Recherche avancée

Sur d’autres sites (8701)

• How to not process any personal data with Matomo and what it means for you

  22 avril 2018, par InnoCraft

  Disclaimer : this blog post has been written by digital analysts, not lawyers. The purpose of this article is to explain how to not process any personal data with Matomo in order to avoid going through the GDPR compliance process with Matomo analytics. This work comes from our interpretation of different sources : the official GDPR text and the UK privacy commission : ICO resources. It cannot be considered as a professional legal advice. So as GDPR, this information is subject to change. GDPR may be also known as RGPD in French, Spanish, Portuguese, Datenschutz-Grundverordnung, DS-GVO in German, Algemene verordening gegevensbescherming in Dutch, Regolamento generale sulla protezione dei dati in Italian.

  Are you looking for a way to not process any personal data with Matomo ? If the answer is yes, you are at the right place. From our understanding, if you are not processing personal data, then you shouldn’t be concerned about GDPR. Our inspiration came from this official reference :

  “The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.“

  In this blog post we are going to see how you can configure Matomo in order to not process any personal data and what the consequences are.

  Which data is considered as personal according to GDPR ?

  From : eur-lex.europa.eu

  (1) “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’) ; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person ;”

  (30) “Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”

  So according to your Matomo configuration, it may leave some traces within the following data :

  1. IP addresses
  2. Cookies identifiers
  3. Page URL or page titles
  4. User ID and Custom “personal” data
  5. Ecommerce order IDs
  6. Location
  7. Heatmaps & Session Recordings

  Let’s see each of them in more detail.

  1. IP addresses

  IP addresses can indirectly identify an individual. It can also give a good approximation of an individual’s location.

  IP addresses are therefore considered as personal data which means you need to anonymize them. To do so, a feature is available within Matomo, where you can anonymize the IP. We recommend you to anonymize at least the last two bytes :

  

  See our configuration guide for more information

  What are the consequences of using this feature ?

  When applying IP anonymization on two bytes, you will no longer be able to see the full IP in the UI.

  Moreover, there is a small chance that 2 different visitors with the same device and software configuration will be identified as the same visitor if the anonymised IP address is the same for both.

  2. Cookies

  It is not clear for us yet if all cookies are considered equal under GDPR. At this stage it is too early to make a definite decision.

  Did you know ? Matomo lets you optionally disable the creation of cookies by adding an extra line of code to your tracking code see below.

  

  See our configuration guide for more information

  What are the consequences of using this feature ?

  Matomo is using a few first party cookies, and the following cookies may hold personal data :

  • _pk_id : contains a visitor id used to identify unique visitors
  • _pk_ref : to identify from where they came from

  If Matomo cannot set cookies, it will use a technique called Fingerprint. It is based on several metadata such as the operating system, browser, browser plugins, IP address, browser language ; just to name a few to identify a unique visitor. As this feature is less accurate than the one using cookies, the number of visitors and visits will be affected.

  3. Page URLs and page titles

  URLs are not mentioned within the official GDPR text. However, we know that according to the different CMS you use, some of them may have URLs including personal identifiers.

  For example :

  

  As a result, you need to find a way to anonymize this data.

  There are several ways you can perform this action according to your website. If your website is adding the personal data through query parameters, you can define a rule to exclude them from Matomo.

  If the personal data are not included within query parameters, you can use the “setCustomURL” feature and write your code as follow :

  

  See our developer documentation for more information

  If you are also processing personal data within the title tag, you can use the following function : “setDocumentTitle”.

  What are the consequences of using this feature ?

  By anonymizing the URLs containing personal data, some of your  URLs will be grouped together.

  4. User ID and custom personal data

  User ID is a feature (a tracking code needs to be added) which allows you to identify the same user across different devices.

  A User ID needs a corresponding database in order to link a user across different devices, it can be an email, a username, a name, a random number… All those data are either direct or non direct online identifiers and are therefore under the scope of GDPR.

  It will be the same situation if you are using custom variables and/or custom dimensions in order to push personal data to the system.

  To continue using the User ID feature but not recording personal data, you can consider using a hash function which will anonymize/convert your actual User ID into something like “3jrj3j34434834urj33j3”.

  Alternatively, you can enable the feature “Anonymise User IDs”. This feature will be available starting in Matomo 3.5.0 :

  

  What are the consequences of using this feature ?

