Recherche avancée

Sur d’autres sites (8133)

• GDPR Compliance and Personal Data : The Ultimate Guide

  22 septembre 2023, par Erin — GDPR

  According to the International Data Corporation (IDC), the world generated 109 zettabytes of data in 2022 alone, and that number is on track to nearly triple to 291 zettabytes in 2027. For scale, that’s one trillion gigs or one followed by 21 zeros in bytes.

  A major portion of that data is generated online, and the conditions for securing that digital data can have major real-world consequences. For example, online identifiers that fall into the wrong hands can be used nefariously for cybercrime, identity theft or unwanted targeting. Users also want control over how their actions are tracked online and transparency into how their information is used.

  Therefore, regional and international regulations are necessary to set the terms for respecting users’ privacy and control over personal information. Perhaps the most widely known of these laws is the European Union’s General Data Protection Regulation (GDPR).

  What is personal data under GDPR ?

  Under the General Data Protection Regulation (GDPR), “personal data” refers to information linked to an identifiable natural person. An “identifiable natural person” is someone directly or indirectly recognisable via individually specific descriptors such as physical, genetic, economic, cultural, employment and social details.

  It’s important to note that under GDPR, the definition of personal data is very broad, and it encompasses both information that is commonly considered personal (e.g., names and addresses) and more technical or specialised data (e.g., IP addresses or device IDs) that can be used to identify individuals indirectly.

  Organisations that handle personal data must adhere to strict rules and principles regarding the processing and protection of this data to ensure individuals’ privacy rights are respected and upheld.

  Personal data can include, but is not limited to, the following :

  1. Basic Identity Information : This includes a person’s name, government-issued ID number, social address, phone number, email address or other similar identifiers.
  2. Biographical Information : Details such as date of birth, place of birth, nationality and gender.
  3. Contact Information : Information that allows communication with the individual, such as phone numbers, email addresses or mailing addresses.
  4. Financial Information : Data related to a person’s finances, including credit card numbers, bank account numbers, income records or financial transactions.
  5. Health and Medical Information : Information about a person’s health, medical history or healthcare treatments.
  6. Location Data : Data that can pinpoint a person’s geographical location, such as GPS coordinates or information derived from mobile devices.
  7. Online Identifiers : Information like IP addresses, cookies or other online tracking mechanisms that can be used to identify or track individuals online.
  8. Biometric Data : Unique physical or behavioural characteristics used for identification, such as fingerprints, facial recognition data or voiceprints.

  Sensitive Data

  Sensitive data is a special category of personal data prohibited from processing unless specific conditions are met, including users giving explicit consent. The data must also be necessary to fulfil one or more of a limited set of allowed purposes, such as reasons related to employment, social protections or legal claims.

  Sensitive information includes details about a person’s racial or ethnic origin, sexual orientation, political opinions, religion, trade union membership, biometric data or genetic data.

  What are the 7 main principles of GDPR ?

  The 7 principles of GDPR guide companies in how to properly handle personal data gathered from their users.

  

  The seven principles of GDPR are :

  1. Lawfulness, fairness and transparency

  Lawfulness means having legal grounds for data processing, such as consent, legitimate interests, contract and legal obligation. If you can achieve your objective without processing personal data, the basis is no longer lawful.

  Fairness means you’re processing data reasonably and in line with users’ best interests, and they wouldn’t be shocked if they find out what you’re using it for.

  Transparency means being open regarding when you’re processing user data, what you’re using it for and who you’re collecting it from.

  To get started with this, use our guide on creating a GDPR-compliant privacy policy.

  2. Purpose limitation

  You should only process user data for the original purposes you communicated to users when requesting their explicit consent. If you aim to undertake a new purpose, it must be compatible with the original stated purpose. Otherwise, you’ll need to ask for consent again.

  3. Data minimisation

  You should only collect as much data as you need to accomplish compliant objectives and nothing more, especially not other personally identifiable information (PII).

  Matomo provides several features for extensive data minimisation, including the ability to anonymize IP addresses.

