In Piwik PRO, you can collect data while still respecting visitors’ privacy and complying with various privacy laws. In this article, we’ll show you a few privacy-focused ways to set up your data collection. But before you choose your method, consult your legal team as they may have their own interpretations of applicable laws.
Ask visitors for consent
First you need to decide if you’re going to use a consent form on your site. If you do, you’ll be collecting data on all visitors who consent. And for those who don’t consent, you’ll have the following options:
- Collect data using a 30-minute cookie: You’ll use a 30-minute cookie to collect session data. You won’t recognize new and returning visitors, but you’ll get data on the visitor’s country. Visitors’ IP addresses will be fully masked.
This setting is recommended for sites that need to comply with privacy laws but whose owners want to capture some non-sensitive data from visitors who don’t consent.
Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (on) > Collect data using a 30-minute cookie (on)
- Collect data without using cookies: You won’t create or store any cookies on visitors’ browsers. Nothing will be stored on visitors’ devices. You won’t recognize new and returning visitors, but you’ll get data on the visitor’s country. Visitors’ IP addresses will be fully masked.
This setting is recommended for sites that need to comply with privacy and strict cookie laws but whose owners want to collect some non-sensitive data from visitors who don’t consent.
Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (on) > Collect data without using cookies (on)
Note: Some triggers create cookies to function correctly. If you use one of the following conditions in triggers, we’ll set a cookie:
- Event condition > Traffic source
- Event condition > Returning visitor
- Event condition > Campaign
- Event condition > External referrer
- Multiplicity > Fire tag once per session
- Multiplicity > Fire tag multiple times per session, excluding first
- Multiplicity > Fire tag once per page view
Make sure that tags with those triggers are set with the right consent type.
We also set essential cookies that store each visitor’s consent decision. More about cookies
- Don’t collect data: The tracking code won’t be fired for visitors.
With this setting, you’ll collect data in a highly privacy-friendly way, but the downside is that you’ll lose about 25 to 75 percent of traffic data, namely data regarding all visitors that don’t consent to data collection and usage. This method is recommended for sites that need to strictly comply with privacy laws and belong to organizations that don’t mind collecting less data.
Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (on) > Don’t collect data (on)
Extra layer of privacy: Use IP masking to offer visitors more privacy.
Comparison of options
Here’s a comparison table to help you choose the right option. Each setting uses different mechanisms for collecting data and for recognizing visitors and their sessions. Settings also affect what data you collect.
| When visitors agree | When visitors don’t agree | |||
|---|---|---|---|---|
| Cookies & session ID | 30-minute cookie | No cookies | Don’t collect data | |
| Mechanisms used to collect data | ||||
| First-party cookies | (1) | (2) | ||
| Local storage | ||||
| Session ID | (3) | |||
| Visitor’s IP address | Yes / No (4) | |||
| Visitor ID | ||||
| Collected data | ||||
| Capture all traffic | ||||
| New vs. returning visitors | ||||
| Visitor’s session | ||||
| Visitor’s location | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Country, Continent | Country, Continent | |
| Events | ||||
| Traffic sources | ||||
| Channel attribution | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | Last-click | Last-click | |
| Consent stats | (5) | |||
| Privacy laws | ||||
| Compliant with | LGPD, PDPA, GDPR, UK GDPR/ PECR (7), TTDSG (7), HIPAA (8) | LGPD, PDPA, GDPR (6), HIPAA (8) | LGPD, PDPA, GDPR (6), UK GDPR/PECR (7), TTDSG (7), HIPAA (8) | LGPD, PDPA, GDPR, UK GDPR/PECR, CCPA, HIPAA (8) |
- You’ll use a 30-minute cookie to collect session data.
- We’ll set essential cookies that store each visitor’s consent decision. In addition, some triggers in Tag Manager will set cookies in order to funcion correctly. Make sure that tags with these triggers are set with the right consent type.
- We create a session ID to recognize the visitor’s session. We only use it for 30 minutes since the last event.
- You can mask visitors’ IP addresses under Administration > Sites & apps > Privacy > Mask IP addresses. An IP address gives you a visitor’s location. Masking it removes the selected number of bytes from the address before saving it to the database. Nobody will ever see the full address. Masking an address can enhance visitor privacy, as you won’t be able to see their precise location.
- You won’t collect any consent stats about people who don’t consent to analytics.
- Check the cookie policy in your local guidelines; different countries can have their own policy.
- Assuming the product is set up to avoid storing additional device-level information, such as screen resolution or browser plugins. You can set it in Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on).
- If you have the Enterprise plan and have signed a BAA with us.
