Recherche avancée

Sur d’autres sites (6835)

• First-party data explained : Benefits, use cases and best practices

  25 juillet, par Joe

  Third-party cookies are being phased out, and marketers who still depend on them for user insights need to find alternatives.

  Google delayed the complete deprecation of third-party cookies until early 2025, but many other browsers, such as Mozilla, Brave, and Safari, have already put a stop to them. Plus, looking at the number of data leak incidents, like the one where Twitter leaked 200 million user emails, collecting and using first-party data is a great alternative. 

  In this post, we explore the ins and outs of first-party data and examine how to collect it. We’ll also look at various use cases and best practices to implement first-party data collection.

  What is first-party data ?

  First-party data is information organisations collect directly from customers through their owned channels. 

  Organisations can capture data without intermediaries when people interact with their website, mobile app, social media accounts or other customer-facing systems.

  For example, businesses can track visitor behaviour, such as bounce rates and time spent browsing particular pages. This activity is considered first-party data when it occurs on the brand’s digital property.

  Some examples include :

  • Demographics : Age, gender, location, income level
  • Contact information : Email addresses, phone numbers
  • Behavioural insights : Topics of interest, content engagement, browsing history
  • Transactional data : Purchase history, shopping preferences

  A defining characteristic is that this information comes straight from the source, with the customer’s willingness and consent. This direct collection method is why first-party data is widely regarded as more reliable and accurate than second or third-party data. With browsers like Chrome fully phasing out third-party cookies by the end of 2025, the urgency for adopting more first-party data strategies is accelerating across industries.

  How to collect first-party data 

  Organisations can collect first-party data in various ways. 

  Website pixels

  In this method, organisations place small pieces of code that track visitor actions like page views, clicks and conversions. When visitors land on the page, the pixel activates and collects data about their behaviour without interrupting the user experience. 

  Website analytics tools

  With major browsers like Safari and Firefox already blocking third-party cookies (and Chrome is phasing them out soon, there’s even more pressure on organisations to adopt first-party data strategies.

  Website analytics tools like Matomo help organisations collect first-party data with features like visitor tracking and acquisition analysis to analyse the best channels to attract more users. 

  Multi-attribution modelling that helps businesses understand how different touchpoints (social media channels or landing pages) persuade visitors to take a desired action (like making a purchase). 

  

  (Image Source)

  Other activities include :

  • Cohort analysis 
  • Heatmaps and session recordings 
  • SEO keyword tracking
  • A/B testing 
  • Paid ads performance tracking

  

  Heatmap feature in Matomo

  Account creation on websites

  When visitors register on websites, they provide information like names, email addresses and often demographic details or preferences.

  Newsletters and subscriptions 

  With email subscriptions and membership programs, businesses can collect explicit data (preferences selected during signup) and implicit data (engagement metrics like open rates and click patterns).

  Gated content

  Whitepapers, webinars or exclusive articles often ask for contact information when users want access. This approach targets specific audience segments interested in particular topics.

  Customer Relationship Management (CRM) systems

  CRM platforms collect information from various touchpoints and centralise it to create unified customer profiles. These profiles include detailed user information, like interaction history, purchase records, service inquiries and communication preferences.

  Mobile app activity

  Mobile in-app behaviours can assist businesses in gathering data such as :

  • Precise location information (indicating where customers interact with the app)
  • Which features they use most often
  • How long they stay on different screens
  • Navigation patterns

  This mobile-specific data helps organisations understand how their customers behave on smaller screens and while on the move, insights that website data alone cannot provide.

  Point of Sale (PoS) systems

  Modern checkout systems don’t just process payments. PepsiCo proved this by growing its first-party data stores by more than 50% through integrated PoS systems. 

  Today’s PoS technology captures detailed information about each transaction :

  • Item(s) sold
  • Price (discounts, taxes, tip)
  • Payment type (card, cash, digital wallet)
  • Time and date
  • Loyalty/rewards number
  • Store/location

  Plus, when connected with loyalty programs where customers identify themselves (by scanning a card or entering a phone number), these systems link purchase information to individuals. 

  This creates valuable historical records showing how customer preferences evolve and offering insight into :

  • Which products are frequently purchased together
  • The time of the day, week, month, or year when items sell best
  • Which promotions or special offers are most effective

  Server-side tracking 

  Most websites track user behaviour through code that runs in the visitor’s web browser (client-side tracking). 

  Server-side tracking takes a different approach by collecting data directly on the company’s own servers. 

  Because the tracking happens on company servers rather than browsers, ad-blocking software doesn’t block it. 

  Organisations gain more consistent data collection and greater control over their customer information. This privacy-friendly approach lets companies get the data they need without relying on third-party tracking scripts.

