GDPR - Right to access data #12595
Labels
c: Privacy
For issues that impact or improve the privacy.
Milestone
Comments
This was referenced Mar 6, 2018
|
As far as I understand and use Matomo there is no chance to identify an end user. The IP address is anonymised. Therefore I doubt that GDPR challenges Matomo as far as End Users stay unidentifiable. Same for ePrivacy Regulation IMHO |
|
@farfallosa that would be for Matomo configurations where the configuration is to anonymize users. There are other configurations in Matomo that waives this. |
|
For example pageURLs, userId and many other things could possibly contain personal data just FYI |
New tool Anonymize previously tracked raw data is implemented in #12558
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At a glance (source / learn more):
As part of GDPR we want to give Matomo users (the Matomo administrators, not end users) the possibility to access data for individual visitors / users. We would give various options like finding a user by VisitorID, User ID, IP address, …
As it is hard to identify one specific visitor / user in Matomo, we would show some information message about the “dangers” for example the Matomo admin needs to make sure that the end user is the actually the person she or he claims to be. This is practically pretty much only possible if for example someone is tracking users using the User ID feature and sets for an example an email address as the User ID.
While we give other options like finding visitors by visitor ID etc, those methods won’t be recommended as you could potentially hand out data to someone who is actually not that visitor. This is because the same visitor ID could be used for several visitors (eg within companies when they are in same network and save same computer software etc), and because someone potential “attacker” could possibly lookup a cookie ID or visitor ID while someone is not in front of the computer or through XSS etc.
The safest way would be when identifying users by login/email and then sending this information to the email that is linked with the actual login/email. The ICO writes “The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information” but we likely will just send the subject data to them by email.
We might integrate a button to send the exported data directly to a specific email address with some customizable text.
For plugins to support this feature we would recommend them to extend the Live API. We could also trigger an additional event to be more flexible and allow people to enrich and innovate on top of this feature.
In V1 or V2 we could store data about how often this has occurred per day/week/month etc.
We would also support the Activity Log feature and trigger an event whenever some data was exported.
The text was updated successfully, but these errors were encountered: