Collect data in a privacy-friendly way

In Piwik PRO, you can collect data while still respecting visitors’ privacy and complying with various privacy laws. In this article, we’ll show you a few privacy-focused ways to set up your data collection. But before you choose your method, consult your legal team as they may have their own interpretations of applicable laws.

Method 1: Ask visitors for consent, but also collect anonymous data

First you need to decide if you’re going to use a consent form on your site. If you do, you’ll be collecting data on all visitors who consent. And for those who don’t consent, you’ll be able to collect anonymous data.

This method is recommended for sites that need to comply with privacy laws but whose owners want to capture some non-sensitive data from visitors who don’t consent.

With this method you can choose to use 30-minute visitor cookies and session hashes for non-consenting visitors, which also helps you control the data you collect.

Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (on) > Collect anonymous data from non-consenting visitors (on) > Use a session hash (on or off) and Use visitor cookies (on or off) Read more

Here’s a comparison table to help you choose the right option.

Consenting visitors Non-consenting visitors
Cookies & session hash Visitor cookies & session hash Visitor cookies only Session hash only No visitor cookies & session hash
Mechanisms used to collect data
First-party cookies
Local storage
Session hash
Collected data
Visitor’s IP address Yes / No
Visitor ID
Capture all traffic
New vs. returning visitors
Visitor’s session
Visitor’s location Latitude, Longitude, Organization, Provider, City, Region, Country, Continent Country, Continent Country, Continent Country, Continent Country, Continent
Events
Traffic sources
Channel attribution Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models Last-click Last-click Last-click
Consent stats
Privacy laws
Compliant with LGPD
PDPA
GDPR
UK GDPR/ PECR
TDDDG
HIPAA
LGPD
PDPA
GDPR
HIPAA
LGPD
PDPA
GDPR
HIPAA
LGPD
PDPA
GDPR
UK GDPR/PECR
TDDDG
HIPAA
LGPD
PDPA
GDPR
UK GDPR/PECR
TDDDG
HIPAA

Note: Piwik PRO doesn’t use device fingerprinting. Instead it uses a session hash. A session hash is a more privacy-friendly way to recognize each visitor’s sessions.

Another method is to ask visitors for their consent and only collect data from those who do agree. With this method, you’ll collect data in a highly privacy-friendly way since the tracking code won’t even fire for non-consenting visitors. However, the downside is that you’ll lose about 25 to 75 percent of traffic data, namely data regarding all visitors that don’t consent to data collection and usage.
 
This method is recommended for sites that need to strictly comply with privacy laws and belong to organizations that don’t mind collecting less data.

Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (on) > Collect anonymous data from non-consenting visitors (off) Read more

Extra layer of privacy: You can use IP masking to offer visitors more privacy.

Here’s a table showing the data you’ll collect using the method described.

Consenting visitors Non-consenting visitors
Cookies & session hash (1) Don’t collect data
Mechanisms used to collect data
First-party cookies
Local storage
Session hash
Collected data
Visitor’s IP address Yes / No (2)
Visitor ID
Capture all traffic
New vs. returning visitors
Visitor’s session
Visitor’s location Latitude, Longitude, Organization, Provider, City, Region, Country, Continent
Events
Traffic sources
Channel attribution Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models
Consent stats (3)
Privacy laws
Compliant with LGPD, PDPA, GDPR, UK GDPR/ PECR (4), TDDDG (5), HIPAA (6) LGPD, PDPA, GDPR, UK GDPR/PECR, CCPA, HIPAA (6)
  1. It’s possible to turn off visitor cookies and session hashes for consenting visitors, but this is rare because you’re getting their consent to collect and use data.
  2. You can mask visitors’ IP addresses under Administration > Sites & apps > Privacy > Mask IP addresses. An IP address gives you a visitor’s location. Masking it removes the selected number of bytes from the address before saving it to the database. Nobody will ever see the full address. Masking an address can enhance visitor privacy, as you won’t be able to see their precise location.
  3. You won’t collect any consent stats about people who don’t consent to analytics.  
  4. Check the cookie policy in your local guidelines; different countries can have their own policy.
  5. Assuming the product is set up to avoid storing additional device-level information, such as screen resolution or browser plugins. You can set it in Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on).
  6. If you have the Enterprise plan and have signed a BAA with us

Note: Piwik PRO doesn’t use device fingerprinting. Instead it uses a session hash. A session hash is a more privacy-friendly way to recognize visitor’s sessions.

Method 3: Don’t ask visitors for consent, but limit the use of session and visitor identifiers

You can choose not to use a consent form on your site and manage data collection through session and visitor identifiers like visitor cookies and session hashes. In regions without strict privacy guidelines or where consent isn’t necessary for data collection, using both identifiers is acceptable. However, in regions with stringent privacy rules, it’s better not to use any identifiers.

Turning off session and visitor identifiers affects the precision of your data. When both are disabled, the data becomes less accurate.

Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (off) and Administration > Sites & apps > Privacy > Session and visitor identifiers > Use a session hash (on or off) and Use visitor cookies (on or off)

Extra layer of privacy: You can let people decide if they want their data collected with a simple opt-out form. Also, you can use IP masking for added privacy.

Here’s a comparison table to help you choose the right option.

Consenting visitors or all visitors if you don’t ask for consent
Visitor cookies & session hash Session hash only Visitor cookies only No visitor cookies & session hash
Mechanisms used to collect data
First-party cookies (1) (1)
Local storage
Session hash (2)
Collected data
Visitor’s IP address Yes / No (3) Yes / No (3)
Visitor ID
Capture all traffic
New vs. returning visitors
Visitor’s session (4)
Visitor’s location Latitude, Longitude, Organization, Provider, City, Region, Country, Continent Latitude, Longitude, Organization, Provider, City, Region, Country, Continent Latitude, Longitude, Organization, Provider, City, Region, Country, Continent Latitude, Longitude, Organization, Provider, City, Region, Country, Continent
Events
Traffic sources
Channel attribution Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models Last-click Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models
Privacy laws
Compliant with Countries without privacy laws, CCPA (5), HIPAA (7) Cookie laws, HIPAA (7) Cookie laws, HIPAA (7) GDPR, UK GDPR/PECR (6), TDDDG (6), HIPAA (7)
  1. Some triggers in Tag Manager set cookies to function correctly.
  2. We create a session hash to recognize the visitor’s session. We only use it for 30 minutes since the last event.
  3. You can mask visitors’ IP addresses under Administration > Sites & apps > Privacy > Mask IP addresses. An IP address gives you a visitor’s location. Masking it removes the selected number of bytes from the address before saving it to the database. Nobody will ever see the full address. Masking an address can enhance visitor privacy, as you won’t be able to see their precise location.
  4. Each event is a new session.
  5. You need to add an opt-out form (“do not sell my personal data”).
  6. Assuming the product is set up to avoid storing additional device-level information, such as screen resolution or browser plugins. You can set it in Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on).
  7. If you have the Enterprise plan and have signed a BAA with us.  

Note: Piwik PRO doesn’t use device fingerprinting. Instead it uses a session hash. A session hash is a more privacy-friendly way to recognize visitor’s sessions.

Was this article helpful?

Technical support

If you still have any questions, visit our community.
There’s always someone happy to help!

Back to help center