Is consent exemption possible with an Ecommerce website?

Hi,

Matomo has contradictory opinions on the subject.

  • Either they say : “ If you use features such as Ecommerce tracking or User ID then you will likely need to ask for consent when these features are used. That’s because Ecommerce Order ID can be tied back to the customer, and User ID is often personal data/PII (even when replaced with a pseudonym).”.

  • Or they say : “If you prefer not to track personal data in Matomo, you may enable “Anonymize Order ID” to avoid storing the Ecommerce Order ID number. Because an Order ID can be cross-referenced with another system, typically an eCommerce shop, the Order ID may count as personal information under the GDPR.
    In Administration > Privacy > Anonymize data page in Matomo, click “Anonymize Order ID” and then click Save. When you enable this option, an Order ID will be automatically anonymized so no personal information will be tracked.”

Cnil recommandations say it is not possible to have an ecommerce website without consent.

So… is it possible to avoid consent with Ecommerce tracking and anonymised order ID or not ?

Regards.
Sybil.

Hi Sybil,
I’m concentrating in this same topic because soon I’ll need to collect analytics data from e-commerce website.

As long as there are no personal data logged with events collected by Matomo and/or identifiers (such as order_id) that can be used in conjuction with other external data to identify a specific person GDPR shouldn’t be a concern. Cookie law too shouldn’t be a concern as long as you don’t access/store informations related to user devices to track them. If Cookie law is not a concern then you shouldn’t display a banner to explicitly acquire users consent before collecting analytics data in Matomo (regardless you choose to store data in Matomo with javascript code or server code).

I’m a beginner with Matomo and I don’t know in depth how does e-commerce plugin work. If it can be setted to track e-commerce events respecting principles illustrated above you likely won’t need user explicit consent to store data inside Matomo. If e-commerce plugin doesn’t allow a “GDPR and Cookie law friendly setting” you can still track e-commerce events you are interested in with manual code, without installing e-commerce plugin.

Personally I think I will use php server side tracking without e-commerce plugin to be sure.

→ Please keep in mind that I’m a marketer, not a lawyer ←

I hope I have been helpful and I hope someone can give further informations about this hot topic

Have a nice weekend
Federico

I Frederico. Thank you for your help on this topic. What are you talking about when you say “e-commerce plugin” ?

e-commerce plugin

I think Frederico wrote about:

But in Matomo, client side, you can track e-commerce:
https://developer.matomo.org/api-reference/tracking-javascript#ecommerce
Server-side also (see addEcommerceItem() function for example):
https://developer.matomo.org/api-reference/PHP-Matomo-Tracker#addecommerceitem

As written by Frederico, if:

  • In Matomo you cannot identify a user by any manner (be careful, pseudonymisation of user ID / order ID, etc is not anonymization: matomo, have a look at https://github.com/matomo-org/matomo/issues/19687)
  • You don’t store any data in the user device that could be used to identify him in the future (finger printing, etc.)
  • Be also careful, French and German laws for example are even different in what can be done or not…
1 Like