  Now that we understand how organisations can gather first-party data, let us explore its use cases. 

  Use cases of first-party data 

  Businesses can use first-party data in many ways, from creating customer profiles to personalising user experiences.

  Developing comprehensive customer profiles

  First-party data can help create detailed customer profiles. 

  Here are some examples :

  • Demographic profiles : Age, gender, location, job role and other personal characteristics.
  • Behavioural profiles : Website activity, purchase history and engagement with marketing campaigns that focus on how users interact with businesses and their offerings. 
  • Psychographic profiles : Customer’s interests, values and lifestyle preferences.
  • Transactional profiles : Purchase patterns, including the types of products they buy, how often they purchase and their total spending.

  The benefit of developing these profiles is that businesses can then create specific campaigns for each profile, instead of running random campaigns. 

  For example, a subscription service business may have a behavioural profile of ‘inactive users’. To reignite interest, they can offer discounts or limited-time freebies to these users.

  Crafting relevant content

  First-party data shows what types of content customers engage with most. 

  If customers love watching videos, businesses can create more video content. If a blog gets more readership for its tech articles, it can focus on tech-related content to adjust to readers’ preferences. 

  Uncovering new marketing opportunities

  First-party data lets businesses analyse customer interactions in a way that can reveal untapped markets. 

  For example, if a company sees that many website visitors are from a particular region, it might consider launching campaigns in that area to boost sales. 

  Personalising experiences

  89% of decision-makers believe personalisation is key to business success in the next three years. 

  First-party data helps organisations to tailor experiences based on individual preferences. 

  

  For example, an e-commerce site can recommend products based on previous purchases or browsing history. Shoppers with abandoned carts can get reminders. 

  It’s also helpful to see how customers respond to different types of communication. Certain groups may prefer emails, and some may prefer text messages. Similarly, some users spend more time on quizzes and interactive content like wizards or calculators. 

  By analysing this, businesses can adjust their strategies so that users get a personal experience when they visit a website.

  Optimising operations

  The use cases of first-party data don’t just apply to the marketing domain. They’re also valuable for operations. When businesses analyse customer order patterns, they can spot the best locations for fulfilment centres that reduce shipping time and costs.

  For example, an online retailer might discover that most customers are concentrated in urban areas and decide to open fulfilment centres closer to those locations.

  Or, in the public sector, transport companies can use first-party data to optimise routes and fine-tune fare simulation tools. By analysing rider queries, travel preferences and interaction data, they can :

  • Prioritise high-demand routes during peak hours 
  • Adjust fare structures to reflect common trip or rider patterns
  • Make personalised travel suggestions based on individual user history.

  Benefits of first-party data 

  First-party data offers two significant benefits : accuracy and compliance. It comes directly from the customers and can be considered more accurate and reliable. But that’s not it. 

  First-party data aligns with many data privacy regulations, like the GDPR and CCPA. That’s because first-party data collection requires explicit consent, which means the data remains confidential. This builds compliance, and customers develop more trust in the business.

  Best practices to collect and manage first-party data 

  Though first-party data comes with many benefits, how should organisations collect and manage it ? What are the best practices ? Let’s take a look. 

  Define clear goals

  Though defining clear goals seems like overused advice, it’s one of the most important. If a business doesn’t know why it’s collecting first-party data, all the information gathering becomes purposeless. 

  Businesses can think of different goals to achieve from first-party data collection : improving customer relationships, enhancing personalisation or increasing ROI. 

  Once these goals are concrete, they can guide data collection strategies and help understand whether they’re working.

  Establish a privacy policy

  A privacy policy is a document that explains why a business is collecting a user’s data and what it will do with it. By being open and honest, this policy builds trust with customers, so customers feel safe sharing their information. 

  For example, an e-commerce privacy policy may read like : 

  “At (Business name), your privacy is important to us. We collect your information when you create an account or buy something. This information includes your name, email and purchase history. We use this data to give you a better shopping experience and suggest products that you’ll find useful. We follow all data privacy laws like GDPR to keep your personal information safe.” 

  For organisations that use Matomo, we suggest updating the privacy policy to explain how Matomo is used and what data it collects. Here’s a privacy policy template for Matomo users that can be easily copied and pasted. 

  For a GDPR compatible privacy policy, read How to complete your privacy policy with Matomo analytics under GDPR.

  Simplify consent processes

  Businesses should obtain explicit user consent before collecting their data, as shown in the image below. 

  

  (Image Source) 

  To do this, integrate user-friendly consent management platforms that let customers easily access, view, opt out of, or delete their information.

