Recherche avancée

Sur d’autres sites (9582)

• How to not process any personal data with Matomo and what it means for you

  22 avril 2018, par InnoCraft

  Disclaimer : this blog post has been written by digital analysts, not lawyers. The purpose of this article is to explain how to not process any personal data with Matomo in order to avoid going through the GDPR compliance process with Matomo analytics. This work comes from our interpretation of different sources : the official GDPR text and the UK privacy commission : ICO resources. It cannot be considered as a professional legal advice. So as GDPR, this information is subject to change. GDPR may be also known as RGPD in French, Spanish, Portuguese, Datenschutz-Grundverordnung, DS-GVO in German, Algemene verordening gegevensbescherming in Dutch, Regolamento generale sulla protezione dei dati in Italian.

  Are you looking for a way to not process any personal data with Matomo ? If the answer is yes, you are at the right place. From our understanding, if you are not processing personal data, then you shouldn’t be concerned about GDPR. Our inspiration came from this official reference :

  “The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.“

  In this blog post we are going to see how you can configure Matomo in order to not process any personal data and what the consequences are.

  Which data is considered as personal according to GDPR ?

  From : eur-lex.europa.eu

  (1) “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’) ; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person ;”

  (30) “Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”

  So according to your Matomo configuration, it may leave some traces within the following data :

  1. IP addresses
  2. Cookies identifiers
  3. Page URL or page titles
  4. User ID and Custom “personal” data
  5. Ecommerce order IDs
  6. Location
  7. Heatmaps & Session Recordings

  Let’s see each of them in more detail.

  1. IP addresses

  IP addresses can indirectly identify an individual. It can also give a good approximation of an individual’s location.

  IP addresses are therefore considered as personal data which means you need to anonymize them. To do so, a feature is available within Matomo, where you can anonymize the IP. We recommend you to anonymize at least the last two bytes :

  

  See our configuration guide for more information

  What are the consequences of using this feature ?

  When applying IP anonymization on two bytes, you will no longer be able to see the full IP in the UI.

  Moreover, there is a small chance that 2 different visitors with the same device and software configuration will be identified as the same visitor if the anonymised IP address is the same for both.

  2. Cookies

  It is not clear for us yet if all cookies are considered equal under GDPR. At this stage it is too early to make a definite decision.

  Did you know ? Matomo lets you optionally disable the creation of cookies by adding an extra line of code to your tracking code see below.

  

  See our configuration guide for more information

  What are the consequences of using this feature ?

  Matomo is using a few first party cookies, and the following cookies may hold personal data :

  • _pk_id : contains a visitor id used to identify unique visitors
  • _pk_ref : to identify from where they came from

  If Matomo cannot set cookies, it will use a technique called Fingerprint. It is based on several metadata such as the operating system, browser, browser plugins, IP address, browser language ; just to name a few to identify a unique visitor. As this feature is less accurate than the one using cookies, the number of visitors and visits will be affected.

  3. Page URLs and page titles

  URLs are not mentioned within the official GDPR text. However, we know that according to the different CMS you use, some of them may have URLs including personal identifiers.

  For example :

  

  As a result, you need to find a way to anonymize this data.

  There are several ways you can perform this action according to your website. If your website is adding the personal data through query parameters, you can define a rule to exclude them from Matomo.

  If the personal data are not included within query parameters, you can use the “setCustomURL” feature and write your code as follow :

  

  See our developer documentation for more information

  If you are also processing personal data within the title tag, you can use the following function : “setDocumentTitle”.

  What are the consequences of using this feature ?

  By anonymizing the URLs containing personal data, some of your  URLs will be grouped together.

  4. User ID and custom personal data

  User ID is a feature (a tracking code needs to be added) which allows you to identify the same user across different devices.

  A User ID needs a corresponding database in order to link a user across different devices, it can be an email, a username, a name, a random number… All those data are either direct or non direct online identifiers and are therefore under the scope of GDPR.