  Data minimisation is well-liked by users. Around 70% of people have taken active steps towards protecting their identity online, so they’ll likely appreciate any principles that help them in this effort.

  

  4. Accuracy

  The user data you process should be accurate and up-to-date where necessary. You should have reasonable systems to catch inaccurate data and correct or delete it. If there are mistakes that you need to store, then you need to label them clearly as mistakes to keep them from being processed as accurate.

  5. Storage limitation

  This principle requires you to eliminate data you’re no longer using for the original purposes. You must implement time limits, after which you’ll delete or anonymize any user data on record. Matomo allows you to configure your system such that logs are automatically deleted after some time.

  6. Integrity and confidentiality

  This requires that data processors have security measures in place to protect data from threats such as hackers, loss and damage. As an open-source web analytics solution, Matomo enables you to verify its security first-hand.

  7. Accountability

  Accountability means you’re responsible for what you do with the data you collect. It’s your duty to maintain compliance and document everything for audits. Matomo tracks a lot of the data you’d need for this, including activity, task and application logs.

  Who does GDPR apply to ?

  The GDPR applies to any company that processes the personal data of EU citizens and residents (regardless of the location of the company). 

  If this is the first time you’ve heard about this, don’t worry ! Matomo provides tools that allow you to determine exactly what kinds of data you’re collecting and how they must be handled for full compliance. 

  Best practices for processing personal data under GDPR

  Companies subject to the GDPR need to be aware of several key principles and best practices to ensure they process personal data in a lawful and responsible manner.

  Here are some essential practices to implement :

  1. Lawful basis for processing : Organisations must have a lawful basis for processing personal data. Common lawful bases include the necessity of processing for compliance with a legal obligation, the performance of a contract, the protection of vital interests and tasks carried out in the public interest. Your organisation’s legitimate interests for processing must not override the individual’s legal rights. 
  2. Data minimisation : Collect and process only the personal data that is necessary for the specific purpose for which it was collected. Matomo’s anonymisation capabilities help you avoid collecting excessive or irrelevant data.
  3. Transparency : Provide clear and concise information to individuals about how their data will be processed. Privacy statements should be clear and accessible to users to allow them to easily understand how their data is used.
  4. Consent : If you are relying on consent as a lawful basis, make sure you design your privacy statements and consent forms to be usable. This lets you ensure that consent is freely given, specific, informed and unambiguous. Also, individuals must be able to withdraw their consent at any time.
  5. Data subject rights : You must have mechanisms in place to uphold the data subject’s individual rights, such as the rights to access, erase, rectify errors and restrict processing. Establish internal processes for handling such requests.
  6. Data protection impact assessments (DPIAs) : Conduct DPIAs for high-risk processing activities, especially when introducing new technologies or processing sensitive data.
  7. Security measures : You must implement appropriate technical security measures to maintain the safety of personal data. This can include ‌security tools such as encryption, firewalls and limited access controls, as well as organisational practices like regular security assessments. 
  8. Data breach response : Develop and maintain a data breach response plan. Notify relevant authorities and affected individuals of data breaches within the required timeframe.
  9. International data transfers : If transferring personal data outside the EU, ensure that appropriate safeguards are in place and consider GDPR provisions. These provisions allow data transfers from the EU to non-EU countries in three main ways :
     1. When the destination country has been deemed by the European Commission to have adequate data protection, making it similar to transferring data within the EU.
     2. Through the use of safeguards like binding corporate rules, approved contractual clauses or adherence to codes of conduct.
     3. In specific situations when none of the above apply, such as when an individual explicitly consents to the transfer after being informed of the associated risks.
  10. Data protection officers (DPOs) : Appoint a data protection officer if required by GDPR. DPOs are responsible for overseeing data protection compliance within the organisation.
  11. Privacy by design and default : Integrate data protection into the design of systems and processes. Default settings should prioritise user privacy, as is the case with something like Matomo’s first-party cookies.
  12. Documentation : Maintain records of data processing activities, including data protection policies, procedures and agreements. Matomo logs and backs up web server access, activity and more, providing a solid audit trail.
  13. Employee training : Employees who handle personal data must be properly trained to uphold data protection principles and GDPR compliance best practices. 
  14. Third-party contracts : If sharing data with third parties, have data processing agreements in place that outline the responsibilities and obligations of each party regarding data protection.
  15. Regular audits and assessments : Conduct periodic audits and assessments of data processing activities to ensure ongoing compliance. As mentioned previously, Matomo tracks and saves several key statistics and metrics that you’d need for a successful audit.
  16. Accountability : Demonstrate accountability by documenting and regularly reviewing compliance efforts. Be prepared to provide evidence of compliance to data protection authorities.
  17. Data protection impact on data analytics and marketing : Understand how GDPR impacts data analytics and marketing activities, including obtaining valid consent for marketing communications.

