Today, I’m going to talk to you about a web analytics platform, and ethical alternative of Google Analytics, called Matomo.
Matomo is a Premium web analysis platform Open Source. Their philosophy is that they give you and your business 100% data ownership and user privacy protection.
It was founded in 2007 by Matthieu Aubry, and is being used by more than 1.4 million websites in more than 190 countries and in more than 50 languages.
As I said before, it is the ethical option to Google Analytics. In fact, here you can see the comparison between the two tools: https://matomo.org/matomo-vs-google-analytics-comparison/ And, to if you want to read more information in order to making a decision, you can read more information here: https://matomo.org/why-matomo/
In a time of growing concern for privacy and data ethics implementation, platforms like Matomo are growing rapidly.
The way in which Matomo demonstrates its Honesty and Reliability is to be totally Transparent in how they use their client’s personal data, and how they give their users total control over their own data.
Access to the privacy policy is in the main menu. This is a highly recommended practice for those organizations that really want to demonstrate how ethical and transparent they are with the data of their clients / users.
How Matomo guarantees 100% ownership of data to its users? You can choose to download the tool on your servers, or in Matomo Cloud.
If you download and host it on your server, you get 100% ownership of data, and Matomo has no way of accessing it.
In case you choose Matomo Cloud, in its Terms of Use they explicitly recognize that they do not obtain their rights over user personal data, so they cannot claim their property, and this also prevents their sale to third parties.
But, let’s go on figuring out how they give control to users over their personal data.
The GDPR is, in itself, a threat to cloud-based solutions where we have no idea who can access to the information we have hosted in it, and even less what they do with it.
Matomo can be configured to anonymize data automatically. So, no personal data is processed.
In case you do decide to process personal data, Matomo provides the tools to easily comply with the GDPR. This is IMPORTANT when it comes to showing our customers and users that we respect their privacy, and we make it easy, clear and transparent.
How are personal data anonymized with Mamoto?
Before we begin, let’s clarify what personal data are we talking about? We are talking about both direct personal data, and observed personal data, such as: Username, postal address, email address, credit card number, date of birth, telephone number, registration details, precise locations …
In addition, IP addresses, cookie identifiers, page URL or page titles, user ID and personalized «personal» data, transaction ID, location, heat maps and session recordings.
What is the interesting part? Matomo tells you how you can set up your account to anonymize personal data.
1. IP addresses. IP addresses can indirectly identify an individual, and can give a good approximation of their location.
Therefore, IP addresses are considered personal data. How can they be anonymized? Matomo recommends anonymizing at least the last two bytes:
And, what about Google Analytics?
Google knows all your website visitor’s IP addresses (and other unique identifiers) and the pages they have visited.
Because most other websites also use GA (or another Google product), Google can create a very accurate picture of most websites visited by any user. That is, PROFILES to which we do NOT have any access.
2. Cookies
Matomo allows you to optionally disable the creation of cookies by adding an additional line of code to your tracking code:
3. Page URL and page titles
How to anonymize this data?
There are several ways to do this. If your website adds personal data through query parameters, you can define a rule to exclude them from Matomo.
If personal data is not included within the query parameters, you can use the «setCustomURL» function and write your code as follows:
If you are also processing personal data within the title tag, you can use the following function: «setDocumentTitle» https://developer.matomo.org/guides/tracking-javascript-guide
What are the consequences of using this function?
When you anonymize URLs that contain personal data, some of your URLs will be grouped together.
4. User ID (User ID)
User identification is a function (a tracking code must be added) that allows the same user to be identified on different devices.
A user ID needs a corresponding database to link a user through different devices, it can be an email, a username, a random number.
All these data are online identifiers and, therefore, are observed personal data.
To continue using the user ID function, but not to register personal data, you can use a hash function that will anonymize / convert the real user ID into something illegible, such as «3jrj3j34434834urj33j3». Here Matomo talks about anonymizing data, but this is pseudonymizing data, and is still under the GDPR regulation.
You can also enable the «Anonymize user ID» function. This feature will be available starting with Matomo 3.5.0:
What are the consequences of using this function?
As a result, you will continue to receive accurate and visit metric from unique visitors, and the Visitor Profile, but without tracking the original user ID, that is personal information.
5. Ecommerce order ID
Ecommerce order IDs are the reference numbers assigned to the products / services purchased by users. As this information can be crossed with your internal database, it is considered an online identifier and, therefore, is a personal data.
How are Ecommerce irder IDs anonymized? You can anonymize them by using the built-in functionality to Anonymize order IDs. Matomo recommends consulting point 4 (User ID) to perform this action.
6. Location
Visitor’s location can be detected through visitor’s IP address. Location data is observed data and its technology has become quite accurate.
The point is that it’s not only you who knows visitor’s location, but the platform through which you are tracking your them.
Matomo recommends enabling the IP address anonymization function, as we saw in point 1. And then enabling the «Use anonymous IP address» setting.
It is VERY important to enable this option because if not, the full IP address will be used to geolocate a visitor.
What are the consequences of anonymizing location data?
Matomo tells us that the more anonymous bytes from the IP, the more anonymous the location will be. They suggest deleting two bytes, so the location reports of the city and region will not be as accurate. In some cases, even the country can no longer be detected correctly.
7. Heat maps and session recordings
«Heatmaps & Session Recording» is a Premium function in Matomo that lets you see where users click, write and move. With session recordings, you can play your actions in a video.
Heat maps and session recordings are regulated by the GDPR because they can reveal, in some cases, personal data, such as when filling out a contact form.
To avoid this, Matomo will anonymize all the keystrokes of a user when entering information in a form. Many fields that contain personal data, such as a credit card, a telephone number, an email address, a password, a social security number, etc., are always anonymized and not registered.
Next, let’s see how Matomo allows us to comply with the GDPR in case we do not want to anonymize personal data.
The first thing Matomo says is: If you are processing personal data of European citizens through Matomo, even if your company is outside of Europe, you must comply with the GDPR obligations.
In addition compliance with the GDPR is a long process consisting of several obligations:
1. Respect user privacy.
2. Documentation
3. Security procedures
What does Matomo do to help us in this process? Step by step tells us how users can exercise the rights that are recognized in the GDPR.
The Matomo team has worked to make a solution integrated in the tool to help comply with the GDPR:
1. Right to be notified. Articles 13-14 GDPR.
As I have said many times, these two articles, with the right to access to our information (Article 15 GDPR), constitute the paradigm of Transparency in the GDPR.
What data does Matomo collect? Here is the list: https://matomo.org/faq/general/faq_18254/
Organizations that report in a granulated way what they do with their user’s personal data, and give them access to ALL THEIR INFORMATION, have gained the TRUST of their clients.
How does Matomo do this?
First, it establishes that the personal data collected directly from the user must be notified before it’s processed by a clear privacy notice.
This, in the case of data collected directly from the user. If they are data collected from third parties (Article 14 GDPR), the data controller has up to one month to make this notification.
This privacy notice must include at least:
1. The reasons why you process personal data
2. For how long
3. With whom do you share personal data (Granulated description of those third parties, names, sector, what they will do with our data and, most importantly, ask for our consent)
4. A complete privacy policy page. Matomo’s is this: https://matomo.org/privacy-policy/
2. Right to access to the information. Article 15 GDPR.
When a user asks us for access to their information, the first thing to do is verify their identity.
You can ask for a copy of user’s ID, and other information about their registration form on the platform. Matomo recommends the function of checking if the email address of the request matches that registered by the user, in case the user ID function is being used https://matomo.org/docs/user-id/ to Process email addresses.
To help meet the access requests of interested parties, the following feature has been developed in: Administration → Privacy → GDPR Tools:
And, thus, obtain all the information associated with the user, such as visits, time of visits, actions carried out on the website, e-commerce orders, etc.
This information will be downloaded in a file with all the data to be sent by email to the user who has asked to exercise his right to access his information.
If you use the user ID with an email address, you only have to search for the user by his «user ID = email address».
3. Right of erasure or, right to be forgotten. Article 17 GDPR.
To remove the information of a specific user, Matomo explains the procedure: by clicking on administration, «GDPR Tools» in the Privacy category, and Search for a data subject:
Once here, DELETE SELECTED VISITS, and inform the user that his personal data has been properly deleted and request confirmation that he received your message, in compliance with Article 19 GDPR https://www.privacy-regulation.eu/en/19.htm
4. Right of rectification. Article 16 GDPR.
Here the procedure will be different depending on where Matomo is hosted.
Matomo advises that, if a user asks to exercise this right, use the right of deletion instead.
If Matomo is hosted on your server, the only way is to access the Matomo database and here they explain how it works: https://developer.matomo.org/guides/persistence-and-the-mysql-backend.
And then, inform the user that this action has been carried out, in compliance with Article 19 GDPR.
5. Right to data portability. Article 20 GDPR.
A user has the right to exercise the right to request a copy of their personal data. After verifying your identity, and searching for it, Matomo gives this option as follows:
Send the data to the user and ask them to confirm that they received their data.
6 – Right to object. Article 18 GDPR.
A user can object to the processing of their personal data. How does Matomo offer this function? It consists of an iFrame that must be inserted in a place on your website where the user can find it. Matomo recommends the page of your privacy policy, but I am in favor of putting it on the main menu.
Matomo gives the instructions to do so:
1. Click on administration
2. Click on «Users Opt-out» in the Privacy category
3. Adjust the HTML code according to your website (more information here: https://matomo.org/faq/how-to/faq_25918/)
4. Copy / Paste on the page you want your users to see
5. Prove that it works correctly
7. Right to withdraw consent
The GDPR states that, if a user gives us their consent, we must provide a way to withdraw it.
How does Matomo solve this? The user must perform a specific action, such as clicking on a «I don’t want to be tracked anymore» button.
Here, explained step by step: https://developer.matomo.org/guides/tracking-javascript-guide#asking-for-consent
DOCUMENTATION.
Matomo refers to the need to inform users clearly and transparently about personal data collection and how they use these data:
Which are Matomo advises?
1. Inform visitors through a clear privacy notice whenever they collect personal data. Here are Matomo’s recommendations: https://matomo.org/blog/2018/04/how-should-i-write-my-privacy-notice-for-matomo-analytics-under-gdpr/
2. Inform users in the privacy policy about what data they collect and how they are used (as a reminder: https://matomo.org/faq/general/faq_18254/).
3. Inform the entire team that Matomo Analytics is being used and what data its analysis platform is collecting. (Point 1)
4. Document the use of Matomo within your registration of information assets register. Matomo Recommendations: https://matomo.org/blog/2018/04/gdpr-how-to-fill-in-the-information-asset-register-when-using-matomo/
SECURITY MEASURES
1.Apply Matomo’s security recommendations in order to keep your data safe: https://matomo.org/security/
2. Verify that you have a written contract with the company providing you the Matomo server or hosting which guarantees adequate guarantees are provided.
3. Include Matomo in your data breach procedure.
4. Include Matomo in the data privacy impact assessment (DPIA), if applicable.
This is my report on Matomo. It is an ethical company that strives to demonstrate it to its users and helps its clients to comply with the data protection law, making great efforts of transparency and honesty.
This is a great example for many organizations that do not know how to start when it comes to being ethical and transparent, and how to prove it.