  To ensure consent practices align with GDPR standards, follow these key steps :
  

  GDPR-compliant consent checklist
  ✅ State the purpose clearly	Describe data usage in plain terms.
  ✅ Use granular opt-ins	Separate consents by purpose.
  ✅ Avoid pre-ticked boxes	Active choices only.
  ✅ Enable easy opt-out	Simple and accessible withdrawal.
  ✅ Log consent	Timestamp and record every opt-in.
  ✅ Review periodically	Audit for accuracy and relevance.

  Comply with platform-specific restrictions

  In addition to general consent practices, businesses must comply with platform-specific restrictions. This includes obtaining explicit permissions for :

  • Location services : Users must consent to sharing their location data.
  • Contact lists : Businesses need permission to access and use contact information.
  • Camera and microphone Use : Users must consent to using the camera and microphone 
  • Advertising IDs : On platforms like iOS, businesses must obtain consent to use advertising IDs. 

  For example, Zoom asks the user if it can access the camera and the microphone by default.

  Utilise multiple data collection channels

  Instead of relying on just one source to collect first-party data, it is better to use multiple channels. Gather first-party data from diverse sources such as websites, mobile apps, CRM systems, email campaigns, and in-store interactions (for richer datasets). This way, businesses get a more complete picture of their customers.

  Implementing a strong data governance framework with proper tooling, taxonomy, and maintenance practices is also vital for better data usability.

  Use privacy-focused analytics tools 

  Focus on not just collecting data but also doing it in a way that’s secure and ethical. 

  Use tools like Matomo to track user interactions and gather meaningful analytics. For example, Matomo heatmaps can give you a visual insight into where users click and scroll, all while following all the data privacy laws.

  

  (Image Source) 

  What is second-party data ? 

  Second-party data is information that one company collects from its customers and shares with another company. It’s like “second-hand” first-party data because it’s collected directly from customers but used by a different business.

  Companies purchase second-party data from trusted partners instead of getting it directly from the customer. For example, hotel chains can use customer insights from online travel agencies, like popular destinations and average stay lengths, to refine their pricing strategies and offer more relevant perks.

  When using second-party data, it’s essential to :

  • Be transparent : Share with customers that their data is being shared with partners. 
  • Conduct regular audits : Ensure the data is accurate and handled properly to maintain strong privacy standards. If their data standards don’t seem that great, consider looking elsewhere.

  What is third-party data ? 

  Third-party data is collected from various sources, such as public records, social media or other online platforms. It’s then aggregated and sold to businesses. Organisations get third-party data from data brokers, aggregators and data exchanges or marketplaces. 

  Some examples of third-party data include life events from user social media profiles, like graduation or facts about different organisations, like the number of employees and revenue.

  For example, a data broker might collect information about people’s interests from social media and sell it to a company that wants to target ads based on those interests.

  Third-party data often raises privacy concerns due to its collection methods. One major issue is the lack of transparency in how this data is obtained. 

  Consumers often don’t know that their information is being collected and sold by third-party brokers, leading to feelings of mistrust and violation of privacy. This is why data privacy guidelines have evolved. 

  What is zero-party data ? 

  Zero-party data is the information that customers intentionally share with a business. Some examples include surveys, product ratings and reviews, social media polls and giveaways.

  Organisations collect first-party data by observing user behaviours, but zero-party data is the information that customers voluntarily provide. 

  

  Zero-party data can provide helpful insights, but self-reported information isn’t always accurate. People don’t always do what they say. 

  For example, customers in a survey may share that they consider quality above all else when purchasing. Still, looking at their actual behaviour, businesses can see that they make a purchase only when there’s a clearance or a sale.

  First-party data can give a broader view of customer behaviours over time, which zero-party data may not always be able to capture. 

  Therefore, while zero-party data offers insights into what customers say they want, first-party data helps understand how they behave in real-world scenarios. Balancing both data types can lead to a deeper understanding of customer needs.

  Getting valuable customer insights without compromising privacy 

  Matomo is a powerful tool for organisations that want to collect first-party data. We’re a full-featured web analytics tool that offers features that allow businesses to track user interactions without compromising the user’s personal information. Below, we share how.

  Data ownership

  Matomo allows organisations to own their analytics data, whether on-premise or in their chosen cloud. This means we don’t share your data with anyone else. This aligns with GDPR’s requirement for data sovereignty and minimises third-party risks.

  Pseudonymisation of user IDs

  Matomo allows organisations to pseudonymise user IDs, replacing them with a salted hash function. 

  

  (Image Source)

  Since the user IDs have different names, no one can trace them back to a specific person.

  IP address anonymisation

  Data anonymisation refers to removing personally identifiable information (PII) from datasets so individuals can’t be readily identified.

  Matomo automatically anonymises visitor IP addresses, which helps respect user privacy. For example, if the visitor’s IP address is 199.513.1001.123, Matomo can mask it to 199.0.0.0. 