  Organisations should be on the lookout for GDPR updates, as the regulations may evolve over time. When in doubt, consult legal and privacy professionals to ensure compliance, as non-compliance could potentially result in significant fines, damage to reputation and legal consequences.

  What constitutes a GDPR breach ?

  Security incidents that compromise the confidentiality, integrity and/or availability of personal data are considered a breach under GDPR. This means a breach is not limited to leaks ; if you accidentally lose or delete personal data, its availability is compromised, which is technically considered a breach.

  What are the penalty fines for GDPR non-compliance ?

  The penalty fines for GDPR non-compliance are up to €20 million or up to 4% of the company’s revenue from the previous fiscal year, whichever is higher. This makes it so that small companies can also get fined, no matter how low-profile the breach is.

  In 2022, for instance, a company found to have mishandled user data was fined €2,000, and the webmaster responsible was personally fined €150.

  Is Matomo GDPR compliant ?

  Matomo is fully GDPR compliant and can ensure you achieve compliance, too. Here’s how :

  • Data anonymization and IP anonymization
  • GDPR Manager that helps you identify gaps in your compliance and address them effectively
  • Users can opt-out of all tracking
  • First-party cookies by default
  • Users can view the data collected
  • Capabilities to delete visitor data when requested
  • You own your data and it is not used for any other purposes (like advertising)
  • Visitor logs and profiles can be disabled
  • Data is stored in the EU (Matomo Cloud) or in any country of your choice (Matomo On-Premise)

  Is there a GDPR in the US ?

  There is no GDPR-equivalent law that covers the US as a whole. That said, US-based companies processing data from persons in the EU still need to adhere to GDPR principles.

  While there isn’t a federal data protection law, several states have enacted their own. One notable example is the California Consumer Privacy Act (CCPA), which Matomo is fully compliant with.

  Ready for GDPR-compliant analytics ?

  The GDPR lays out a set of regulations and penalties that govern the collection and processing of personal data from EU citizens and residents. A breach under GDPR attracts a fine of either up to €20 million or 4% of the company’s revenue, and the penalty applies to companies of all sizes.

  Matomo is fully GDPR compliant and provides several features and advanced privacy settings to ensure you ‌are as well, without sacrificing the resources you need for effective analytics. If you’re ready to get started, sign up for a 21-day free trial of Matomo — no credit card required.

  Disclaimer
  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.

• Privacy-enhancing technologies : Balancing data utility and security

  18 juillet, par Joe

  In the third quarter of 2024, data breaches exposed 422.61 million records, affecting millions of people around the world. This highlights the need for organisations to prioritise user privacy. 

  Privacy-enhancing technologies can help achieve this by protecting sensitive information and enabling safe data sharing. 

  This post explores privacy-enhancing technologies, including their types, benefits, and how our website analytics platform, Matomo, supports them by providing privacy-focused features.

  What are privacy-enhancing technologies ? 

  Privacy Enhancing Technologies (PETs) are tools that protect personal data while allowing organisations to process information responsibly. 