Note: Piwik PRO doesn’t use device fingerprinting. Instead it uses a session ID. A session ID is a more privacy-friendly way to recognize each visitor’s sessions.
Don’t ask visitors for consent
You can also choose not to use a consent form on your site. This leaves you with a number of options:
- Collect data using a session ID and visitor cookies : This lets you collect the most precise data. It’s recommended for sites that operate in regions that don’t have privacy guidelines or where the privacy guidelines don’t require consent for data collection.
Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (off) + Use a session ID (on) + Use visitor cookies (on)
Extra layer of privacy:
- Use an opt-out form to offer visitors the choice to opt out of data collection.
- Use IP masking to offer visitors more privacy.
- Collect data without using cookies: This lets you collect data without asking a visitor for cookie consent. The downside is that the collected data is less precise than that collected with cookies. This method is recommended for sites that need to record some basic statistics and whose owners don’t want to bother with consent forms.
Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (off) + Use a session ID (on) + Use visitor cookies (off)
Extra layer of privacy: Use IP masking to offer visitors more privacy.
Note: Some triggers in Tag Manager create cookies to function correctly. If you use one of the following conditions in triggers, we’ll set a cookie:
- Event condition > Traffic source
- Event condition > Returning visitor
- Event condition > Campaign
- Event condition > External referrer
- Multiplicity > Fire tag once per session
- Multiplicity > Fire tag multiple times per session, excluding first
- Multiplicity > Fire tag once per page view
If you don’t want to use these cookies, don’t set these conditions in the trigger. More about cookies
- Collect data without using a session ID: This lets you turn off the session ID that normally recognizes visitor sessions.
Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (off) + Use a session ID (off) + Use visitor cookies (on)
- Collect data without using a session ID or visitor cookies: This lets you forget about cookie or data collection consent forms altogether. The downside is that your data will be the least precise of all. You won’t recognize visitors or their sessions, and each event will be treated as a new session.
This method is recommended for sites that need to comply with really rigid privacy rules and belong to organizations don’t want to use consent forms.
Setting: Administration > Sites & apps > Privacy > Ask visitors for consent (off) + Use a session ID (off) + Use visitor cookies (off)
Note: Some triggers in Tag Manager create cookies to function correctly. If you use one of the following conditions in triggers, we’ll set a cookie:
- Event condition > Traffic source
- Event condition > Returning visitor
- Event condition > Campaign
- Event condition > External referrer
- Multiplicity > Fire tag once per session
- Multiplicity > Fire tag multiple times per session, excluding first
- Multiplicity > Fire tag once per page view
If you don’t want to use these cookies, don’t set these conditions in the trigger. More about cookies
Comparison of options
Here’s a comparison table to help you choose the right option. Each setting uses different mechanisms for collecting data and for recognizing visitors and their sessions. Settings also affect what data you collect.
| Cookies & session ID | No cookies | No session ID | No cookies & session ID | |
|---|---|---|---|---|
| Mechanisms used to collect data | ||||
| First-party cookies | (1) | (1) | ||
| Local storage | ||||
| Session ID | (2) | |||
| Visitor’s IP address | Yes / No (3) | Yes / No (3) | ||
| Visitor ID | ||||
| Collected data | ||||
| Capture all traffic | ||||
| New vs. returning visitors | ||||
| Visitor’s session | (4) | |||
| Visitor’s location | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent |
| Events | ||||
| Traffic sources | ||||
| Channel attribution | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | Last-click | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | |
| Privacy laws | ||||
| Compliant with | Countries without privacy laws, CCPA (5), HIPAA (7) |
Cookie laws, HIPAA (7) | Cookie laws, HIPAA (7) | GDPR, UK GDPR/PECR (6), TTDSG (6), HIPAA (7) |
- Some triggers in Tag Manager set cookies to function correctly.
- We create a session ID to recognize the visitor’s session. We only use it for 30 minutes since the last event.
- You can mask visitors’ IP addresses under Administration > Sites & apps > Privacy > Mask IP addresses. An IP address gives you a visitor’s location. Masking it removes the selected number of bytes from the address before saving it to the database. Nobody will ever see the full address. Masking an address can enhance visitor privacy, as you won’t be able to see their precise location.
- Each event is a new session.
- You need to add an opt-out form (“do not sell my personal data”).
- Assuming the product is set up to avoid storing additional device-level information, such as screen resolution or browser plugins. You can set it in Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on).
- If you have the Enterprise plan and have signed a BAA with us.
Note: Piwik PRO doesn’t use device fingerprinting. Instead it uses a session ID. A session ID is a more privacy-friendly way to recognize visitor’s sessions.