Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Piwik users do not need cookie consent in France: make Piwik privacy enabled. #6341

Closed
mattab opened this issue Sep 30, 2014 · 5 comments
Closed

Piwik users do not need cookie consent in France: make Piwik privacy enabled. #6341

mattab opened this issue Sep 30, 2014 · 5 comments
Assignees
@mattab
Labels
c: Privacy For issues that impact or improve the privacy. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Milestone
2.8.0

Comments

@mattab
Copy link
Member

mattab commented Sep 30, 2014

The goal of this issue is to include a new small feature in piwik.js that will let French users of Piwik respect the best standards of privacy according according to CNIL recommendations.

When Piwik is configured to be compliant with CNIL recommendations then Piwik users in France do not need to display the cookie consent banner. This is a huge benefit to Piwik users!

To be compliant French Piwik users must:

  • Anonymise IP address in your Piwik (at least two bytes)
  • Display the opt-out iframe in your website(s)
  • Configure JS Tracker so that Cookies lifetime are not extended on each visit
    • Currently the tracking cookies are extended on each pageview and will expire 2 years after the last pageview.
    • What CNIL recommends is that all cookies must expire 13 months after the cookie was initially created and should not be extended.

The code used to achieve this is:

_paq.push([function() {
  var self = this;
  function getOriginalVisitorCookieTimeout() {
    var now = new Date(),
    nowTs = Math.round(now.getTime() / 1000),
    visitorInfo = self.getVisitorInfo();
    var createTs = parseInt(visitorInfo[2]);
    var cookieTimeout = 33696000; // 13 months in seconds
    var originalTimeout = createTs + cookieTimeout - nowTs;
    return originalTimeout;
  }
  this.setVisitorCookieTimeout( getOriginalVisitorCookieTimeout() );
}]);

Steps:

  • Let's make this feature built-in Piwik.
  • add unit test
  • Notify CNIL when new version of Piwik is released, maybe they can update instructions
@mattab mattab added Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. c: Privacy For issues that impact or improve the privacy. labels Sep 30, 2014
@mattab mattab added this to the Short term milestone Sep 30, 2014
@Taenvan
Copy link

Taenvan commented Oct 10, 2014

I fully support he Mattab's proposal, I'm a French user of Piwik and I think this option should be considered to meet the recommandations of the CNIL. From October 2014, The CNIL has decicidet to audit websites.

@mattab
Copy link
Member Author

mattab commented Oct 12, 2014

cnil tweet

@mattab mattab modified the milestones: Piwik 2.9.0, Short term Oct 13, 2014
tsteur added a commit that referenced this issue Oct 14, 2014
@tsteur
refs #6341 do not extend cookie lifetime on each pageload and expire …
ea508fa 
…already after 13 months

instead of 24months. This is the now done by default. If you want different
behavior you can call setVisitorCookieTimeout() manually
@tsteur tsteur modified the milestones: Piwik 2.8.0, Piwik 2.9.0 Oct 14, 2014
@tsteur tsteur self-assigned this Oct 14, 2014
tsteur added a commit that referenced this issue Oct 14, 2014
@tsteur
refs #6341 always calculate the remaining visitor cookie lifetime.
1eb64a4 
Otherwise the behavior whether lifetime will be extended or whether
remaining will be calculated would depend on the time at which
setVisitorCookieTimeout is called which is very confusing. Also makes
sure in case the page is open for an hour and there is a tracking
request the lifetime will not be extended by an hour.
tsteur added a commit to matomo-org/developer-documentation that referenced this issue Oct 14, 2014
@tsteur
refs matomo-org/matomo#6341 default visitor cookie lifetime is 13 mon…
c287c95 
…ths now
tsteur added a commit that referenced this issue Oct 14, 2014
@tsteur
refs #6341 for consistency set cookie lifetime to 13 months as well
fa10661
@tsteur
Copy link
Member

tsteur commented Oct 14, 2014

It should work now :) @mattab Can you notify CNIL, update FAQ etc and close afterwards?

@tsteur tsteur assigned mattab and unassigned tsteur Oct 14, 2014
@mattab
Copy link
Member Author

mattab commented Oct 14, 2014

Awesome, that's a big win for all French users of Piwik & for Privacy! 👍

@mattab mattab closed this as completed Oct 14, 2014
tsteur added a commit that referenced this issue Oct 14, 2014
@tsteur
refs #6341 forgot to commit this test
4b933af
@mattab
Copy link
Member Author

mattab commented Oct 29, 2014
edited

CNIL recommends Piwik: the only analytics tool that does not need Cookie Consent

Also: How do I use Matomo Analytics without consent or cookie banner?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mattab mattab

Labels
c: Privacy For issues that impact or improve the privacy. Enhancement For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc. Major Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Projects
None yet
Milestone
2.8.0
Development

No branches or pull requests
3 participants
@tsteur @mattab @Taenvan