  It can also anonymise geo-location information, such as country, region and city, ensuring this data doesn’t directly identify users.

  

  (Image Source) 

  Consent management

  Matomo offers an opt-out option that organisations can add to their website, privacy policy or legal page. 

  Matomo tracks everyone by default, but visitors can opt out by clicking the opt-out checkbox. 

  Our DoNotTrack technology helps businesses respect user choices to opt out of tracking from specific websites, such as social media or advertising platforms. They can simply select the “Support Do Not Track preference.”

  These help create consent workflows and support audit trails for regulators. 

  Data storage and deletion

  Keeping visitor data only as long as necessary is a good practice by default. 

  To adhere to this principle, organisations can configure Matomo to automatically delete old raw data and old aggregated report data. 

  Here’s a quick case study summarising how Matomo features can help organisations collect first-party data. CRO:NYX found that Google Analytics struggled to capture accurate data from their campaigns, especially when running ads on the Brave browser, which blocks third-party cookies.

  They then switched to Matomo, which uses first-party cookies by default. This approach allowed them to capture accurate data from Brave users without putting user privacy at stake. 

  The value of Matomo in first-party data strategies 

  First-party data gives businesses a reliable way to connect with audiences and to improve marketing strategies. 

  Matomo’s ethical web analytics lets organisations collect and analyse this data while prioritising user privacy. 

  With over 1 million websites using Matomo, it’s a trusted choice for organisations of all sizes. As a cloud-hosted service and a fully self-hosted solution, Matomo supports organisations with strong data sovereignty needs, allowing them to maintain full control over their analytics infrastructure.

  Ready to collect first-party data while securing user information ? Start your free 21-day trial, no credit card required.

• Unlocking the power of web analytics dashboards

  22 juillet, par Joe — Analytics Tips, App Analytics

  In the web analytics world, we have no shortage of data — clicks, views, scrolls, bounce rates — yet still struggle to extract valuable, actionable insights. There are facts and figures about any action anybody takes (or doesn’t take) when they visit your website, place an order or abandon their shopping cart. But all that data is often without context.

  That’s where dashboards come in : More than visual summaries, the right dashboards give context, reduce noise, and help us focus on what matters most — whether it’s boosting conversions, optimising campaigns, or monitoring data quality and compliance efforts.

  In this article, we’ll focus on :

  • The importance of data quality in web analytics dashboards
  • Different types of dashboards to use depending on your goals 
  • How to work with built-in dashboards in Matomo
  • How to customise them for your organisation’s needs

  Whether you’re building your first dashboard or refining a mature analytics strategy, this guide will help you get more out of your data.

  What is a web analytics dashboard ?

  A web analytics dashboard is an interactive interface that displays key website metrics and data visualisations in an easy-to-grasp format. It presents key data clearly and highlights potential problems, helping users quickly spot trends, patterns, and areas for improvement.

  Dashboards present data in charts, graphs and tables that are easier to understand and act upon. Users can usually drill down on individual elements for more detail, import other relevant data or adjust the time scale to get daily, weekly, monthly or seasonal views.

  Types of web analytics dashboards

  Web analytics dashboards may vary in the type of information they present and the website KPIs (key performance indicators) they track. However, sometimes the information can be the same or similar, but the context is what changes.

  Overview dashboard

  This offers a comprehensive overview of key metrics and KPIs. For example, it might show :

  • Traffic metrics, such as the total number of sessions, visits to the website, distinct users, total pages viewed and/or the average number of pages viewed per visit.
  • Engagement metrics, like average session duration, the bounce rate and/ or the exit rate by specific pages.
  • Audience metrics, including new vs. returning visitors, or visitor demographics such as age, gender or location. It might also show details of the specific device types used to access the website : desktop, mobile, or tablet.

  An overview dashboard might also include snapshots of some of the examples below.

  Acquisition dashboard

  This reveals how users arrive at a website. Although an overview dashboard can provide a snapshot of these metrics, a focused acquisition dashboard can break down website traffic even further. 

  They can reveal the percentages of traffic coming from organic search engines, social platforms, or users typing the URL directly. They can also show referrals from other websites and visitors clicking through from paid advertising sources. 

  An acquisition dashboard can also help measure campaign performance and reveal which marketing efforts are working and where to focus efforts for better results.

  Behavioural dashboard

  This dashboard shows how users interact with a website, including which pages get the most traffic and how long visitors stay before they leave. It also reveals which pages get the least traffic, highlighting where SEO optimisation or greater use of internal links may be needed.

  Behavioural dashboards can show a range of metrics, such as user engagement, navigation, page flow analysis, scroll depth, click patterns, form completion rates, event tracking, etc. 

  This behavioural data lets companies identify engaging vs. underperforming content, fix usability issues and optimise pages for better conversions. It may even show the data in heat maps, click maps or user path diagrams.

  Goals and ecommerce dashboard

  Dashboards of this type are mostly used by e-commerce websites. They’re useful because they track things like sales goal completions and revenue targets, as well as conversions, revenue, and user actions that deliver business results. 

  

  The typical metrics seen here are :

  • Goal tracking (aka conversions) in terms of completed user actions (form submissions, sign-ups, downloads, etc.) will provide funnel analysis and conversion rates. It’ll also give details about which traffic sources offer the most conversions.
  • Revenue tracking is provided via a combination of metrics. These include sales and revenue figures, average order value, top-selling items, revenue per product, and refund rates. It can also reveal how promotions, discounts and coupons affect total sales.
  • Shopping behaviour analysis tracks how users move from browsing to cart abandonment or purchase.

  These metrics help marketing teams measure campaign ROI. They also help identify high-value products and audiences and provide pointers for website refinement. For example, checkout flow optimisation might reduce abandonment.

  Technical performance dashboard

  This monitors a website’s technical health and performance metrics. It focuses on how a website’s infrastructure and backend health affect user experiences. It’ll track a lot of things, including :

  • Page load time
  • Server response time
  • DNS lookup time
  • Error rates
  • Mobile optimisation scores
  • Browser usage
  • Operating system distribution
  • Network performance
  • API response times
  • Core web vitals
  • Mobile usability issues

  This information helps organisations quickly fix issues that hurt SEO and conversions. It also helps to reduce errors that frustrate users, like checkout failures. Critically, it also helps to improve reliability and avoid downtime that can cost revenue.

  Geographic dashboard

  When an organisation wants to analyse user behaviour based on geographic location, this is the one to use. It reveals where website visitors are physically located and how their location influences their behaviour. Here’s what it tracks :

  • City, country/region 
  • Granular hotspots
  • Language preferences
  • Conversion rates by location
  • Bounce rates/engagement by location
  • Device type : Mobile vs. tablet vs desktop
  • Campaign performance by location
  • Paid ads effectiveness by location
  • Social media referrals by location
  • Load times by location

  Geographic dashboards allow companies to target marketing efforts at high-value regions. They also inform content localisation in terms of language, currency, or offers. And they help identify and address regional issues such as speed, payment methods, or cultural relevance.

  Custom segments dashboard

  This kind of dashboard allows specific subsets of an audience to be analysed based on specific criteria. For example, these subsets might include :

  • VIP customers
  • Mobile users
  • New vs. returning visitors
  • Logged-in users
  • Campaign responders
  • Product category enthusiasts. 

  What this dashboard reveals depends very much on what questions the user is trying to answer. It can provide actionable insight into why specific subsets of visitors or customers drop off at certain points. It allows specific metrics (bounce rate, conversions, etc.) to be compared across segments. 

  It can also track the performance of marketing campaigns across different audience segments, allowing marketing efforts to be tailored to serve high-potential segments. Its custom reports can also assist in problem-solving and testing hypotheses.

  

  Content performance dashboard

  This is useful for understanding how a website’s content engages users and drives business goals. Here’s what it tracks and why it matters :

  • Top-performing content
    • Most viewed pages
    • Highest time-on-page content
    • Most shared/linked content
  • Engagement metrics
    • Scroll depth (how far users read)
    • Video plays/podcast listens
    • PDF/downloads of gated content
  • Which content pieces lead to
    • Newsletter sign-ups
    • Demo requests
    • Product purchases
  • SEO health
    • Organic traffic per page
    • Keyword rankings for specific content
    • Pages with high exit rates
  • Content journey analysis
    • Entry pages that start user sessions
    • Common click paths through a site
    • Pages that often appear before conversions

  All this data helps improve website effectiveness. It lets organisations double down on what works, identify and replicate top-performing content and fix underperforming content. It can also identify content gaps, author performance and seasonal trends. The data then informs content strategy and optimisation efforts.

  The importance of data quality

  The fundamental reason we look at data is to make decisions that are informed by facts. So, it stands to reason that the quality of the underlying data is critical because it governs the quality of the information in the dashboard.

  And the data source for web analytics dashboards is often Google Analytics 4 (GA4), since it’s free and frequently installed by default on new websites. But this can be a problem because the free version of Google Analytics is limited and resorts to data sampling beyond a certain point. Let’s dig into that.

  Google Analytics 4 (GA4)

  It’s the default option for most organisations because it’s free, but GA4 has notable limitations that affect data accuracy and functionality. The big one is data sampling, which kicks in for large datasets (500,000+ events). This can skew reporting because the analysis is of subsets rather than complete data. 

