processing full IP addresses, then a privacy notice is required at the time of the data collection. Please note that personal data may also be hidden, for example, in page titles or page URLs.

  In this blog post, we will define what a privacy notice is according to GDPR and how to write it if you are using Matomo and you are processing personal data.

  What is a privacy notice under GDPR ?

  One of the most important rights that a data subject has under GDPR, is the right to be informed about the collection and use of their personal data.

  Here is what ICO is saying about the privacy notice :

  “You must provide individuals with information including : your purposes for processing their personal data, your retention periods for that personal data, and who it will be shared with. We call this ‘privacy information’.”

  “When you collect personal data from the individual it relates to, you must provide them with privacy information at the time you obtain their data.”

  Note that a privacy notice is different from a privacy policy.

  The privacy notice has to include :

  • the reasons why you are processing the personal data
  • for how long
  • who the different parties you are going to share them with are

  So whatever lawful basis you are using (explicit consent or legitimate interest), you need to have a privacy notice if you collect personal data.

  What does this privacy notice look like ?

  ICO is providing best practices in order to display the information :

  • a layered approach
  • dashboards
  • just-in-time notices
  • icons
  • mobile and smart device functionalities

  Once more, it really depends on the data you are processing with Matomo. If you wish to track personal data on the entire website, you will probably have an upper or footer privacy notice such as :

  

  If you wish to process specific data, you could also insert just-in-time notices such as :

  

  What is the information you need to disclose to the final user ?

  To us, there are two things to distinguish between the privacy notice and the privacy policy.

  According to ICO, the privacy notice needs to include the 3 following elements :

  • the reasons why you are processing the personal data
  • for how long
  • who are the different parties you are going to share them with

  But you also need to inform them about :

  • The name and contact details of your organisation.
  • The name and contact details of your representative (if applicable).
  • The contact details of your data protection officer (if applicable).
  • The purposes of the processing.
  • The lawful basis for the processing.
  • The legitimate interests for the processing (if applicable).
  • The categories of personal data obtained (if the personal data is not obtained from the individual it relates to).
  • The recipients or categories of recipients of the personal data.
  • The details of transfers of the personal data to any third countries or international organisations (if applicable).
  • The retention periods for the personal data.
  • The rights available to individuals in respect of the processing.
  • The right to withdraw consent (if applicable).
  • The right to lodge a complaint with a supervisory authority.
  • The source of the personal data (if the personal data is not obtained from the individual it relates to).
  • The details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if the personal data is collected from the individual it relates to).
  • The details of the existence of automated decision-making, including profiling (if applicable).

  Pretty long, don’t you think ? In order to reduce it, you can either adopt a layered approach where your “pop-up” window will act as a drop down menu. Or from what we understood, page 5 of this document provided by ICO, a privacy notice can link to a more detailed document, such as a privacy policy page.

  Examples

  Let’s take the example of a website which tracks the non-anonymised full IP address, and using User ID functionality to keep track of logged-in users. Under GDPR, the owner of the website will have to choose either to process personal data based on “Legitimate interests” or on “Consent”. Here is how it will look like :

  Example of a privacy notice under GDPR Legitimate interests

  This site uses Matomo to analyze traffic and help us to improve your user experience.

  We process your email address and IP address and cookies are stored on your browser for 13 months. This data is only processed by us and our web hosting platform. Please read our Privacy Policy to learn more.

  Example of a privacy notice under GDPR Consent

  This site uses Matomo to analyze traffic and help us to improve your user experience.

  We process your email address and IP address and cookies are stored on your browser for 13 months. This data is only processed by us and our web hosting platform.

  [Accept] or [Opt-out]

  Please read our Privacy Policy to learn more.

  Once that information is provided to the user, you can then link it to your privacy policy where you will provide more details about it. Soon we will issue a blog post dealing with how to write a privacy policy page for Matomo.

  The post How should I write my privacy notice for Matomo Analytics under GDPR ? appeared first on Analytics Platform - Matomo.