  It will be the same situation if you are using custom variables and/or custom dimensions in order to push personal data to the system.

  To continue using the User ID feature but not recording personal data, you can consider using a hash function which will anonymize/convert your actual User ID into something like “3jrj3j34434834urj33j3”.

  Alternatively, you can enable the feature “Anonymise User IDs”. This feature will be available starting in Matomo 3.5.0 :

  

  What are the consequences of using this feature ?

  Under GDPR, User ID is personal data. Anonymizing the User ID using a hash function or our built-in functionality make the User Id pseudo-anonymous, which means it can’t be easily identified to a specific user. As a result, you will still get accurate visits and unique visitors metrics, and the Visitor Profile, but without tracking the original User ID which is personal data.

  5. Ecommerce order IDs

  Order IDs are the reference number assigned to the products/services bought by your customers. As this information can be crossed with your internal database, it is considered as an online identifier and is therefore under the scope of GDPR. As for User ID, you can anonymize order IDs using our built-in functionality to Anonymise Order IDs (see section 4. about User Id).

  What are the consequences of anonymizing order ID ?

  It really depends on your former use of order IDs. If you were not using them in the past then you should not see any difference.

  6. Location

  Based on the IP address of a visitor, Matomo can detect the visitors location. Location data is problematic for privacy as this technology has become quite accurate and can detect not only the city a visitor is from, but sometimes an even more precise position of a visitor.

  

  In order to not leave any accurate traces, we strongly recommend you to enable the IP anonymization feature. Next, you need to enable the setting “Also use the anonymized IP address when enriching visits”. You find this setting directly below the IP anonymization. This is important as otherwise the full IP address will be used to geolocate a visitor.

  

  What are the consequences of anonymizing location data ?

  The more bytes you anonymize from the IP, the more anonymized your location will be. When you remove two bytes as suggested, the city and region location reports will not be as accurate. In some cases even the country may not be detected correctly anymore.

  7. Heatmaps & Session Recordings

  Heatmaps & Session Recording is a premium feature in Matomo allowing you to see where users click, hover, type and scroll. With session recordings you can then replay their actions in a video.

  Heatmaps & Session Recordings are under the scope of GDPR as they can disclose in some specific cases (for example : filling a contact form) personal data :

  

  To avoid this, Matomo will anonymize all keystrokes which a user enters into a form field unless you specifically whitelist a field. Many fields that could contain personal data, such as a credit card, phone number, email address, password, social security number, and more are always anonymized and not recorded.

  See our configuration guide for more information

  Note that a page may still show personal information within the page as part of regular content (not a form element). For example an address, or the profile page of a forum user. We have added a feature which allows you to set an HTML attribute “data-matomo-mask” to anonymize any personal content shown in the UI.

  What are the consequences of using this feature ?

  Mainly, you will not be able to see in plain text what people are entering into your forms.

  What should you do with past data ?

  Once more, we have to say that we are not lawyers. So do not take our answers as legal advice. From : ec.europa.eu/newsroom/article29/document.cfm ?doc_id=50053

  “For example, as the GDPR requires that a controller must be able to demonstrate that valid consent was obtained, all presumed consents of which no references are kept will automatically be below the consent standard of the GDPR and will need to be renewed.”

  Our interpretation is that, if you were previously relying on consent, unless you can demonstrate that valid consent was obtained, you need to get the consent back (which is almost impossible) or you need to anonymize or remove that data.

  To anonymize previously tracked data, we are actively working on a feature to do just that directly within Matomo. Alternatively, you may also set up the deletion of logs after a certain amount of time.

  We really hope you enjoyed reading this article. GDPR is still on the go and we are pretty sure you have a lot of questions about it. You probably would like to share our vision about it. So do not hesitate to ask us through our contact form to see how we are interpreting GDPR at Matomo and InnoCraft.