  In addition, user privacy tools like ad blockers, tracking opt-outs, and disabled JavaScript can cause underreporting by 10-30%. GA4 also restricts data retention to 2-14 months and offers limited filtering and reduced control over data collection thresholds. Cross-domain tracking requires manual setup and lacks seamless integration. 

  One solution is to upgrade to Google Analytics 360 GA360, but it’s expensive. Pricing starts at $12,500/month (annual contract) plus $150,000 minimum yearly spend. The costs also scale with data volume, typically requiring $150,000−500,000 annually.

  

  Matomo’s built-in dashboards

  Matomo is a better solution for organisations needing unsampled data, longer data retention, and advanced attribution. It also provides functionality for enterprises to export their data and import it into Google BigQuery if that’s what they already use for analysis.

  Matomo Analytics takes a different approach to data quality. By focusing on privacy and data ownership, we ensure that businesses have full control over all of their data. Matomo also includes a range of built-in dashboards designed to meet the needs of different users. 

  The default options provide a starting point for tracking key metrics and gaining insight into their performance. They’re accessible by simply navigating to the reports section and selecting the relevant dashboard. These dashboards draw on raw data to provide more detailed and accurate analysis than is possible with GA4. And at a fraction of the price of GA360. 

  You can get Matomo completely free of charge as a self-hosted solution or via Matomo Cloud for a mere $29/month — vs. GA360’s $150k+/year. It also has other benefits :

  • 100% data ownership and no data sampling
  • Privacy compliance by design :
    • GDPR/CCPA-ready
    • No ad-blocker distortion
    • Cookieless tracking options
  • No data limits or retention caps
  • Advanced features without restriction :
    • Cross-domain tracking
    • Custom dimensions/metrics
    • Heatmaps/session recordings

  Customisation options

  Although Matomo’s default dashboards are powerful, the real value lies in the customisation options. These extensive and easy-to-use options empower users to tailor custom dashboards to their precise needs.

  Unlike GA4’s rigid layouts, Matomo offers drag-and-drop widgets to create, rearrange or resize reports effortlessly. You can :

  • Add 50+ pre-built widgets (e.g., traffic trends, conversion funnels, goal tracking) or create custom SQL/PHP widgets for unique metrics.
  • Segment data dynamically with filters (by country, device, campaign) and compare date ranges side-by-side.
  • Create white-label dashboards for client reporting, with custom logos, colours and CSS overrides.
  • Schedule automated PDF/email reports with personalised insights.
  • Build role-based dashboards (e.g., marketing vs. executive views) and restrict access to sensitive data.

  For developers, Matomo’s open API enables deep integrations (CRM, ERP, etc.) and custom visualisations via JavaScript. Self-hosted users can even modify the core user interface.

  Matomo : A fully adaptable analytics hub

  Web analytics dashboards can be powerful tools for visualising data, generating actionable insights and making better business decisions. But that’s only true as long as the underlying data is unrestricted and the analytics platform delivers high-quality data for analysis. 

  Matomo’s commitment to data quality and privacy sets it apart as a reliable source of accurate data to inform accurate and detailed insights. And the range of reporting options will meet just about any business need, often without any customisation.

  To see Matomo in action, watch this two-minute video. Then, when you’re ready to build your own, download Matomo On-Premise for free or start your 21-day free trial of Matomo Cloud — no credit card required.

• Privacy-enhancing technologies : Balancing data utility and security

  18 juillet, par Joe

  In the third quarter of 2024, data breaches exposed 422.61 million records, affecting millions of people around the world. This highlights the need for organisations to prioritise user privacy. 

  Privacy-enhancing technologies can help achieve this by protecting sensitive information and enabling safe data sharing. 

  This post explores privacy-enhancing technologies, including their types, benefits, and how our website analytics platform, Matomo, supports them by providing privacy-focused features.

  What are privacy-enhancing technologies ? 

  Privacy Enhancing Technologies (PETs) are tools that protect personal data while allowing organisations to process information responsibly. 

  In industries like healthcare, finance and marketing, businesses often need detailed analytics to improve operations and target audiences effectively. However, collecting and processing personal data can lead to privacy concerns, regulatory challenges, and reputational risks.

  PETs minimise the collection of sensitive information, enhance security and allow users to control how companies use their data. 

  Global privacy laws like the following are making PETs essential for compliance :

  • General Data Protection Regulation (GDPR) in the European Union
  • California Consumer Privacy Act (CCPA) in California
  • Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada
  • Lei Geral de Proteção de Dados (LGPD) in Brazil

  Non-compliance can lead to severe penalties, including hefty fines and reputational damage. For example, under GDPR, organisations may face fines of up to €20 million or 4% of their global annual revenue for serious violations. 

