Note: On Cloud people cannot disable specific plugins so it will be also important to generally have a feature to disable/enable this feature.

We could still show "UserID" in the reports but mention it needs to be enabled by a super user to use this feature.

This would only apply to new installs but not existing installs

The way this feature would work is that it only blocks userId in the tracking. Basically, when disabled, the requestParam uid would always be set to an empty string. Everything else like archiving etc could still work the normal way for simplicity.

When disabled, we'd show an additional footer message like this in the report:

Still having the report allows still viewing historical data and being made aware this feature exists should they want to use it.

Ideally, we also directly implement this feature at the same time as it should not be too much more effort and prevents us from offering a yes/no option:
#15431

We'd then have a select with three options:

• Disabled
• Only track when user consented
• Enabled

To make Only track when user consented work we'd need to send an additional tracking parameter when the method setConsentGiven was called or when configHasConsent==true. We'd then only set the uid to an empty string if URL parameter &consent not equals 1.

Moving this issue out of the Matomo 4 milestone for now as its benefit is not 100% clear and we don't really have a way yet to implement the behaviour to only track when consent was given. More details below.

The feature won't really help all that much as users would be still able to track personal data through events, custom dimensions, page titles and URLs, etc. It would not really prevent tracking of personal data and be only one part of a solution and we need to see it all in a bigger picture. What are we trying to achieve here? Is it not tracking any personal data by default? Then we'd need to think of a solution that includes events, custom dimensions etc as well. Is it to make users aware they may or may not need to ask for consent before tracking a userId? Then we'd maybe have other ways to solve this that are better. Like in all the documentation around userId, in the app itself etc.

Generally, it be great to have features that may track personal data such as custom dimensions and events disabled by default and only track it when specifically enabled and privacy implications were understood by the user. It can then get quickly complicated though and we need to think this through better to tackle this for other features as well.

As this is not a breaking feature we can implement this any time and therefore moving it out of Matomo 4. A simple setting could otherwise look like this in the privacy -> anonymise settings

Generally speaking #15431 may be more interesting where we would track userId only if consent was given. However, we have no good way of knowing whether a user has given consent or not unless they use our JS tracker methods like setConsentGiven but many consent managers don't work like that and we wouldn't really know whether consent was given or not making it all a frustrating experience.

showing this screen on our matomo
It's means already enable