@Skywalker-11 opened this Issue on May 7th 2018

The german privacy officers (department responsible to ensure that everybody follows privacy rules in germany) have decided at the Datenschutzkonferenz that they interpret the GDPR in such a way that website owners have to actively accept the tracking (opt-in). From their point of view this applies to all of the eu states.

https://www.datenschutz.rlp.de/fileadmin/lfdi/Dokumente/Orientierungshilfen/DSK_Positionsbestimmung_TMG.pdf

Point 9. on page 3 says

Es bedarf jedenfalls einer vorherigen Einwilligung beim Einsatz von TrackingMechanismen,
die das Verhalten von betroffenen Personen im Internet
nachvollziehbar machen und bei der Erstellung von Nutzerprofilen. Das bedeutet,
dass eine informierte Einwilligung i. S. d. DSGVO
, in Form einer Erklärung oder
sonstigen eindeutig bestätigenden Handlung vor der Datenverarbeitung eingeholt
werden muss, d. h. z. B. bevor Cookies platziert werden bzw. auf dem Endgerät des
Nutzers gespeicherte Informationen gesammelt werden.

Translated it means something like:

There is the requirement to get the content [from the user] when using tracking mechanisms that make
the behaviour of people in the Internet reproducible and creates user profiles. This means that a briefed
consent within the meaning of the DSGVO [german GDPR law] in form of a declaration or other
unambiguous confirmed act must be achieved before the data processing, meaning for example before placing cookies or collecting information stored on the users device

TLDR: user trackers such as matomo must ask the user before collecting any data (opt-in)

@Findus23 commented on May 7th 2018 Member

Hi,

You can find a discussion about this topic on the forum:
https://forum.matomo.org/t/braucht-matomo-ein-opt-in-um-dsgvo-konform-zu-sein/28118?u=lukas

Matomo 3.5.0 supports a consent feature, so you can integrate an opt-in into your website:

https://developer.matomo.org/guides/tracking-javascript-guide#asking-for-consent

@mattab commented on May 7th 2018 Member

Thanks for the report. Our point of view is also that you can choose the lawful basis between Consent and Legitimate interest. We wrote an article here: https://matomo.org/blog/2018/04/lawful-basis-for-processing-personal-data-under-gdpr-with-matomo/

@dev-101 commented on May 8th 2018

Are there any plans to support other languages for Opt-In/Out forms?

@Findus23 commented on May 8th 2018 Member

The opt out iFrame should already be translated in nearly all languages supported by matomo.
You can change it by adding e.g. a &language=de get parameter.

@dev-101 commented on May 8th 2018

Thanks, I just saw the language parameter, sorry not sure how I missed it!

@mattab commented on May 8th 2018 Member

we've also published the documentation in Asking for consent on the developer site.

fyi: currently one needs to write the UI for the consent windows which uses the Matomo JS methods, and we will see how this evolves over the next few months. there will likely be some kind of standard consent windows solutions coming up, (including some recommended by GG in https://www.cookiechoices.org/intl/en/) which maybe we could integrate somehow in Matomo.

Powered by GitHub Issue Mirror