  Under GDPR, User ID is personal data. Anonymizing the User ID using a hash function or our built-in functionality make the User Id pseudo-anonymous, which means it can’t be easily identified to a specific user. As a result, you will still get accurate visits and unique visitors metrics, and the Visitor Profile, but without tracking the original User ID which is personal data.

  5. Ecommerce order IDs

  Order IDs are the reference number assigned to the products/services bought by your customers. As this information can be crossed with your internal database, it is considered as an online identifier and is therefore under the scope of GDPR. As for User ID, you can anonymize order IDs using our built-in functionality to Anonymise Order IDs (see section 4. about User Id).

  What are the consequences of anonymizing order ID ?

  It really depends on your former use of order IDs. If you were not using them in the past then you should not see any difference.

  6. Location

  Based on the IP address of a visitor, Matomo can detect the visitors location. Location data is problematic for privacy as this technology has become quite accurate and can detect not only the city a visitor is from, but sometimes an even more precise position of a visitor.

  

  In order to not leave any accurate traces, we strongly recommend you to enable the IP anonymization feature. Next, you need to enable the setting “Also use the anonymized IP address when enriching visits”. You find this setting directly below the IP anonymization. This is important as otherwise the full IP address will be used to geolocate a visitor.

  

  What are the consequences of anonymizing location data ?

  The more bytes you anonymize from the IP, the more anonymized your location will be. When you remove two bytes as suggested, the city and region location reports will not be as accurate. In some cases even the country may not be detected correctly anymore.

  7. Heatmaps & Session Recordings

  Heatmaps & Session Recording is a premium feature in Matomo allowing you to see where users click, hover, type and scroll. With session recordings you can then replay their actions in a video.

  Heatmaps & Session Recordings are under the scope of GDPR as they can disclose in some specific cases (for example : filling a contact form) personal data :

  

  To avoid this, Matomo will anonymize all keystrokes which a user enters into a form field unless you specifically whitelist a field. Many fields that could contain personal data, such as a credit card, phone number, email address, password, social security number, and more are always anonymized and not recorded.

  See our configuration guide for more information

  Note that a page may still show personal information within the page as part of regular content (not a form element). For example an address, or the profile page of a forum user. We have added a feature which allows you to set an HTML attribute “data-matomo-mask” to anonymize any personal content shown in the UI.

  What are the consequences of using this feature ?

  Mainly, you will not be able to see in plain text what people are entering into your forms.

  What should you do with past data ?

  Once more, we have to say that we are not lawyers. So do not take our answers as legal advice. From : ec.europa.eu/newsroom/article29/document.cfm ?doc_id=50053

  “For example, as the GDPR requires that a controller must be able to demonstrate that valid consent was obtained, all presumed consents of which no references are kept will automatically be below the consent standard of the GDPR and will need to be renewed.”

  Our interpretation is that, if you were previously relying on consent, unless you can demonstrate that valid consent was obtained, you need to get the consent back (which is almost impossible) or you need to anonymize or remove that data.

  To anonymize previously tracked data, we are actively working on a feature to do just that directly within Matomo. Alternatively, you may also set up the deletion of logs after a certain amount of time.

  We really hope you enjoyed reading this article. GDPR is still on the go and we are pretty sure you have a lot of questions about it. You probably would like to share our vision about it. So do not hesitate to ask us through our contact form to see how we are interpreting GDPR at Matomo and InnoCraft.

  The post How to not process any personal data with Matomo and what it means for you appeared first on Analytics Platform - Matomo.

• On-premise analytics demand grows as Google Analytics GDPR uncertainties continue

  7 janvier 2020, par Jake Thornton — Privacy

  The Google Analytics GDPR relationship is a complicated one. Website owners in states like Berlin in Germany are now required to ask users for consent to collect their data. This doesn’t make for the friendliest user-experience and often the website visitor will simply click “no.”

  The problem Google Analytics now presents website owners in the EU is with more visitors clicking “no”, the less accurate your data will become.

  Why do you need to ask your visitors for consent ?

  At this stage it’s simply because Google Analytics collects data for its own purposes. An example of this is using your visitor’s personal data for retargeting purposes across their advertising platforms like Google Ads and YouTube. 

  Google’s Privacy & Terms states : “when you visit a website that uses advertising services like AdSense, including analytics tools like Google Analytics, or embeds video content from YouTube, your web browser automatically sends certain information to Google. This includes the URL of the page you’re visiting and your IP address. We may also set cookies on your browser or read cookies that are already there. Apps that use Google advertising services also share information with Google, such as the name of the app and a unique identifier for advertising.”

