@tsteur opened this Issue on April 29th 2020 Member

We would like to improve our documentation on privacy. Especially around consent and personal data.

Things we want to mention are:

  • When cookie consent is needed,
    • how to avoid it (disable cookies),
    • and how to ask for cookie consent should they need it
    • should someone ask for cookie consent, and the user clicks on "no" then it should be fine to still track without cookie as it is not the same as an opt out
    • When no cookie consent is required, you should still inform the user (not asking for consent) and have an opt out.
  • When tracking consent is needed (eg tracking personal data)
    • how personal data may be tracked (eg events, custom dimensions, userId, page URLs, ...)
    • how to check if they are tracking personal data
    • how to avoid tracking personal data (anonymise userId, anonymise orderId, setCustomTitle, setCustomUrl, ...)
      • We may at some point also want to have a list of some popular CMS, shops, ... and what data may be tracked through these. Eg Woocommerce has an orderId in the page URL in the order confirmation URL and thus you'd track potentially personal data without knowing
    • What tools can be used to ask for consent should consent be needed
    • What makes a good consent tool (by default all settings are opted out, user actively needs to opt in, no cheeky UI etc)
    • How to use a tracker consent tool with Matomo
    • How to implement a tracker consent screen yourself
  • Heatmaps or session recordings likely always requires proper consent
@Findus23 commented on April 30th 2020 Member

Bonus side effect: If we make all of this translatable (like #15574), we also have useful information for Matomo users in their native language.

Powered by GitHub Issue Mirror