  In industries like healthcare, finance and marketing, businesses often need detailed analytics to improve operations and target audiences effectively. However, collecting and processing personal data can lead to privacy concerns, regulatory challenges, and reputational risks.

  PETs minimise the collection of sensitive information, enhance security and allow users to control how companies use their data. 

  Global privacy laws like the following are making PETs essential for compliance :

  • General Data Protection Regulation (GDPR) in the European Union
  • California Consumer Privacy Act (CCPA) in California
  • Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada
  • Lei Geral de Proteção de Dados (LGPD) in Brazil

  Non-compliance can lead to severe penalties, including hefty fines and reputational damage. For example, under GDPR, organisations may face fines of up to €20 million or 4% of their global annual revenue for serious violations. 

  Types of PETs 

  What are the different types of technologies available for privacy protection ? Let’s take a look at some of them. 

  Homomorphic encryption

  Homomorphic encryption is a cryptographic technique in which users can perform calculations on cipher text without decrypting it first. When the results are decrypted, they match those of the same calculation on plain text. 

  This technique keeps data safe during processing, and users can analyse data without exposing private or personal data. It is most useful in financial services, where analysts need to protect sensitive customer data and secure transactions. 

  Despite these advantages, homomorphic encryption can be complex to compute and take longer than other traditional methods. 

  Secure Multi-Party Computation (SMPC)

  SMPC enables joint computations on private data without revealing the raw data. 

  In 2021, the European Data Protection Board (EDPB) issued technical guidance supporting SMPC as a technology that protects privacy requirements. This highlights the importance of SMPC in healthcare and cybersecurity, where data sharing is necessary but sensitive information must be kept safe. 

  For example, several hospitals can collaborate on research without sharing patient records. They use SMPC to analyse combined data while keeping individual records confidential. 

  Synthetic data

  Synthetic data is artificially generated to mimic real datasets without revealing actual information. It is useful for training models without compromising privacy. 

  Imagine a hospital wants to train an AI model to predict patient outcomes based on medical records. Sharing real patient data, however, poses privacy challenges, so that can be changed with synthetic data. 

  Synthetic data may fail to capture subtle nuances or anomalies in real-world datasets, leading to inaccuracies in AI model predictions.

  Pseudonymisation

  Pseudonymisation replaces personal details with fake names or codes, making it hard to determine who the information belongs to. This helps keep people’s personal information safe. Even if someone gets hold of the data, it’s not easy to connect it back to real individuals. 

  

  Pseudonymisation works differently from synthetic data, though both help protect individual privacy. 

  When we pseudonymise, we take factual information and replace the bits that could identify someone with made-up labels. Synthetic data takes an entirely different approach. It creates new, artificial information that looks and behaves like real data but doesn’t contain any details about real people.

  Differential privacy

  Differential privacy adds random noise to datasets. This noise helps protect individual entries while still allowing for overall analysis of the data. 

  It’s useful in statistical studies where trends need to be understood without accessing personal details.

  For example, imagine a survey about how many hours people watch TV each week. 

  Differential privacy would add random variation to each person’s answer, so users couldn’t tell exactly how long John or Jane watched TV. 

  However, they could still see the average number of hours everyone in the group watched, which helps researchers understand viewing habits without invading anyone’s privacy.

  Zero-Knowledge Proofs (ZKP)

  Zero-knowledge proofs help verify the truth without exposing sensitive details. This cryptographic approach lets someone prove they know something or meet certain conditions without revealing the actual information behind that proof.

  Take ZCash as a real-world example. While Bitcoin publicly displays every financial transaction detail, ZCash offers privacy through specialised proofs called Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARKs). These mathematical proofs confirm that a transaction follows all the rules without broadcasting who sent money, who received it, or how much changed hands.

  The technology comes with trade-offs, though. 

  Creating and checking these proofs demands substantial computing power, which slows down transactions and drives up costs. Implementing these systems requires deep expertise in advanced cryptography, which keeps many organisations from adopting them despite their benefits.

