It looks like matomo needs to run on the same domain as each domain/website in order to be considered a ‘first-party’ tracking solution under GDPR (at least with latest court decisions and press releases form data protections authorities in Germany). Even if all websites are hosted on the same server. Afaik a subdomain is still considered to be the ‘same domain’. How would you go about this?
My approach: I have one shared hosting solution that runs multiple websites (in separate directories and databases) and their domains (mysite-a . com, mysite-b . com, mysite-c . com). In the past I have used one matomo installation (in a separate directory and database) on the subdomain matomo . mysite-a . com to track all sites/domains. I want to keep having one matomo installation instead of 3 separate installations and databases. I therefore created 3 subdomains matomo . mysite-a . com, matomo . mysite-b . com, matomo . mysite-c . com that all point to the same single matomo directory. In matomo all subdomains are set up as a ‘Trusted Matomo Hostname’. Each tracking JS snippet for each domain has the matching subdomain as an URL. So far everything seems to track perfectly. Matomo can be accesed from all subdomains and the opt-out seems to be set for each domain separately (opt-out widget also contains matching subdomain url for each domain).
Im neither sure that this is considered good practice in matomo nor that this is totally GDPR compliant. Any suggestions?