Cookie usage and GDPR compatibility #14463
Labels
answered
For when a question was asked and we referred to forum or answered it.
Comments
|
Using the JS tracker you can
see https://developer.matomo.org/api-reference/tracking-javascript and eg in Admin => Privacy => Consent page. You should be able to implement any behaviour you want with it. Eg disable cookies when DNT is enabled. Not sure if anything else needs to be done here? Should be all possible. |
mattab
added
the
answered
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently Matomo places cookies in the visitor's browser, but the server running Matomo can be configured to ignores these cookies when DNT is enabled in the visitor's browser. I'm having doubts about whether this is actually legally permitted from a GDPR perspective.
According to my interpretations of the GDPR, storing a tracking cookie requires a visitor's prior consent. This provides visitors actual control over their own privacy. A statement like: "we place cookies, our server receives them, but we don't use them" is in my opinion not strong enough in this context. This is beyond a visitor's span of control. I think it would be good if Matomo had a config setting for disabling the actual placing of cookies when DNT is detected.
A legally correct workaround would be to have a cookie consent button on the website, but that is actually what I'm trying to prevent.
The text was updated successfully, but these errors were encountered: