@mattab opened this Issue on March 6th 2018 Member

At a glance (source / learn more):

  • Individuals have the right to access their personal data and supplementary information.
  • The right of access allows individuals to be aware of and verify the lawfulness of the processing.

As part of GDPR we want to give Matomo users (the Matomo administrators, not end users) the possibility to access data for individual visitors / users. We would give various options like finding a user by VisitorID, User ID, IP address, …

As it is hard to identify one specific visitor / user in Matomo, we would show some information message about the “dangers” for example the Matomo admin needs to make sure that the end user is the actually the person she or he claims to be. This is practically pretty much only possible if for example someone is tracking users using the User ID feature and sets for an example an email address as the User ID.

While we give other options like finding visitors by visitor ID etc, those methods won’t be recommended as you could potentially hand out data to someone who is actually not that visitor. This is because the same visitor ID could be used for several visitors (eg within companies when they are in same network and save same computer software etc), and because someone potential “attacker” could possibly lookup a cookie ID or visitor ID while someone is not in front of the computer or through XSS etc.

The safest way would be when identifying users by login/email and then sending this information to the email that is linked with the actual login/email. The ICO writes “The GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information” but we likely will just send the subject data to them by email.

We might integrate a button to send the exported data directly to a specific email address with some customizable text.

For plugins to support this feature we would recommend them to extend the Live API. We could also trigger an additional event to be more flexible and allow people to enrich and innovate on top of this feature.

In V1 or V2 we could store data about how often this has occurred per day/week/month etc.

We would also support the Activity Log feature and trigger an event whenever some data was exported.

@farfallosa commented on March 8th 2018

As far as I understand and use Matomo there is no chance to identify an end user. The IP address is anonymised. Therefore I doubt that GDPR challenges Matomo as far as End Users stay unidentifiable. Same for ePrivacy Regulation IMHO

@braiam commented on March 15th 2018

@farfallosa that would be for Matomo configurations where the configuration is to anonymize users. There are other configurations in Matomo that waives this.

@tsteur commented on March 15th 2018 Member

For example pageURLs, userId and many other things could possibly contain personal data just FYI

@mattab commented on April 24th 2018 Member

New tool Anonymize previously tracked raw data is implemented in https://github.com/matomo-org/matomo/pull/12558

anonymize previously tracked raw data

This Issue was closed on April 24th 2018
Powered by GitHub Issue Mirror