  

  The rise of hosting web analytics on-premise

  Managing Google Analytics and GDPR can quickly become complicated, so there’s been an increase in website owners switching from cloud-hosted web analytics platforms, like Google Analytics, to more GDPR compliant alternatives, where you can host web analytics software on your own servers. This is called hosting web analytics on-premise.

  Hosting web analytics on your own servers means :

  No third-parties are involved

  The visitor data your website collects is stored on your own internal infrastructure. This means no third-parties are involved and there’s no risk of personal data being used in the way Google Analytics uses it e.g. sending personal data to its advertising platforms. 

  When you sign up with Google Analytics you sign away control of your user’s personal data. With on-premise website analytics, you own your data and are in full control.

  NOTE : Though Google Analytics uses personal data for its own purposes, not all cloud hosted web analytics platforms do this. As an example, Matomo Analytics Cloud hosted solution states that all personal data collected is not used for its own purposes and that Matomo has no rights in accessing or using this personal data. 

  

  You control where in the world your personal data is stored

  Google Analytics servers are based out of USA, Europe and Asia, so where your personal data will end up is uncertain and you don’t have the option to choose which location it goes to when using free Google Analytics.

  Different countries have different laws when it comes to accessing personal data. When you choose to host your web analytics on-premise, you can choose the location of your servers and where the personal data is stored.

  More flexibility

  With self-hosted web analytics platforms like Matomo On-Premise, you can extend the platform to do anything you want without the restrictions that cloud hosted platforms impose.

  You can :

  • Get full access to the source code of open-source solutions, like Matomo
  • Extend the platform however you want for your business
  • Get access to APIs
  • Have no data limitations or restrictions
  • Get RAW data access
  • Have control over security

  >> Read more about on-premise flexibility for web analytics here

  

  So what does the future look like for Google Analytics and GDPR ?

  It’s difficult to assess this right now. How exactly GDPR is enforced is still quite unclear. 

  What is clear however, is now website owners in Berlin using Google Analytics are lawfully required to ask their visitors for consent to collect personal data. It has been reported that Google Analytics has already received 200,000 complaints in Germany alone and it appears this trend is likely to continue across much of the EU.

  When using Google Analytics in the EU you must also ensure your privacy policy is updated so website visitors are aware that data is being collected through Google Analytics for its own purposes.

  Moving to a web analytics on-premise platform

  Matomo Analytics is the #1 open-source web analytics platform in the world and has been rated as an exceptional alternative to Google Analytics. Check the reviews on Capterra.

  Choosing Matomo On-Premise means you can control exactly where your data is stored, you have full flexibility to customise the platform to do what you want and it’s FREE.

  Matomo’s mission is to give control back to website owners and the team has designed the platform so that moving away from Google Analytics is seamless. Matomo offers most of your favourite Google Analytics features, a leaner interface to navigate, and the option to add free and paid premium features that Google Analytics can’t even offer you.

  And now you can import your historical Google Analytics data directly into your Matomo with the Google Analytics Importer plugin.

  DOWNLOAD MATOMO (FREE)

  And if you can’t host web analytics on your own servers ...

  Hosting web analytics on-premise is not an option for all businesses as you do need the internal infrastructure and technical knowledge to host your own platform.

  If you can’t self-host, then Matomo has a Cloud hosted solution you can easily install and operate like Google Analytics, which is hosted on Matomo’s servers in the EU. 

  The GDPR advantages of choosing Matomo Cloud over Google Analytics are :

  • Servers are secure and based in the EU (strict laws forbid outside access)
  • 100% data ownership – we never use data for our own purposes
  • You can export your data anytime and switch to Matomo On-Premise whenever you like
  • User-privacy protection
  • Advanced GDPR Manager and data anonymisation features which GA doesn’t offer

  

  Interested to learn more ?

  If you are wanting to learn more about why users are making the move from Google Analytics to Matomo, check out our Matomo Analytics vs Google Analytics comparison page.

  >> Matomo Analytics vs Google Analytics

• Switch to Matomo for WordPress from Google Analytics

  10 mars 2020, par Joselyn Khor — Plugins, Privacy
  While Google Analytics may seem like a great plugin option on the WordPress directory, we’d like to present a new ethical alternative called Matomo for WordPress, which gives you 100% data ownership and privacy protection.