  Trusted Execution Environment (TEE)

  TEEs create special protected zones inside computer processors where sensitive code runs safely. These secure areas process valuable data while keeping it away from anyone who shouldn’t see it.

  TEEs are widely used in high-security applications, such as mobile payments, digital rights management (DRM), and cloud computing.

  Consider how companies use TEEs in the cloud : A business can run encrypted datasets within a protected area on Microsoft Azure or AWS Nitro Enclaves. Due to this setup, even the cloud provider can’t access the private data or see how the business uses it. 

  TEEs do face limitations. Their isolated design makes them struggle with large or spread-out computing tasks, so they don’t work well for complex calculations across multiple systems.

  Different TEE implementations often lack standardisation, so there can be compatibility issues and dependence on specific vendors. If the vendor stops the product or someone discovers a security flaw, switching to a new solution often proves expensive and complicated.

  Obfuscation (Data masking)

  Data masking involves replacing or obscuring sensitive data to prevent unauthorised access. 

  It replaces sensitive data with fictitious but realistic values. For example, a customer’s credit card number might be masked as “1234-XXXX-XXXX-5678.” 

  The original data is permanently altered or hidden, and the masked data can’t be reversed to reveal the original values.

  Federated learning

  Federated learning is a machine learning approach that trains algorithms across multiple devices without centralising the data. This method allows organisations to leverage insights from distributed data sources while maintaining user privacy.

  For example, NVIDIA’s Clara platform uses federated learning to train AI models for medical imaging (e.g., detecting tumours in MRI scans). 

  Hospitals worldwide contribute model updates from their local datasets to build a global model without sharing patient scans. This approach may be used to classify stroke types and improve cancer diagnosis accuracy.

  Now that we have explored the various types of PETs, it’s essential to understand the principles that guide their development and use. 

  Key principles of PET (+ How to enable them with Matomo) 

  PETs are based on several core principles that aim to balance data utility with privacy protection. These principles include :

  Data minimisation

  Data minimisation is a core PET principle focusing on collecting and retaining only essential data.

  Matomo, an open-source web analytics platform, helps organisations to gather insights about their website traffic and user behaviour while prioritising privacy and data protection. 

  Recognising the importance of data minimisation, Matomo offers several features that actively support this principle :

  • Cookieless tracking : Eliminates reliance on cookies, reducing unnecessary data collection.
  • IP anonymisation : Automatically anonymises IP addresses, preventing identification of individual users.

  

  (Image Source)

  • Custom data retention policies : Allows organisations to define how long user data is stored before automatic deletion.

  7Assets, a fintech company, was using Google Analytics and Plausible as their web analytics tools. 

  However, with Google Analytics, they faced a problem of unnecessary data tracking, which created legal work overhead. Plausible didn’t have the features for the kind of analysis they wanted. 

  They switched to Matomo to enjoy the balance of privacy yet detailed analytics. With Matomo, they had full control over their data collection while also aligning with privacy and compliance requirements.

  Transparency and User Control

  Transparency and user control are important for trust and compliance. 

  Matomo enables these principles through :

  • Consent management : Offers integration with Consent Mangers (CMPs), like Cookiebot and Osano, for collecting and managing user consent.
  • Respect for DoNotTrack settings : Honours browser-based privacy preferences by default, empowering users with control over their data.

  

  (Image Source)

  • Opt-out mechanisms : These include iframe features that allow visitors to opt out of tracking. 

  Security and Confidentiality

  Security and confidentiality protect sensitive data against inappropriate access. 

  Matomo achieves this through :

  • On-premise hosting : Gives organisations the ability to host analytics data on-site for complete data control.
  • Data security : Protects stored information through access controls, audit logs, two-factor authentication and SSL encryption.
  • Open source code : Enables community reviews for better security and transparency.

  Purpose Limitation

  Purpose limitation means organisations use data solely for the intended purpose and don’t share or sell it to third parties. 

  Matomo adheres to this principle by using first-party cookies by default, so there’s no third-party involvement. Matomo offers 100% data ownership, meaning all the data organisations get from our web analytics is of the organisation, and we don’t sell it to any external parties. 

