@tsteur opened this Issue on January 21st 2020 Member

In Matomo tracker we already have a method that can be called that a user has given consent to be tracked. We also already attach a tracking URL parameter consent=1 when consent was given.

I think by default, Matomo should record a raw (unhashed) User ID only if a user consented to it.

This is to protect user privacy. And User ID certainly can be considered personal data and therefore we should require by default our users to ask for consent in order to use this feature.

@Findus23 commented on January 21st 2020 Member

I would just keep in mind that for most User ID use cases it doesn't really matter if one stores a hashed or unhashed ID as it can be reversed trivially (e.g. hash e-mail of all registered users)

@tsteur commented on January 21st 2020 Member

Yep true. Probably in all cases it should require consent.

@voarsh2 commented on February 4th 2020

I think by default, Matomo should record a raw (unhashed) User ID only if a user consented to it.

I heavily DISAGREE with this

@Findus23 commented on February 4th 2020 Member

@voarsh2 Why do you think this shouldn't be the default (not suggesting removing this option)?
I'm genuinely interesting in hearing other peoples opinion in the new ideas for privacy features in Matomo.

Powered by GitHub Issue Mirror