Can I collect any data from visitors who don’t consent?

Consent Manager

Needed permissions: owner

When you use Consent Manager and ask visitors for consent to data collection and usage, some of them won’t agree. So can you collect any data from these visitors? It depends on privacy laws and how your legal team interprets them. 

In Piwik PRO, you can choose to collect some data from these visitors or don’t collect any of their data.

To set data collection for visitors who don’t consent, follow these steps:

  1. Go to Menu > Administration.
  2. Navigate to Sites & apps.
  3. On the left, pick the site or app you want to work with.
  4. Navigate to Privacy.
  5. Ask visitors for consent needs to be turned on because only then you’re showing a consent form on your site.
    Ask visitors for consent in Piwik PRO
  6. In When visitors don’t consent, you can pick one option:
    • Collect data using a 30-minute cookie: You’ll use a 30-minute cookie to collect session data. You won’t recognize new and returning visitors. You’ll see data about visitor’s country. Visitors’ IP addresses will be fully masked.
    • Collect data without using cookies: You won’t create or store any cookies on visitors’ browsers. Nothing will be stored on visitors` devices. You won’t recognize new and returning visitors. You’ll see data about visitor’s country. Visitors’ IP addresses will be fully masked.

    Note: Some triggers in Tag Manager create cookies to work correctly. If you use one of the following conditions in triggers, we’ll set a cookie:

    • Event condition > Traffic source
    • Event condition > Returning visitor
    • Event condition > Campaign
    • Event condition > External referrer 
    • Multiplicity > Fire tag once per session
    • Multiplicity > Fire tag multiple times per session, excluding first
    • Multiplicity > Fire tag once per page view

    Make sure that tags with those triggers are set with the right consent type.

    We also set essential cookies that store visitor’s consent decision. More about cookies

    • Don’t collect data: The tracking code won’t be fired for visitors.
  7. Click Save.

Comparison of options

Here is a comparison that can help you decide which option to choose. Each setting uses different mechanisms for collecting data, recognizing visitors and their sessions. It also affects what data you will collect.

When visitors agree When visitors don’t agree
Cookies & session ID 30-minute cookie No cookies Don’t collect data
Mechanisms used to collect data
First-party cookies (1) (2)
Local storage
Session ID (3)
Visitor’s IP address Yes / No (4)
Visitor ID
Collected data
Capture all traffic
New vs. returning visitors
Visitor’s session
Visitor’s location Latitude, Longitude, Organization, Provider, City, Region, Country, Continent Country, Continent Country, Continent
Events
Traffic sources
Channel attribution Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models Last-click Last-click
Consent stats (5)
Privacy laws
Compliant with LGPD, PDPA, GDPR, UK GDPR/ PECR (7), TTDSG (7) LGPD, PDPA, GDPR (6) LGPD, PDPA, GDPR (6), UK GDPR/PECR (7), TTDSG (7) LGPD, PDPA, GDPR, UK GDPR/PECR, CCPA
  1. You’ll use a 30-minute cookie to collect session data.
  2. We’ll set essential cookies that store visitor’s consent decision. Also some triggers in Tag Manager set cookies to work correctly. Make sure that tags with those triggers are set with the right consent type.  
  3. We create a session ID to recognize the visitor’s session. We use it only for 30 minutes since the last event.
  4. You can mask IP addresses for visitors under Administration > Sites & apps > Privacy > Mask IP addresses. The IP address informs about visitor’s location. This option removes the selected number of bytes from the address before saving it to the database. Nobody will ever see the full address. Masking it can enhance visitors privacy because you won’t recognize their full location.
  5. You won’t collect any consent stats about people who don’t consent to analytics.  
  6. Check the cookie policy in your local guidelines. Each country can have their own policy.
  7. Assuming the product is set up not to store additional device-level information like screen resolution or browser plugins. Set it up in Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on).

For developers: For more information on how to set up described data collection, read our developer guides.

Was this article helpful?

Technical support

If you still have some questions, visit our community.
There’s always someone ready to help!

Back to help center