  Compliance with Privacy Regulations

  Matomo aligns with global privacy laws such as GDPR, CCPA, HIPAA, LGPD and PECR. Its compliance features include :

  • Configurable data protection : Matomo can be configured to avoid tracking personally identifiable information (PII).
  • Data subject request tools : These provide mechanisms for handling requests like data deletion or access in accordance with legal frameworks.
  • GDPR manager : Matomo provides a GDPR Manager that helps businesses manage compliance by offering features like visitor log deletion and audit trails to support accountability.

  

  (Image Source)

  Mandarine Academy is a French-based e-learning company. It found that complying with GDPR regulations was difficult with Google Analytics and thought GA4 was hard to use. Therefore, it was searching for a web analytics solution that could help it get detailed feedback on its site’s strengths and friction points while respecting privacy and GDPR compliance. With Matomo, it checked all the boxes.

  Data collaboration : A key use case of PETs

  One specific area where PETs are quite useful is data collaboration. Data collaboration is important for organisations for research and innovation. However, data privacy is at stake. 

  This is where tools like data clean rooms and walled gardens play a significant role. These use one or more types of PETs (they aren’t PETs themselves) to allow for secure data analysis. 

  Walled gardens restrict data access but allow analysis within their platforms. Data clean rooms provide a secure space for data analysis without sharing raw data, often using PETs like encryption. 

  Tackling privacy issues with PETs 

  Amidst data breaches and privacy concerns, organisations must find ways to protect sensitive information while still getting useful insights from their data. Using PETs is a key step in solving these problems as they help protect data and build customer trust. 

  Tools like Matomo help organisations comply with privacy laws while keeping data secure. They also allow individuals to have more control over their personal information, which is why 1 million websites use Matomo.

  In addition to all the nice features, switching to Matomo is easy :

  “We just followed the help guides, and the setup was simple,” said Rob Jones. “When we needed help improving our reporting, the support team responded quickly and solved everything in one step.” 

  To experience Matomo, sign up for our 21-day free trial, no credit card details needed. 

• GA360 Sunset : Is Now the Time to Switch ?

  20 mai 2024, par Erin

  Google pushed the sunset date of Universal Analytics 360 to July 2024, giving enterprise users more time to transition to Google Analytics 4. This extension is also seen by some as time to find a suitable alternative. 

  While Google positions GA4 as an upgrade to Universal Analytics, the new platform has faced its fair share of backlash. 

  So before you rush to meet the new sunset deadline, ask yourself this question : Is now the time to switch to a Google Analytics alternative ?

  In this article, we’ll explain what the new GA360 sunset date means and show you what you could gain by choosing a privacy-friendly alternative. 

  What’s happening with the final GA360 sunset ?

  Google has given Universal Analytics 360 properties with a current 360 licence a one-time extension, which will end on 1 July 2024.

  Why did Google extend the sunset ?

  In a blog post on Google, Russell Ketchum, Director of Product Management at Google Analytics, provided more details about the final GA360 sunset. 

  In short, the tech giant realised it would take large enterprise accounts (which typically have complex analytics setups) much longer to transition smoothly. The extension gives them time to migrate to GA4 and check everything is tracking correctly. 

  What’s more, Google is also focused on improving the GA4 experience before more GA360 users migrate :

  “We’re focusing our efforts and investments on Google Analytics 4 to deliver a solution built to adapt to a changing ecosystem. Because of this, throughout 2023 we’ll be shifting support away from Universal Analytics 360 and will move our full focus to Google Analytics 4 in 2024. As a result, performance will likely degrade in Universal Analytics 360 until the new sunset date.”

  Despite the extension, the July sunset is definitive. 

  Starting the week of 1 July 2024, you won’t be able to access any Universal Analytics properties or the API (not even with read-only access), and all data will be deleted.

  In other words, it’s not just data collection that will cease at the start of July. You won’t be able to access the platform, and all your data will be deleted. 

