When you configure Matomo with Complianz, there are two options:
- Enable Cookieless tracking. You will need Complianz to add the Matomo snippet to handle consent.
- If you don’t enable Cookieless tracking, you have 2 new choices;
- Add the snippet by Complianz
- Choose to either ask or not ask consent for Matomo
If you don’t choose to use Cookieless tracking, please read this article for other options.
Using Cookieless tracking with Matomo in Complianz
From 6.1 onward you can use Cookieless tracking with Matomo. This will replace the option to add Matomo with Complianz and start tracking before consent. This is how it works:
With Cookieless tracking, Complianz will set Matomo without cookies, without consent. Your website visitor will now be tracked, but possible personal data cannot be collected. This means the statistics are basic and will only show common metrics without context.
Complianz will also ask consent for Matomo. If your website visitor gives consent, we will release Matomo cookies to add context to your website’s visitors’ behaviour. Your users can always revoke consent and default to Cookieless tracking.
How to configure Complianz
Configuring in Complianz is pretty easy by answering 3 questions:
- Choose Matomo and enable Cookieless tracking in the wizard, under Consent -> Statistics
- It is required to let Complianz add the Matomo snippet
- Enter the URL of Matomo
- Enter your site ID
How to configure Matomo to comply with guidelines
If you want to use Cookieless tracking with Matomo and comply with the guidelines you will need to configure your Matomo dashboard as well:
- Make sure IP addresses are anonymized (2 or 3 bytes) because the full IP address is considered personal data.
- Make sure your Page URLs and Page titles should not include personal data/PII (such as the visitor’s name). For example, adding usernames or userIDs in parameters.
- Make sure your Page Referrers URLs do not include personal data (Matomo will be soon working on a new feature for this).
- If you use features like Custom Dimensions, Custom variables, Event tracking, make sure the data you collect does not include personal data/PII.
- If you use features such as Session Recording or Heatmap, you need to ensure you ignore any element in the page that includes personal data, so that any personal data are not tracked (learn more about masking content in Session recordings and Heatmaps).
- If you use features such as E-commerce tracking or User ID then you will likely need to ask for consent when these features are used. That’s because Ecommerce Order ID can be tied back to the customer, and User ID is often personal data/PII (even when replaced with a pseudonym).
- Make sure the data collected in Matomo is used only for the audience measurement and evaluation of the website performance and not other purposes.
- Make sure you are only tracking users on a single site and not tracking the same user across different websites.
All data you collect in Matomo without user consent should be anonymous.
Learn more details in Matomo’s article about “How not to track personal data”