@amargoShop opened this Issue on March 31st 2022

The disableBrowserFeatureDetection option completely disables browser fingerprinting. Unfortunately, important data is also lost in this way, such as the screen size and the type of end device (mobile, pc, tablet)

Summary

It would be perfect if you could set which data is saved during fingerprinting and which is not. In this way, one could continue to receive the data that does not violate the GDPR.

It could be a param for the call of "disableBrowserFeatureDetection" that you can set to "disable all", "allow all", "allow device info" (config_device_type, config_device_brand, config_resolution). Or - in the backend of Matomo - a list of checkboxes for each property (config_xyz) stored in the log_visit table.

@sgiehl commented on March 31st 2022 Member

@amargoShop Thanks for your suggestions.

As far as I know all those data might be subject to GDPR, even the screen size. The device type should actually still be detected with disabled browser features, as it is detected based on the useragent, which should be sent nevertheless.

@amargoShop commented on March 31st 2022

Thanks for your reply.
Please excuse my poor English

We have asked the IT-Recht-Kanzlei in Munic for this topic.
Here our Text we wrote ... (google tranlated)

"we only use Matomo for our customers without cookies. We have programmed a tool that deletes the data of the accessing device from the database every few minutes, so that no data is available to customers in Matomo that could be used to create a profile for the visitor. We only leave the following data in the database. - Screen resolution of the device - Type of device (mobile, pc, etc.) - Operating system - Browsers.
All other data will be deleted, so in my opinion no profile can be created. Would these measures be sufficient to omit the cookie content banner?"

And the answer (google tranlated)

"I would like to inform you that the additional measures are sufficient to make the use of Matomo not subject to approval. If you implement the solution as described, there is no need for consent via a cookie consent tool."

I think, the answer is clear :-)

Here you can find an article from Dr. Klaus Meffert. He thinks, that the device fingerprinting ist not a problem with the DSGV even if we use Matomo with fingerprinting enabled. He uses the same arguments as Matomo for his opinion.
https://dr-dsgvo.de/matomo-fuer-besucher-statistiken-auf-webseiten-datenschutzkonform-und-ohne-einwilligung-nutzen/ https://dr-dsgvo.de/matomo-fuer-besucher-statistiken-auf-webseiten-datenschutzkonform-und-ohne-einwilligung-nutzen/

This way is too dangerous for me and our customers, so I searched for a posibility to have both.
For our customers I want to provide the data they depend on to optimize their website and business and for the visitors of the websites of our customers I want real privacy.

Am 31.03.2022 um 14:49 schrieb Stefan Giehl @.***>:

@amargoShop https://github.com/amargoShop Thanks for your suggestions.

As far as I know all those data might be subject to GDPR, even the screen size. The device type should actually still be detected with disabled browser features, as it is detected based on the useragent, which should be sent nevertheless.


Reply to this email directly, view it on GitHub https://github.com/matomo-org/matomo/issues/19036#issuecomment-1084535680, or unsubscribe https://github.com/notifications/unsubscribe-auth/AYP2O3FFTMJ6DANI4P554UDVCWNM5ANCNFSM5SFG7LZQ.
You are receiving this because you were mentioned.

@sgiehl commented on March 31st 2022 Member

@amargoShop Thanks for the additional information.
So you want to track the browser features, but don't want to use them for creating the visitor id?
I'm actually not very deep into GDPR / ePrivacy topics. Maybe @tsteur or @Findus23 can give more useful information there.

@tsteur commented on March 31st 2022 Member

@amargoShop I'm not sure exactly what you would like to configure?

Powered by GitHub Issue Mirror