When you use Consent Manager and ask visitors for consent to data collection and usage, some of them won’t agree. So can you collect any data from these visitors? It depends on privacy laws and how your legal team interprets them.
In Piwik PRO, you can choose to collect some data from these visitors or don’t collect any of their data.
To set data collection for visitors who don’t consent, follow these steps:
- Go to Menu > Administration.
- Navigate to Sites & apps.
- On the left, pick the site or app you want to work with.
- Navigate to Privacy.
- Ask visitors for consent needs to be turned on because only then you’re showing a consent form on your site.
- In When visitors don’t consent, you can pick one option:
- Collect data using a 30-minute cookie: You’ll use a 30-minute cookie to collect session data. You won’t recognize new and returning visitors, but you’ll get data on the visitor’s country. Visitors’ IP addresses will be fully masked.
- Collect data without using cookies: You won’t create or store any cookies on visitors’ browsers. Nothing will be stored on visitors’ devices. You won’t recognize new and returning visitors, but you’ll get data on the visitor’s country. Visitors’ IP addresses will be fully masked.
Note: Some triggers in Tag Manager create cookies to function correctly. If you use one of the following conditions in triggers, we’ll set a cookie:
- Event condition > Traffic source
- Event condition > Returning visitor
- Event condition > Campaign
- Event condition > External referrer
- Multiplicity > Fire tag once per session
- Multiplicity > Fire tag multiple times per session, excluding first
- Multiplicity > Fire tag once per page view
Make sure that tags with those triggers are set with the right consent type.
We also set essential cookies that store visitor’s consent decision. More about cookies
- Don’t collect data: The tracking code won’t be fired for visitors.
- Click Save.
Comparison of options
Here’s a comparison table to help you choose the right option. Each setting uses different mechanisms for collecting data and for recognizing visitors and their sessions. Settings also affect what data you collect.
| When visitors agree | When visitors don’t agree | |||
|---|---|---|---|---|
| Cookies & session ID | 30-minute cookie | No cookies | Don’t collect data | |
| Mechanisms used to collect data | ||||
| First-party cookies | (1) | (2) | ||
| Local storage | ||||
| Session ID | (3) | |||
| Visitor’s IP address | Yes / No (4) | |||
| Visitor ID | ||||
| Collected data | ||||
| Capture all traffic | ||||
| New vs. returning visitors | ||||
| Visitor’s session | ||||
| Visitor’s location | Latitude, Longitude, Organization, Provider, City, Region, Country, Continent | Country, Continent | Country, Continent | |
| Events | ||||
| Traffic sources | ||||
| Channel attribution | Last-click, position-based, first-click, last-non-direct-click, time-decay, linear and custom models | Last-click | Last-click | |
| Consent stats | (5) | |||
| Privacy laws | ||||
| Compliant with | LGPD, PDPA, GDPR, UK GDPR/ PECR (7), TTDSG (7), HIPAA (8) | LGPD, PDPA, GDPR (6), HIPAA (8) | LGPD, PDPA, GDPR (6), UK GDPR/PECR (7), TTDSG (7), HIPAA (8) | LGPD, PDPA, GDPR, UK GDPR/PECR, CCPA, HIPAA (8) |
- You’ll use a 30-minute cookie to collect session data.
- We’ll set essential cookies that store each visitor’s consent decision. In addition, some triggers in Tag Manager will set cookies in order to funcion correctly. Make sure that tags with these triggers are set with the right consent type.
- We create a session ID to recognize the visitor’s session. We only use it for 30 minutes since the last event.
- You can mask visitors’ IP addresses under Administration > Sites & apps > Privacy > Mask IP addresses. An IP address gives you a visitor’s location. Masking it removes the selected number of bytes from the address before saving it to the database. Nobody will ever see the full address. Masking an address can enhance visitor privacy, as you won’t be able to see their precise location.
- You won’t collect any consent stats about people who don’t consent to analytics.
- Check the cookie policy in your local guidelines; different countries can have their own policy.
- Assuming the product is set up to avoid storing additional device-level information, such as screen resolution or browser plugins. You can set it in Administration > Sites & apps > Privacy > Don’t collect visitor’s device data (on).
- If you have the Enterprise plan and have signed a BAA with us.
For developers: For more information on how to set up the described data collection, read our developer guides.