  Types of PETs 

  What are the different types of technologies available for privacy protection ? Let’s take a look at some of them. 

  Homomorphic encryption

  Homomorphic encryption is a cryptographic technique in which users can perform calculations on cipher text without decrypting it first. When the results are decrypted, they match those of the same calculation on plain text. 

  This technique keeps data safe during processing, and users can analyse data without exposing private or personal data. It is most useful in financial services, where analysts need to protect sensitive customer data and secure transactions. 

  Despite these advantages, homomorphic encryption can be complex to compute and take longer than other traditional methods. 

  Secure Multi-Party Computation (SMPC)

  SMPC enables joint computations on private data without revealing the raw data. 

  In 2021, the European Data Protection Board (EDPB) issued technical guidance supporting SMPC as a technology that protects privacy requirements. This highlights the importance of SMPC in healthcare and cybersecurity, where data sharing is necessary but sensitive information must be kept safe. 

  For example, several hospitals can collaborate on research without sharing patient records. They use SMPC to analyse combined data while keeping individual records confidential. 

  Synthetic data

  Synthetic data is artificially generated to mimic real datasets without revealing actual information. It is useful for training models without compromising privacy. 

  Imagine a hospital wants to train an AI model to predict patient outcomes based on medical records. Sharing real patient data, however, poses privacy challenges, so that can be changed with synthetic data. 

  Synthetic data may fail to capture subtle nuances or anomalies in real-world datasets, leading to inaccuracies in AI model predictions.

  Pseudonymisation

  Pseudonymisation replaces personal details with fake names or codes, making it hard to determine who the information belongs to. This helps keep people’s personal information safe. Even if someone gets hold of the data, it’s not easy to connect it back to real individuals. 

  

  Pseudonymisation works differently from synthetic data, though both help protect individual privacy. 

  When we pseudonymise, we take factual information and replace the bits that could identify someone with made-up labels. Synthetic data takes an entirely different approach. It creates new, artificial information that looks and behaves like real data but doesn’t contain any details about real people.

  Differential privacy

  Differential privacy adds random noise to datasets. This noise helps protect individual entries while still allowing for overall analysis of the data. 

  It’s useful in statistical studies where trends need to be understood without accessing personal details.

  For example, imagine a survey about how many hours people watch TV each week. 

  Differential privacy would add random variation to each person’s answer, so users couldn’t tell exactly how long John or Jane watched TV. 

  However, they could still see the average number of hours everyone in the group watched, which helps researchers understand viewing habits without invading anyone’s privacy.

  Zero-Knowledge Proofs (ZKP)

  Zero-knowledge proofs help verify the truth without exposing sensitive details. This cryptographic approach lets someone prove they know something or meet certain conditions without revealing the actual information behind that proof.

  Take ZCash as a real-world example. While Bitcoin publicly displays every financial transaction detail, ZCash offers privacy through specialised proofs called Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARKs). These mathematical proofs confirm that a transaction follows all the rules without broadcasting who sent money, who received it, or how much changed hands.

  The technology comes with trade-offs, though. 

  Creating and checking these proofs demands substantial computing power, which slows down transactions and drives up costs. Implementing these systems requires deep expertise in advanced cryptography, which keeps many organisations from adopting them despite their benefits.

  Trusted Execution Environment (TEE)

  TEEs create special protected zones inside computer processors where sensitive code runs safely. These secure areas process valuable data while keeping it away from anyone who shouldn’t see it.

  TEEs are widely used in high-security applications, such as mobile payments, digital rights management (DRM), and cloud computing.

  Consider how companies use TEEs in the cloud : A business can run encrypted datasets within a protected area on Microsoft Azure or AWS Nitro Enclaves. Due to this setup, even the cloud provider can’t access the private data or see how the business uses it. 

  TEEs do face limitations. Their isolated design makes them struggle with large or spread-out computing tasks, so they don’t work well for complex calculations across multiple systems.

  Different TEE implementations often lack standardisation, so there can be compatibility issues and dependence on specific vendors. If the vendor stops the product or someone discovers a security flaw, switching to a new solution often proves expensive and complicated.

  Obfuscation (Data masking)

  Data masking involves replacing or obscuring sensitive data to prevent unauthorised access. 

  It replaces sensitive data with fictitious but realistic values. For example, a customer’s credit card number might be masked as “1234-XXXX-XXXX-5678.” 

  The original data is permanently altered or hidden, and the masked data can’t be reversed to reveal the original values.

  Federated learning

  Federated learning is a machine learning approach that trains algorithms across multiple devices without centralising the data. This method allows organisations to leverage insights from distributed data sources while maintaining user privacy.