  What GA360 features is Google deprecating, and when ?

  If you’re wondering which GA360 features are being deprecated and when, here is the timeline for Google’s final GA360 sunset :

  • 1 January 2024 : From the beginning of the year, Google doesn’t guarantee all features and functionalities in UA 360 will continue to work as expected. 
  • 29 January 2024 : Google began deprecating a string of advertising and measurement features as it shifts resources to focus on GA4. These features include :
    • Realtime reports
    • Lifetime Value report
    • Model Explorer
    • Cohort Analysis
    • Conversion Probability report
    • GDN Impression Beta
  • Early March 2024 : Google began deprecating more advertising and measurement features. Deprecated advertising features include Demographic and Interest reports, Publisher reporting, Phone Analytics, Event and Salesforce Data Import, and Realtime BigQuery Export. Deprecated measurement features include Universal Analytics property creation, App Views, Unsampled reports, Custom Tables and annotations.
  • Late March 2024 : This is the last recommended date for migration to GA4 to give users three months to validate data and settings. By this date, Google recommends that you migrate your UA’s Google Ads links to GA4, create new Google Ad conversions based on GA4 events, and add GA4 audiences to campaigns and ad groups for retargeting. 
  • 1 July 2024 : From 1 July 2024, you won’t be able to access any UA properties, and all data will be deleted.

  What’s different about GA4 360 ? 

  GA4 comes with a new set of metrics, setups and reports that change how you analyse your data. We highlight the key differences between Universal Analytics and GA4 below. 

  

  New dashboard

  The layout of GA4 is completely different from Universal Analytics, so much so that the UX can be very complex for first-time and experienced GA users alike. Reports or metrics that used to be available in a couple of clicks in UA now take five or more to find. While you can do more in theory with GA4, it takes much more work. 

  New measurements

  The biggest difference between GA4 and UA is how Google measures data. GA4 tracks events — and everything counts as an event. That includes pageviews, scrolls, clicks, file downloads and contact form submissions. 

  The idea is to anonymise data while letting you track complex buyer journeys across multiple devices. However, it can be very confusing, even for experienced marketers and analysts. 

  New metrics

  You won’t be able to track the same metrics in GA4 as in Universal Analytics. Rather than bounce rate, for example, you are forced to track engagement rate, which is the percentage of engaged sessions. These sessions last at least ten seconds, at least two pageviews or at least one conversion event. 

  Confused ? You’re not alone. 

  New reports

  Most reports you’ll be familiar with in Universal Analytics have been replaced in GA4. The new platform also has a completely different reporting interface, with every report grouped under the following five headings : realtime, audience, acquisition, behaviour and conversions. It can be hard for experienced marketers, let alone beginners, to find their way around these new reports. 

  AI insights

  GA4 has machine learning (ML) capabilities that allow you to generate AI insights from your data. Specifically, GA4 has predictive analytics features that let you track three trends : 

  • Purchase probability : the likelihood that a consumer will make a purchase in a given timeframe.
  • Churn probability : the likelihood a customer will churn in a given period.
  • Predictive revenue : the amount of revenue a user is likely to generate over a given period. 

  Google generates these insights using historical data and machine learning algorithms. 

  Cross-platform capabilities

  GA4 also offers cross-platform capabilities, meaning it can track user interactions across websites and mobile apps, giving businesses a holistic view of customer behaviour. This allows for better decision-making throughout the customer journey.

  Does GA4 360 come with other risks ?

  Aside from the poor usability, complexity and steep learning curve, upgrading your GA360 property to GA4 comes with several other risks.

  GA4 has a rocky relationship with privacy regulations, and while you can use it in a GDPR-compliant way at the moment, there’s no guarantee you’ll be able to do so in the future. 

  This presents the prospect of fines for non-compliance. A worse risk, however, is regulators forcing you to change web analytics platforms in the future—something that’s already happened in the EU. Migrating to a new application can be incredibly painful and time-consuming, especially when you can choose a privacy-friendly alternative that avoids the possibility of this scenario. 

