One of the biggest privacy concerns for analytics data is the ability for anyone to connect the online activity with individual people. A vast industry has grown around the collection and exploitation of that personal data for profit. Matomo stands out in the field of analytics as a privacy-focused solution that provides full control over how such Personally Identifiable Information (PII) is collected, processed and stored.
What is Personally Identifiable Information (PII)?
Personally Identifiable Information (PII) is any information that can be used to identify an individual. This could be as simple as a username or email address, or it could be something like a credit card number that can be linked to an individual. More specifically, PII is a classification of specific personal data defined in the US privacy law.
Laws in Europe are even broader than the US. All PII is considered personal data, but many things not covered by US law are also covered by privacy laws within the EU. For example, even seemingly innocent details such as an automatically generated Ecommerce order ID, or IP address are considered personal data. If they can ultimately be traced back to an individual user, then it should be considered personal data.
As a privacy concerned analytics user, your goal should be to collect and process as little PII and personal data as possible, while ensuring you have enough data to make analysis effective. Whenever you do collect PII or personal data, you want to ensure it is stored safely and securely. You can find a more comprehensive comparison of the two major privacy classifications and what they include here.
Consent for the collection and processing of personal data
Often website users are happy to share data where it provides a clear benefit. Privacy isn’t an all or nothing matter. It is possible that users will be happy to share personal information for some reasons but not others. For example, a user might be comfortable sharing their email address as part of a support request, but not agree to their email being linked with their analytics data or uploaded to advertising networks.
For this reason, it is generally good practice – and often a legal requirement – to gain consent from a user before collecting and processing their personal data. The type of consent required and method of implementation is likely to depend on the types of personal data you are collecting, and also how you plan on using it.
Types of consent within Matomo
Often, you will also need users to provide freely given and specific consent to the use of their personal data. While cookie consent has been one of the most common areas of focus in recent years, it is not the only tracking method. Matomo offers two forms of consent:
Tracking Consent: With this method, nothing is tracked by Matomo until the user has consented. This offers the highest level of privacy to users, but will likely result in missing or inaccurate tracking data for website owners.
Cookie Consent: This method prevents tracking cookies from being set until consent is gained. Cookies enhance collected tracking data, however, less specific data will still be collected before cookie consent has been provided.