  Firstly what does Google Analytics offer in WordPress ?

  When you think of getting insights about visitors on your WordPress (WP) sites, the first thing that comes to mind might be Google Analytics. Why not right ? Especially when there are good free Google Analytics plugins, like Monster Insights and Site Kit. 

  These give you access to a great analytics platform, but the downside with Google Analytics is the lack of transparency around privacy and data ownership.

  

  Matomo Analytics for WordPress is an ethical alternative to Google Analytics for WordPress

  If you’re more interested in a privacy-respecting, GDPR compliant alternative, there’s now a new option on the WP plugins directory : Matomo Analytics – Ethical Stats. Powerful Insights. 

  It’s free and can be considered the #1 ethical alternative to Google Analytics in terms of features and capabilities. Why is it important to choose a web analytics platform that respects privacy ?

  

  Risk facing fines for non-GDPR compliance and privacy/data breaches

  In Europe there’s an overarching privacy law called GDPR which provides better privacy protection for EU citizens on the web. 

  Websites need to be GDPR compliant and follow rules governing how personal data is used or risk facing fines up to 4% of their yearly revenue for data/privacy breaches or non-compliance. Even if your website is based outside of Europe. If you have visitors from Europe, you can still be liable.

  

  In the US, there isn’t one main privacy law, there hundreds on both the federal and state levels to protect the personal data (or personally identifiable information) of US residents – like the California Consumer Privacy Act (CCPA). There are also industry-specific statutes related to data privacy like HIPAA.

  To protect your website from coming under fire for privacy breaches, best practise is to find platforms that are privacy and GDPR compliant by design. 

  When you own your own data – as with the case of Matomo – you have control over where data is stored, what you’re doing with it, and can better protect the privacy of your visitors.

  At this point you may be asking, “what’s the point of an analytics platform if you have to follow all these rules ?”

  The importance of analytics for your WordPress site

  • Figuring out how your audience behaves to increase conversions
  • Setting, tracking and measuring conversion goals
  • Being able to find insights to improve and optimize your site 
  • Making smarter, data-driven decisions so your company can thrive, rather than risk being left behind

  Analytics is used to answer questions like :

  • Where are your website visitors coming from (location) ?
  • How many people visit your website ?
  • Which are the most popular pages on your site ?
  • What sources of traffic are coming to your site (social, marketing campaigns, search) ?
  • Is your marketing campaign performing better this month compared to last ?

  Matomo can answer all of the above questions. BONUS : On top of that, with Matomo you get the peace of mind knowing you’re the only one who has access to those answers.

  

  Matomo Analytics vs Google Analytics on WordPress

  The top 5 most useful features in Matomo Analytics that’s comparable to GA

  1. Campaign measurement – traffic. Matomo also has a URL builder that lets you track which campaigns are working effectively
  2. Tracking goals. Matomo empowers you to set goals you can track. Being able to see this means you can accurately measure your return on investment (ROI) 
  3. Audience reports to learn about visitors. Matomo’s powerful visitors feature lets you learn who is visiting your site, what their journey is and the steps they take to conversion.
  4. In depth view of behaviour with Funnels in Matomo. This tracks the journey of your visitors from the moment they enter your site, to when they leave. Giving you insight into where and why you lose your visitors.
  5. Custom reports. Where you create your unique reports to fit your business goals.

  Other benefits of using Matomo :

  • No data sampling which means you get 100% accurate reporting
  • 100% data ownership
  • Free Tag Manager
  • Search engine keyword rankings
  • Unlimited websites
  • Unlimited team members
  • GDPR manager
  • API access
  • Hosted on your own servers so you have full control over where your data is stored

  Learn more about the differences in this comprehensive table.

  

  Matomo Analytics for WordPress is free !

  Matomo Analytics is the best free Google Analytics alternative on the WordPress Directory. In addition to having comparable features where you can do pretty much do everything you wanted to do in GA. Matomo Analytics for WordPress makes for an ethical choice because you can respect your visitor’s privacy, can become GDPR compliant, and maintain control over your own data.

  Google Analytics leads the market for good reasons. It’s a great free tool for those who want analytics, but there’s no clarity when it comes to grey areas like privacy and data ownership. If these are major concerns for you, Matomo offers complete peace of mind that you’re doing the best you can to stay ethical while growing your business and website.

  It’s just as easy to install in a few click !

  Install and see for yourself !