  If all this wasn’t bad enough, switching to GA4 risks your historical Universal Analytics data. That’s because you can’t import Universal Analytics data into GA4, even if you migrate ahead of the sunset deadline.

  Why you should consider a GA4 360 alternative instead

  With the GA360 sunset on the horizon, what are your options if you don’t want to deal with GA4’s problems ? 

  The easiest solution is to migrate to a GA4 360 alternative instead. And there are plenty of reasons to migrate from Google Analytics to a privacy-friendly alternative like Matomo. 

  Keep historical data

  As we’ve explained, Google isn’t letting users import their Universal Analytics data from GA360 to GA4. The easiest way to keep it is by switching to a Google Analytics alternative like Matomo that lets you import your historical data. 

  Any business using Google Analytics, whether a GA360 user or otherwise, can import data into Matomo using our Google Analytics Importer plugin. It’s the best way to avoid disruption or losing data when moving on from Universal Analytics.

  Collect 100% accurate data

  Google Analytics implements data sampling and machine learning to fill gaps in your data and generate the kind of predictive insights we mentioned earlier. For standard GA4 users, data sampling starts at 10 million events. For GA4 360 users, data sampling starts at one billion events. Nevertheless, Google Analytics data may not accurately reflect your web traffic. 

  You can fix this using a Google Analytics alternative like Matomo that doesn’t use data sampling. That way, you can be confident that your data-driven decisions are being made with 100% accurate user data. 

  Try Matomo for Free

  Get the web insights you need, without compromising data accuracy.

  Start for free

  No credit card required

  Guarantee user privacy first

  Google has a stormy relationship with the EU-US Data Privacy Framework—being banned and added back to the framework in recent years.

  Currently, organisations governed by GDPR can use Google Analytics to collect data about EU residents, but there’s no guarantee of their ability to do so in the future. Nor does the Framework prevent Google from using EU customer data for ulterior purposes such as marketing and training large language models. 

  By switching to a privacy-focused alternative like Matomo, you don’t have to worry about your user’s data ending up in the wrong hands.

  Upgrade to an all-in-one analytics tool

  Switching from Google Analytics can actually give organisations access to more features. That’s because some GA4 alternatives, like Matomo, offer advanced conversion optimisation features like heatmaps, session recordings, A/B testing, form analytics and more right out of the box. 

  

  This makes Matomo a great choice for marketing teams that want to minimise their tech stack and use one tool for both web and behavioural analytics. 

  Get real-time reports

  GA4 isn’t the best tool for analysing website visitors in real time. That’s because it can take up to 4 hours to process new reports in GA360.

  However, Google Analytics alternatives like Matomo have a range of real-time reports you can leverage.

  

  In Matomo, the Real Time Visitor World Map and other reports are processed every 15 minutes. There is also a Visits in Real-time report, which refreshes every five seconds and shows a wealth of data for each visitor. 

  Matomo makes migration easy

  Whether it’s the poor usability, steep learning curve, inaccurate data or privacy issues, there’s every reason to think twice about migrating your UA360 account to GA4. 

  So why not migrate to a Google Analytics alternative like Matomo instead ? One that doesn’t sample data, guarantees your customers’ privacy, offers all the features GA4 doesn’t and is already used by over 1 million sites worldwide.

  Making the switch is easy. Matomo is one of the few web analytics tools that lets you import historical Google Analytics data. In doing so, you can continue to access your historical data and develop more meaningful insights by not having to start from scratch.

  If you’re ready to start a Google Analytics migration, you can try Matomo free for 21 days — no credit card required. 

  Try Matomo for Free

  21 day free trial. No credit card required.

  
  

  Your email address
  

  Your website address
  

  Your Analytics subdomain will be .matomo.cloud (change)

  Choose your analytics subdomain
  

  .matomo.cloud

  I accept the terms and conditions and data processing agreement (DPA)

  
  Your information will be used to create an account on our cloud service. For more information please consult our privacy policy.
  
  
  

  Start improving your websites now