  The post How to not process any personal data with Matomo and what it means for you appeared first on Analytics Platform - Matomo.

• What is data anonymization in web analytics ?

  11 février 2020, par Joselyn Khor — Analytics Tips, Privacy
  Collecting information via web analytics platforms is needed to help a website grow and improve. When doing so, it’s best to strike a balance between getting valuable insights, and keeping the trust of your users by protecting their privacy.

  This means not collecting or processing any personally identifiable information (PII). But what if your organisation requires you to collect PII ?

  That’s where data anonymization comes in.

  

  What is data anonymization ?

  Data anonymization makes identifiable information unidentifiable. This is done through data processing techniques which remove or modify PII data. So data becomes anonymous and can’t be linked to any individual.

  In the context of web analytics, data anonymization is handy because you can collect useful data while protecting the privacy of website visitors.

  Why is data anonymization important ?

  Through modern threats of identity theft, credit card fraud and the like, data anonymization is a way to protect the identity and privacy of individuals. As well as protect private and sensitive information of organisations. 

  Data anonymization lets you follow the many laws around the world which protect user privacy. These laws provide safeguards around collecting personal data or personally identifiable information (PII), so data anonymization is a good solution to ensure you’re not processing such sensitive information.

  In some cases, implementing data anonymization techniques means you can avoid having to show your users a consent screen. Which means you may not need to ask for consent in order to track data. This is a bonus as consent screens can annoy and stop people from engaging with your site.

  GDPR and data anonymization

  

  The GDPR is a law in the EU that limits the collection and processing of personal data. The aim is to give people more control over their online personal information. Which is why website owners need to follow certain rules to become GDPR compliant and protect user privacy. According to the GDPR, you can be fined up to 4% of your yearly revenue for data breaches or non-compliance. 

  In the case of web analytics, tools can be easily made compliant by following a number of steps. 

  This is why anonymizing data is a big deal.

  Anonymized data isn’t personal data according to the GDPR : 

  “The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.”

  This means, you still get the best of both worlds. By anonymizing data, you’re still able to collect useful information like visitor behavioural data.

  US privacy laws and data anonymization

  In the US, there isn’t one single law that governs the protection of personal data, called personally identifiable information (PII). There are hundreds of federal and state laws that protect the personal data of US residents. As well as, industry-specific statutes related to data privacy, like the California Consumer Privacy Act (CCPA) and the Health Insurance Portability and Accountability Act (HIPAA).

  Website owners in the US need to know exactly what laws govern their area of business in order to follow them.

  A general guideline is to protect user privacy regardless of whether you are or aren’t allowed to collect PII. This means anonymizing identifiable information so your website users aren’t put at risk.

  Data anonymization techniques in Matomo Analytics

  If you carry these out, you won’t need to ask your website visitors for tracking consent since anonymized data is no longer considered personal data under the GDPR.

  • Anonymize previously tracked raw data – like visitors/visits
  • Anonymize Visitor IP addresses
  • Anonymize geo-location information (country, region, city)
  • Pseudonymize User ID ( if you don’t want this data to land on your Matomo server, the solution is simply to not set the User ID. Then Matomo will use the normal anonymized IDs)
  • Data can also be anonymized before it’s even sent to Matomo
  • Learn how to further configure privacy settings in a web analytics tool like Matomo
  • 11 ways Matomo Analytics helps you to protect your visitors privacy

  The techniques listed above make it easy for you when using a tool like Matomo, as they are automatically anonymized.

  Tools like Google Analytics on the other hand don’t provide some of the privacy options and leave it up to you to take on the burden of implementation without providing steps.

  Data anonymization tools

  If you’re a website owner who wants to grow your business or learn more about your website visitors, privacy-friendly tools like Matomo Analytics are a great option. By following the easy steps to be GDPR compliant, you can anonymize all data that could put your visitors at risk.

