GDPR: When consent has been given by a user, set &consent=1 in the Tracking API URL #12834
Comments
|
This makes only sense though when Matomo users are aware to not embed the opt out iframe when using the consent feature. If the Matomo user / website owner is not aware that they are mutually exclusive, then an opted out user would not expect to be tracked. The safe solution that respects the privacy of users more be to never track when the user has opted out. (This is the current implementation). |
|
So should that be changed or not? Or should we make that configurable maybe? |
|
I think we at least need to know when a request was consented (eg. add Regarding whether to track users who have given consent + User opted-out earlier. I'd be fine keeping current behavior as this should be a rare case and therefore not very important either way. |
Possibly, can you think of a practical way to make it customisable? |
mattab
changed the title
|
edited the title and description:
|
mattab
added
the
Enhancement
Current behavior
When a user has given their consent, and if the user has already opted-out (via our opt-out iframe), then the requests that were consented are currently not tracked (because of opt-out).
EDIT: We will keep this behavior but we want to make it clear which requests were consented. Then someone could write a plugin or we could add a setting, to change and ignore the opt-out when consent is given (we'll keep it privacy by default in core).
Maybe a solution for this is to
&consent=1to all Tracking API requests that were consented (for the apache logs). Should be done in JS tracker.Then when checking if user is opted-out, also check that&consent=1was not set.(refs #12600 #12767 #12599)
The text was updated successfully, but these errors were encountered: