A mention that consent banners are required for UK and Germany. I can see no mention of this anywhere else on your site or the anything I’ve managed to search on the internet.
Are you referring only to the AB testing solution, or are consent banners required for UK and Germany for Analytics? What is cookies are disabled, IP’s are anonymised and the data is self hosted within the EU?
Based on internal discussions with the privacy team in our organization and many (many) researches I’ve done on the topic, you will likely need the cookie banner in the UK even if you anonymize data and run Matomo without cookies. This has nothing to do with GDPR but Article 5(3) of the ePrivacy directive that states the following: “Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC…”. To generate its config_id, Matomo does collect and hash information from the end user device including IP address, browser family, operating system, etc. The situation in Germany is slightly different, you can run Matomo without cookie consent as long as the config_id is only made of information coming from the user_agent string and not device/browser attributes like screen size, plug-in, etc. Matomo introduced a new method disableBrowserFeatureDetection to comply with the ePrivacy directive in Germany. Hope that helps. JM
I’ve read the ICO PECR section on this a few times over now but I cant decide if this means that all analytics, even if just using the IP address and nothing else would now fall under that section. Seems like it would, potentially effecting cloudflare analytics as well.