• How to complete your privacy policy with Matomo analytics under GDPR

  25 avril 2018, par InnoCraft

  Important note : this blog post has been written by digital analysts, not lawyers. The purpose of this article is to show you how to complete your existing privacy policy by adding the parts related to Matomo in order to comply with GDPR. This work comes from our interpretation of the UK privacy commission : ICO. It cannot be considered as professional legal advice. So as GDPR, this information is subject to change. We strongly advise you to have a look at the different privacy authorities in order to have up to date information. This blog post contains public sector information licensed under the Open Government Licence v3.0.

  Neither the GDPR official text or ICO are mentioning the words ‘privacy policy’. They use the words ‘privacy notice’ instead. As explained within our previous blog post about “How to write a privacy notice for Matomo”, the key concepts of privacy information are transparency and accessibility which are making the privacy notice very long.

  As a result, we prefer splitting the privacy notice into two parts :

  • Privacy notice : straight to the point information about how personal data is processed at the time of the data collection. This is the subject of the our previous blog post.
  • Privacy policy : a web page explaining in detail all the personal data you are processing and how visitors/users can exercise their rights. This is the blog post you are reading.

  Writing/updating your privacy policy page can be one of the most challenging task under GDPR.

  In order to make this mission less complicated, we have designed a template which you can use to complete the privacy policy part that concerns Matomo.

  Which information should your privacy policy include ?

  ICO is giving a clear checklist about what a privacy policy has to contain when the data is obtained from the data subject :

  1. Identity and contact details of the controller and where applicable, the controller’s representative and the data protection officer.
  2. Purpose of the processing and the legal basis for the processing.
  3. The legitimate interests of the controller or third party, where applicable.
  4. Any recipient or categories of recipients of the personal data.
  5. Details of transfers to third country and safeguards.
  6. Retention period or criteria used to determine the retention period.
  7. The existence of each of data subject’s rights.
  8. The right to withdraw consent at any time, where relevant.
  9. The right to lodge a complaint with a supervisory authority.
  10. Whether the provision of personal data part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data.
  11. The existence of automated decision-making, including profiling and information about how decisions are made, the significance and the consequences.

  So in order to use Matomo with due respect to GDPR you need to answer each of those points within your privacy policy.

  Matomo’s privacy policy template

  You will find below some examples to each point requested by GDPR. Those answers are just guidelines, they are not perfect, feel free to copy/paste them according to your needs.

  Note that this template needs to be tweaked according to the lawful basis you choose.

  1 – About Matomo

  Note : this part should describe the data controller instead, which is your company. But as you may already have included this part within your existing privacy policy, we prefer here to introduce what is Matomo.

  Matomo is an open source web analytics platform. A web analytics platform is used by a website owner in order to measure, collect, analyse and report visitors data for purposes of understanding and optimizing their website. If you would like to see what Matomo looks like, you can access a demo version at : https://demo.matomo.org.

  2 – Purpose of the processing

  Matomo is used to analyse the behaviour of the website visitors to identify potential pitfalls ; not found pages, search engine indexing issues, which contents are the most appreciated… Once the data is processed (number of visitors reaching a not found pages, viewing only one page…), Matomo is generating reports for website owners to take action, for example changing the layout of the pages, publishing some fresh content… etc.

  Matomo is processing the following personal data :

  Pick up the one you are using :

  • Cookies
  • IP address
  • User ID
  • Custom Dimensions
  • Custom Variables
  • Order ID
  • Location of the user

  And also :

  • Date and time
  • Title of the page being viewed
  • URL of the page being viewed
  • URL of the page that was viewed prior to the current page
  • Screen resolution
  • Time in local timezone
  • Files that were clicked and downloaded
  • Link clicks to an outside domain
  • Pages generation time
  • Country, region, city
  • Main Language of the browser
  • User Agent of the browser

  This list can be completed with additional features such as :

  • Session recording, mouse events (movements, content forms and clicks)
  • Form interactions
  • Media interactions
  • A/B Tests

  Pick up one of the two :

  1. The processing of personal data with Matomo is based on legitimate interests, or :
  2. The processing of personal data with Matomo is based on explicit consent. Your privacy is our highest concern. That’s why we will not process any personal data with Matomo unless you give us clear explicit consent.

