The reason for choosing Matomo is obvious, we want to own and control our data and avoid getting fines GDPR violations etc.
At the same time we need data to learn about our visitors to be able to improve our services, so having relevant data is very important.
Getting inline with GDPR with Matomo is not as simple as just using Matomo though, since Matomo is just one piece in the pussel for compliance.
But lets start by explaining what you need to comply with in regards to tracking or usage of any other 3rd party service on your website.
What is needed for GDPR compliance?
1. Block
Block all 3rd party scripts and cookies before you have a consent (very important)
2. Inform
Inform about your intentions and 3rd party data sharing sharing.
3. Consent
Collect a consent to share data and do profiling
4. Profile and share
If you have a consent you can now start sharing data and do profiling
Tracking before having a consent with Matomo
Setting up Matomo correctly gives you the opportunity to collect data with Matomo before you have a consent!
How this works?
Understand GDPR in relation to tracking correctly
GDPR actually points out that you need to have a consent if you are doing profiling of users. Profiling is when you remember the visitor over time, which is what Matomos cookies are doing.
This means that with cookies disabled we cn actually track visitors before we have the consent!
We have seen increases with 30-50% in your visit numbers after applying this approach for our clients.
1. Block & track
Block all 3rd party scripts and cookies before you have a consent (very important) but allow Matomo without cookies
2. Inform
Inform about your intentions and 3rd party data sharing sharing. But also that you are collecting anonymized data without profiling and data sharing.
3. Consent
Collect a consent to share data and do profiling.
4. Profile and share
If you have a consent you can now start sharing data and do profiling. This means you will allow Matomo to
set Cookies.
Set up Matomo without cookies
How to set up Matomo to run without Cookies and then to align with your consents from your CMP platform. (This guide expects you to use the Matomo Tag Manager).
Step 1 - Disable cookies by default
Go to your Matomo Configuration Variable and check the setting named "Require cookie consent" - this setting will disable all cookies by default, but still allow cookie less tracking.
Step 2 - Set up a variable in Matomos Tag Manager to detect analytics consent
This step is really dependent on how your Cookie Manager works. Sometimes you need to look inside a cookie or in local storage. If the CMP is more mature, they usually have a Javascript API you can use. Some examples below
You can set up a custom Javascript variable in Matomo looking like this for example:
function () {
// Check if 'cookiehub' is defined and it is not undefined if (typeof cookiehub !== 'undefined' && cookiehub) {
// Check if consent for 'analytics' has been granted
return cookiehub.hasConsented("analytics");
} else {
// Always return false if 'cookiehub' is not defined
return false;
}
}
Step 3 - Allow Matomo to set cookies when we have a tracking consent
What we want to achieve is to tell Matomo when to allow cookies, this is done by execuring this code (Creata a customHTML tag):
<script>
var _paq = window._paq = window._paq || [];
_paq.push(['rememberCookieConsentGiven']);
</script>
Finally create a trigger to fire this tag, something like this (note that a Pageview trigger might not be the best options, this always depend on your CMP platform) Remember to test! properly:
You should create a similar tag for when a consent is removed with this code.
<script>
var _paq = window._paq = window._paq || [];
_paq.push(['forgetCookieConsentGiven']);
</script>
This solution maximizes the data collection without compromising GDPR!