How to set up Matomo to track as much data as possible without violating GDPR

With Matomo you can collect almost everything without violation GDPR, read more to understand how!
How to set up Matomo to track as much data as possible without violating GDPR
Tomas Persson
2024-05-16

The reason for choosing Matomo is obvious, we want to own and control our data and avoid getting fines GDPR violations etc.

At the same time we need data to learn about our visitors to be able to improve our services, so having relevant data is very important. 

Getting inline with GDPR with Matomo is not as simple as just using Matomo though, since Matomo is just one piece in the pussel for compliance.

But lets start by explaining what you need to comply with in regards to tracking or usage of any other 3rd party service on your website. 

What is needed for GDPR compliance?

1. Block

Block all 3rd party scripts and cookies before you have a consent (very important)

2. Inform

Inform about your intentions and 3rd party data sharing sharing.

3. Consent

Collect a consent to share data and do profiling

4. Profile and share

If you have a consent you can now start sharing data and do profiling

Tracking before having a consent with Matomo

Setting up Matomo correctly gives you the opportunity to collect data with Matomo before you have a consent! 

How this works?

Understand GDPR in relation to tracking correctly

GDPR actually points out that you need to have a consent if you are doing profiling of users. Profiling is when you remember the visitor over time, which is what Matomos cookies are doing. 

This means that with cookies disabled we cn actually track visitors before we have the consent!

We have seen  increases with 30-50% in your visit numbers after applying this approach for our clients. 

1. Block & track

Block all 3rd party scripts and cookies before you have a consent (very important) but allow Matomo without cookies

2. Inform

Inform about your intentions and 3rd party data sharing sharing. But also that you are collecting anonymized data without profiling and data sharing.

3. Consent

Collect a consent to share data and do profiling.

4. Profile and share

If you have a consent you can now start sharing data and do profiling. This means you will allow Matomo to 

set Cookies.

Set up Matomo without cookies

How to set up Matomo to run without Cookies and then to align with your consents from your CMP platform. (This guide expects you to use the Matomo Tag Manager).

Step 1 - Disable cookies by default

Go to your Matomo Configuration Variable and check the setting named "Require cookie consent" - this setting will disable all cookies by default, but still allow cookie less tracking.

Step 2 - Set up a variable in Matomos Tag Manager to detect analytics consent

This step is really dependent on how your Cookie Manager works. Sometimes you need to look inside a cookie or in local storage. If the CMP is more mature, they usually have a Javascript API you can use. Some examples below

Platform Code
CookieHub window.cookiehub.hasConsented('analytics');
Cookiebot Cookiebot.consent.statistics;
Onetrust OnetrustActiveGroups;
Onetrust OnetrustActiveGroups;
CookieInformation CookieInformation.getConsentGivenFor('cookie_cat_statistic');

You can set up a custom Javascript variable in Matomo looking like this for example:

function () {
  // Check if 'cookiehub' is defined and it is not undefined   if (typeof cookiehub !== 'undefined' && cookiehub) {
    // Check if consent for 'analytics' has been granted
    return cookiehub.hasConsented("analytics");
  } else {
    // Always return false if 'cookiehub' is not defined
    return false;
  }
}

Step 3 - Allow Matomo to set cookies when we have a tracking consent

What we want to achieve is to tell Matomo when to allow cookies, this is done by execuring this code (Creata a customHTML tag):

 <script>
  var _paq = window._paq = window._paq || [];
 _paq.push(['rememberCookieConsentGiven']);
</script>

Finally create a trigger to fire this tag, something like this (note that a Pageview trigger might not be the best options, this always depend on your CMP platform)  Remember to test! properly:

 

You should create a similar tag for when a consent is removed with this code.

<script>
    var _paq = window._paq = window._paq || [];
   _paq.push(['forgetCookieConsentGiven']);
</script>

This solution maximizes the data collection without compromising GDPR!

Contact us if you need help to integrate your CMP platform with Matomo

Dela
Taggar
Arkiv
Skapa en cookietext till Matomo
En cookie text behöver bla innehålla information med vilka cookies som sätts samt med vilka aktörer man delar data.