When you use Consent Manager and ask visitors for consent to collect and use their personal data, some of them won’t agree. So can you collect any other data from these visitors? This depends on privacy laws and how your legal team interprets them.
In Piwik PRO, you can choose whether you want to collect anonymous data from these visitors or not. If you decide on the first option, you should inform them about this practice.
To set up data collection for visitors who don’t consent, follow these steps:
- Go to Menu > Administration.
- Navigate to Sites & apps.
- On the left, pick the site or app you want to work with.
- Navigate to Privacy.
- Ask visitors for consent needs to be turned on because only then you’re showing a consent form on your site.
- Click View to customize the consent setting:
- Collect anonymous data from non-consenting visitors: You can collect anonymous data from visitors who haven’t given their consent. Their IP addresses will be completely masked. You will not recognize new and returning visitors. And you will only know their country. It’s up to you to decide whether to use a session hash and visitor cookies for these visitors or not.
- Use a session hash: If you use a session hash, it’ll be created for each session based on the visitor’s IP address, operating system, browser name, browser version, browser language, enabled browser plugins and site/app ID. This hash will help us recognize events that belong to the same session. Note: This setting only applies to non-consenting visitors.
- Use visitor cookies: If you use visitor cookies (_pk_id and _pk_ses), we’ll use them to recognize events that belong to the same session. They will expire 30 minutes after the last event. Note: This setting only applies to non-consenting visitors.
Note: Some triggers in Tag Manager create cookies to function correctly. If you use one of the following conditions in triggers, we’ll set a cookie:
- Event condition > Traffic source
- Event condition > Returning visitor
- Event condition > Campaign
- Event condition > External referrer
- Multiplicity > Fire tag once per session
- Multiplicity > Fire tag multiple times per session, excluding first
- Multiplicity > Fire tag once per page view
Make sure that tags with those triggers are set with the right consent type.
We also set essential cookies that store visitor’s consent decision. More about cookies - Done!
Comparison of options
Here’s a comparison table to help you choose the right option. Each setting uses different mechanisms for collecting data and for recognizing visitors and their sessions. Settings also affect what data you collect.
| Consenting visitors | Non-consenting visitors | |||||
|---|---|---|---|---|---|---|
| Cookies & session hash | Visitor cookies & session hash | Visitor cookies only | Session hash only | No visitor cookies & session hash | Don’t collect data | |
| Mechanisms used to collect data | ||||||
| First-party cookies | ||||||
| Local storage | ||||||
| Session hash | ||||||
| Collected data | ||||||
| Visitor’s IP address | Yes / No | |||||
| Visitor ID | ||||||
| Capture all traffic | ||||||
| New vs. returning visitors | ||||||
| Visitor’s session | ||||||
| Visitor’s location | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Country, Continent | Country, Continent | Country, Continent | Country, Continent | |
| Events | ||||||
| Traffic sources | ||||||
| Channel attribution | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | Last-click | Last-click | Last-click | ||
| Consent stats | ||||||
| Privacy laws | ||||||
| Compliant with | LGPD PDPA GDPR UK GDPR/PECR TDDDG HIPAA |
LGPD PDPA GDPR HIPAA |
LGPD PDPA GDPR HIPAA |
LGPD PDPA GDPR UK GDPR/PECR TDDDG HIPAA |
LGPD PDPA GDPR UK GDPR/PECR TDDDG HIPAA |
LGPD PDPA GDPR UK GDPR/PECR CCPA HIPAA |
For developers: For more information about anonymous data collection, see our developer guides.