  3 – The legitimate interests

  This content applies only if you are processing personal data based on legitimate interests. You need here to justify your legitimate interests to process personal data. It is a set of questions described here.

  Processing your personal data such as cookies is helping us identify what is working and what is not on our website. For example, it helps us identify if the way we are communicating is engaging or not and how we can organize the structure of the website better. Our team is benefiting from the processing of your personal data, and they are directly acting on the website. By processing your personal data, you can profit from a website which is getting better and better.

  Without the data, we would not be able to provide you the service we are currently offering to you. Your data will be used only to improve the user experience on our website and help you find the information you are looking for.

  4 – Recipient of the personal data

  The personal data received through Matomo are sent to :

  • Our company.
  • Our web hosting provider : name and contact details of the web hosting provider.

  Note : If you are using the Matomo Analytics Cloud by InnoCraft the web hosting provider is “InnoCraft, 150 Willis St, 6011 Wellington, New Zealand“.

  5 – Details of transfers to third country and safeguards

  Matomo data is hosted in Name of the country.

  If the country mentioned is not within the EU, you need to mention here the appropriate safeguards, for example : our data is hosted in the United States within company XYZ, registered to the Privacy Shield program.

  Note : The Matomo Analytics Cloud by InnoCraft is currently hosted in France. If you are using the cloud-hosted solution of Matomo, use “France” as name of the country.

  6 – Retention period or criteria used to determine the retention period

  We are keeping the personal data captured within Matomo for a period of indicate here the period.

  Justify your choice, for example : as our data is hosted in France, we are applying the French law which defines a retention period of no more than 13 months. You can set the retention period in Matomo by using the following feature.

  7 – The existence of each of the data subject’s rights

  If you are processing personal data with Matomo based on legitimate interest :

  As Matomo is processing personal data on legitimate interests, you can exercise the following rights :

  • Right of access : you can ask us at any time to access your personal data.
  • Right to erasure : you can ask us at any time to delete all the personal data we are processing about you.
  • Right to object : you can object to the tracking of your personal data by using the following opt-out feature :

  Insert here the opt-out feature.

  If you are processing personal data with Matomo based on explicit consent :

  As Matomo is processing personal data on explicit consent, you can exercise the following rights :

  • Right of access : you can ask us at any time to access your personal data.
  • Right to erasure : you can ask us at any time to delete all the personal data we are processing about you.
  • Right to portability : you can ask us at any time for a copy of all the personal data we are processing about you in Matomo.
  • Right to withdraw consent : you can withdraw your consent at any time by clicking on the following button.

  8 – The right to withdraw consent at any time

  If you are processing personal data under the consent lawful basis, you need to include the following section :

  You can withdraw at any time your consent by clicking here (insert here the Matomo tracking code to remove consent).

  9 – The right to lodge a complaint with a supervisory authority

  If you think that the way we process your personal data with Matomo analytics is infringing the law, you have the right to lodge a complaint with a supervisory authority.

  10 – Whether the provision of personal data is part of a statutory or contractual requirement ; or obligation and possible consequences of failing to provide the personal data

  If you wish us to not process any personal data with Matomo, you can opt-out from it at any time. There will be no consequences at all regarding the use of our website.

  11 – The existence of automated decision-making, including profiling and information about how decisions are made, the significance and the consequences

  Matomo is not doing any profiling.

   

  That’s the end of our blog post. We hope you enjoyed reading it and that it will help you get through the GDPR compliance process. If you have any questions dealing with this privacy policy in particular, do not hesitate to contact us.

  The post How to complete your privacy policy with Matomo analytics under GDPR appeared first on Analytics Platform - Matomo.