Hello everyone,
I just starting to dig into Matomo and I have this question.
Due to the fact that Matomo doesnt need any cookie tracking ( 3rd party) It is needed to advise users somehow regarding no banner needed ?.
Thank you
Greetings
Hi @CRM_Data-Analytics_M
As soon as you track your visitors, you have to mention somewhere in your site:
- That they are tracked
- That the can access their information and can ask you for deletion
1 Like
And you must create an objection option. If you want to integrate the analysis option of Matomo without cookies in a legally compliant manner, you must still provide the page visitor with an option to object. In this case, we advise you to create a separate sub-page and implement the opt-out solution suggested by Matomo on this sub-page.
2 Likes
I doubt it. If you track anonymously, how will you be able to delete “their” data?
If you don’t track personally identifyable data… what is the issue?
If the user provides the date/time of visit and the first parts of IP (because Matomo deletes the end of it), then he can ask for the deletion of this data.
1 Like
Is there any way to annomyze the IP adress ( full one )?
The questions and answers are relevant to the law. No one, except a lawyer, may give legal advice. All info published here are only hints.
If the requests and the behavior of the users is tracked, then an info banner must be displayed that is being tracked, as well as a link to further information on what exactly is being tracked and how long is it saved or given to a third party or compared with other data. Even if anonymous tracking is used. This tracking info banner cannot be bypassed. There is no trick. You can make it minimalistic.
If the users are tracked anonymously, then it is not possible:
- give the user an insight into the tracked data.
- to delete the tracked data.
Because “anonymous”.
A requesting user would have to prove that the IP / shortened IP is his. This is not possible in most cases, as well as not possible at all with shortened IPs. In addition, the effort is too great. It is different when the user is tracked on a website with login (username / password), because, in this case, personal data is tracked.
It depends on how it is tracked. Javascript or server logs? With Javascript there is no other possibility, unless the server would be manipulated by changing the output of the following variable:
$_SERVER['REMOTE_ADDR']
// The IP address from which the user is viewing the current page.
https://www.php.net/manual/en/reserved.variables.server.php
Or you manipulate all the matomo PHP scripts like this on all points:
// shorten 1
// replace all $_SERVER['REMOTE_ADDR'] to
preg_replace("/([\.\:][0-9]+)$/", "", $_SERVER['REMOTE_ADDR'])
// IP: 123.456.789.123 or 2001:0db8:85a3:08d3:1319:8a2e:0370:7344
// result: 123.456.789 or 2001:0db8:85a3:08d3:1319:8a2e:0370
// shorten 2
// replace all $_SERVER['REMOTE_ADDR'] to
preg_replace("/([\.\:][0-9]+[\.\:][0-9]+)$/", "", $_SERVER['REMOTE_ADDR']);
// IP: 123.456.789.123 or 2001:0db8:85a3:08d3:1319:8a2e:0370:7344
// result: 123.456 or 2001:0db8:85a3:08d3:1319:8a2e
Use at your own risk.