As part of privacy legislation worldwide including GDPR, CCPA, PECR, and ePrivacy, it is often required to display a cookie banner informing users about cookies, or consent must be obtained before tracking visitors’ data.

However there is a solution available: you can use Matomo Analytics without needing consent and without a cookie banner, by following all the steps below.

Note: this applies if you use Matomo 3.13.6 or newer.

To avoid the analytics cookie consent banner, follow the steps below:

  1. Enable cookie-less tracking: how do I track a visitor without cookies when they have not given consent for tracking cookies?. (alternatively, if you are not planning to ask for cookie consent in the future, you can also disable all analytics cookies for all visitors). Learn more about how disabling cookies impacts data accuracy.
  2. Easily let users opt-out
  3. Mention Matomo in your Privacy Policy (see below).

No cookie consent is needed because:

  • tracking cookies are not used
  • the data is not used for any other purpose than analytics (compared to GA which uses it for other purposes and therefore always requires consent)
  • visitors aren’t tracked across websites (compared to GA which does track visitors across many websites)
  • a user cannot be tracked across days within the same website (no user profiles can be generated when cookies are disabled)

To not have to ask your visitors for consent (including the analytics cookie consent banner), then you need to make sure you do not track any personal data at all.

Follow these steps:

  • Make sure you disabled analytics tracking cookies (see section above).
  • Make sure IP addresses are anonymised (2 or 3 bytes) because the full IP address is considered personal data.
  • Make sure your Page URLs and Page titles should not include personal data/PII (such as the visitor’s name).
  • Make sure your Page Referrers URLs do not include personal data (we’ll be soon working on a new feature for this).
  • If you use features like Custom Dimensions, Custom variables, Event tracking, make sure the data you collect does not include personal data/PII.
  • If you use features such as Session Recording or Heatmap, you need to ensure you ignore any element in the page that includes personal data, so that any personal data are not tracked (learn more about masking content in Session recordings and Heatmaps).
  • If you use features such as Ecommerce tracking or User ID then you will likely need to ask for consent when these features are used. That’s because Ecommerce Order ID can be tied back to the customer, and User ID is often personal data/PII (even when replaced with a pseudonym).
  • Make sure the data collected in Matomo is used only for the audience measurement and evaluation of the website performance and not other purposes.
  • Make sure you are only tracking users on a single site and not tracking the same user across different websites.

All data you collect in Matomo without user consent should be anonymous.

Learn more details in our article about « How not to track personal data »

You must also 1) easily let users opt-out and 2) mention Matomo in your Privacy Policy (see below).

Let users opt-out

You must offer your users an easy way to opt-out from data collection, and include the opt-out form in a easy to access and visible page on your website, for example in your Privacy policy.

Mention analytics in your Privacy policy

Learn more about how to mention Matomo Analytics in your Privacy policy.