  For example, NVIDIA’s Clara platform uses federated learning to train AI models for medical imaging (e.g., detecting tumours in MRI scans). 

  Hospitals worldwide contribute model updates from their local datasets to build a global model without sharing patient scans. This approach may be used to classify stroke types and improve cancer diagnosis accuracy.

  Now that we have explored the various types of PETs, it’s essential to understand the principles that guide their development and use. 

  Key principles of PET (+ How to enable them with Matomo) 

  PETs are based on several core principles that aim to balance data utility with privacy protection. These principles include :

  Data minimisation

  Data minimisation is a core PET principle focusing on collecting and retaining only essential data.

  Matomo, an open-source web analytics platform, helps organisations to gather insights about their website traffic and user behaviour while prioritising privacy and data protection. 

  Recognising the importance of data minimisation, Matomo offers several features that actively support this principle :

  • Cookieless tracking : Eliminates reliance on cookies, reducing unnecessary data collection.
  • IP anonymisation : Automatically anonymises IP addresses, preventing identification of individual users.

  

  (Image Source)

  • Custom data retention policies : Allows organisations to define how long user data is stored before automatic deletion.

  7Assets, a fintech company, was using Google Analytics and Plausible as their web analytics tools. 

  However, with Google Analytics, they faced a problem of unnecessary data tracking, which created legal work overhead. Plausible didn’t have the features for the kind of analysis they wanted. 

  They switched to Matomo to enjoy the balance of privacy yet detailed analytics. With Matomo, they had full control over their data collection while also aligning with privacy and compliance requirements.

  Transparency and User Control

  Transparency and user control are important for trust and compliance. 

  Matomo enables these principles through :

  • Consent management : Offers integration with Consent Mangers (CMPs), like Cookiebot and Osano, for collecting and managing user consent.
  • Respect for DoNotTrack settings : Honours browser-based privacy preferences by default, empowering users with control over their data.

  

  (Image Source)

  • Opt-out mechanisms : These include iframe features that allow visitors to opt out of tracking. 

  Security and Confidentiality

  Security and confidentiality protect sensitive data against inappropriate access. 

  Matomo achieves this through :

  • On-premise hosting : Gives organisations the ability to host analytics data on-site for complete data control.
  • Data security : Protects stored information through access controls, audit logs, two-factor authentication and SSL encryption.
  • Open source code : Enables community reviews for better security and transparency.

  Purpose Limitation

  Purpose limitation means organisations use data solely for the intended purpose and don’t share or sell it to third parties. 

  Matomo adheres to this principle by using first-party cookies by default, so there’s no third-party involvement. Matomo offers 100% data ownership, meaning all the data organisations get from our web analytics is of the organisation, and we don’t sell it to any external parties. 

  Compliance with Privacy Regulations

  Matomo aligns with global privacy laws such as GDPR, CCPA, HIPAA, LGPD and PECR. Its compliance features include :

  • Configurable data protection : Matomo can be configured to avoid tracking personally identifiable information (PII).
  • Data subject request tools : These provide mechanisms for handling requests like data deletion or access in accordance with legal frameworks.
  • GDPR manager : Matomo provides a GDPR Manager that helps businesses manage compliance by offering features like visitor log deletion and audit trails to support accountability.

  

  (Image Source)

  Mandarine Academy is a French-based e-learning company. It found that complying with GDPR regulations was difficult with Google Analytics and thought GA4 was hard to use. Therefore, it was searching for a web analytics solution that could help it get detailed feedback on its site’s strengths and friction points while respecting privacy and GDPR compliance. With Matomo, it checked all the boxes.

  Data collaboration : A key use case of PETs

  One specific area where PETs are quite useful is data collaboration. Data collaboration is important for organisations for research and innovation. However, data privacy is at stake. 

  This is where tools like data clean rooms and walled gardens play a significant role. These use one or more types of PETs (they aren’t PETs themselves) to allow for secure data analysis. 

  Walled gardens restrict data access but allow analysis within their platforms. Data clean rooms provide a secure space for data analysis without sharing raw data, often using PETs like encryption. 

  Tackling privacy issues with PETs 

  Amidst data breaches and privacy concerns, organisations must find ways to protect sensitive information while still getting useful insights from their data. Using PETs is a key step in solving these problems as they help protect data and build customer trust. 

  Tools like Matomo help organisations comply with privacy laws while keeping data secure. They also allow individuals to have more control over their personal information, which is why 1 million websites use Matomo.

  In addition to all the nice features, switching to Matomo is easy :

  “We just followed the help guides, and the setup was simple,” said Rob Jones. “When we needed help improving our reporting, the support team responded quickly and solved everything in one step.” 

  To experience Matomo, sign up for our 21-day free trial, no credit card details needed.