In Piwik PRO, you can collect data while still respecting visitors’ privacy and complying with various privacy laws. In this article, we’ll show you a few privacy-focused ways to set up your data collection. But before you choose your method, consult your legal team as they may have their own interpretations of applicable laws.
Method 1: Ask visitors for consent, but also collect anonymous data
First you need to decide if you’re going to use a consent form on your site. If you do, you’ll be collecting data on all visitors who consent. And for those who don’t consent, you’ll be able to collect anonymous data.
This method is recommended for sites that need to comply with privacy laws but whose owners want to capture some non-sensitive data from visitors who don’t consent.
With this method you can choose to use 30-minute visitor cookies and session hashes for non-consenting visitors, which also helps you control the data you collect.
Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (on) > Collect anonymous data from non-consenting visitors (on) > Use a session hash (on or off) and Use visitor cookies (on or off) Read more
Here’s a comparison table to help you choose the right option.
Consenting visitors | Non-consenting visitors | ||||
---|---|---|---|---|---|
Cookies & session hash | Visitor cookies & session hash | Visitor cookies only | Session hash only | No visitor cookies & session hash | |
Mechanisms used to collect data | |||||
First-party cookies | |||||
Local storage | |||||
Session hash | |||||
Collected data | |||||
Visitor’s IP address | Yes / No | ||||
Visitor ID | |||||
Capture all traffic | |||||
New vs. returning visitors | |||||
Visitor’s session | |||||
Visitor’s location | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Country, Continent | Country, Continent | Country, Continent | Country, Continent |
Events | |||||
Traffic sources | |||||
Channel attribution | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | Last-click | Last-click | Last-click | |
Consent stats | |||||
Privacy laws | |||||
Compliant with | LGPD PDPA GDPR UK GDPR/ PECR TDDDG HIPAA |
LGPD PDPA GDPR HIPAA |
LGPD PDPA GDPR HIPAA |
LGPD PDPA GDPR UK GDPR/PECR TDDDG HIPAA |
LGPD PDPA GDPR UK GDPR/PECR TDDDG HIPAA |
Note: Piwik PRO doesn’t use device fingerprinting. Instead it uses a session hash. A session hash is a more privacy-friendly way to recognize each visitor’s sessions.
Method 2: Ask visitors for consent and don’t collect data from those who don’t consent
Another method is to ask visitors for their consent and only collect data from those who do agree. With this method, you’ll collect data in a highly privacy-friendly way since the tracking code won’t even fire for non-consenting visitors. However, the downside is that you’ll lose about 25 to 75 percent of traffic data, namely data regarding all visitors that don’t consent to data collection and usage.
This method is recommended for sites that need to strictly comply with privacy laws and belong to organizations that don’t mind collecting less data.
Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (on) > Collect anonymous data from non-consenting visitors (off) Read more
Extra layer of privacy: You can use IP masking to offer visitors more privacy.
Here’s a table showing the data you’ll collect using the method described.
Consenting visitors | Non-consenting visitors | |
---|---|---|
Cookies & session hash (1) | Don’t collect data | |
Mechanisms used to collect data | ||
First-party cookies | ||
Local storage | ||
Session hash | ||
Collected data | ||
Visitor’s IP address | Yes / No (2) | |
Visitor ID | ||
Capture all traffic | ||
New vs. returning visitors | ||
Visitor’s session | ||
Visitor’s location | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | |
Events | ||
Traffic sources | ||
Channel attribution | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | |
Consent stats | (3) | |
Privacy laws | ||
Compliant with | LGPD, PDPA, GDPR, UK GDPR/ PECR (4), TDDDG (5), HIPAA (6) | LGPD, PDPA, GDPR, UK GDPR/PECR, CCPA, HIPAA (6) |
- It’s possible to turn off visitor cookies and session hashes for consenting visitors, but this is rare because you’re getting their consent to collect and use data.
- You can mask visitors’ IP addresses under Administration > Sites & apps > Privacy > Mask IP addresses. An IP address gives you a visitor’s location. Masking it removes the selected number of bytes from the address before saving it to the database. Nobody will ever see the full address. Masking an address can enhance visitor privacy, as you won’t be able to see their precise location.
- You won’t collect any consent stats about people who don’t consent to analytics.
- Check the cookie policy in your local guidelines; different countries can have their own policy.
- Assuming the product is set up to avoid storing additional device-level information, such as screen resolution or browser plugins. You can set it in Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on).
- If you have the Enterprise plan and have signed a BAA with us.
Note: Piwik PRO doesn’t use device fingerprinting. Instead it uses a session hash. A session hash is a more privacy-friendly way to recognize visitor’s sessions.
Method 3: Don’t ask visitors for consent, but limit the use of session and visitor identifiers
You can choose not to use a consent form on your site and manage data collection through session and visitor identifiers like visitor cookies and session hashes. In regions without strict privacy guidelines or where consent isn’t necessary for data collection, using both identifiers is acceptable. However, in regions with stringent privacy rules, it’s better not to use any identifiers.
Turning off session and visitor identifiers affects the precision of your data. When both are disabled, the data becomes less accurate.
Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (off) and Administration > Sites & apps > Privacy > Session and visitor identifiers > Use a session hash (on or off) and Use visitor cookies (on or off)
Extra layer of privacy: You can let people decide if they want their data collected with a simple opt-out form. Also, you can use IP masking for added privacy.
Here’s a comparison table to help you choose the right option.
Consenting visitors or all visitors if you don’t ask for consent | ||||
---|---|---|---|---|
Visitor cookies & session hash | Session hash only | Visitor cookies only | No visitor cookies & session hash | |
Mechanisms used to collect data | ||||
First-party cookies | (1) | (1) | ||
Local storage | ||||
Session hash | (2) | |||
Collected data | ||||
Visitor’s IP address | Yes / No (3) | Yes / No (3) | ||
Visitor ID | ||||
Capture all traffic | ||||
New vs. returning visitors | ||||
Visitor’s session | (4) | |||
Visitor’s location | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent |
Events | ||||
Traffic sources | ||||
Channel attribution | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | Last-click | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | |
Privacy laws | ||||
Compliant with | Countries without privacy laws, CCPA (5), HIPAA (7) | Cookie laws, HIPAA (7) | Cookie laws, HIPAA (7) | GDPR, UK GDPR/PECR (6), TDDDG (6), HIPAA (7) |
- Some triggers in Tag Manager set cookies to function correctly.
- We create a session hash to recognize the visitor’s session. We only use it for 30 minutes since the last event.
- You can mask visitors’ IP addresses under Administration > Sites & apps > Privacy > Mask IP addresses. An IP address gives you a visitor’s location. Masking it removes the selected number of bytes from the address before saving it to the database. Nobody will ever see the full address. Masking an address can enhance visitor privacy, as you won’t be able to see their precise location.
- Each event is a new session.
- You need to add an opt-out form (“do not sell my personal data”).
- Assuming the product is set up to avoid storing additional device-level information, such as screen resolution or browser plugins. You can set it in Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on).
- If you have the Enterprise plan and have signed a BAA with us.
Note: Piwik PRO doesn’t use device fingerprinting. Instead it uses a session hash. A session hash is a more privacy-friendly way to recognize visitor’s sessions.