In January 2022, the Austrian data protection authority declared the use of Google Analytics as insufficient with the GDPR. Numerous other European countries followed this ruling, considering Google Analytics non-compliant with current regulations and thus illegal.
The French CNIL (Commission Nationale de l'Informatique et des Libertés) then published a guide on how the use of Google Analytics could still be conducted legally. You can find the guide here: CNIL Guide.
To summarise the above link, anonymizing IP addresses alone does not provide sufficient protection according to GDPR/DSGVO definitions. Google Analytics can still be used GDPR compliant, but the technical implementation is likely too complex and time-consuming for the majority of SMEs to be a relevant solution.
To do this, website providers must ensure that for the entire traffic between visitors and the transfer of user properties to Google:
• IP addresses are completely removed
• Fingerprinting is made impossible
• All tracking information, such as UTM data, is removed
• User IDs are removed
• Cross-site or other unique IDs are removed
• All possibilities for identifying the user are removed in general.
Since removing UTM data alone significantly complicates precise campaign tracking and marketing and eliminates conversion optimization from Google Analytics to Google Ads, these points may be theoretically feasible but may also mean that many companies no longer derive value from Google Analytics.
It is much simpler to switch to a provider that can be used both cookieless and locally on your own servers. This is where Matomo comes in.
Matomo is an analytics provider that focuses on user rights and privacy. Matomo can be installed not only as a cloud solution like Google but also on your own servers, thus managing all data without worrying about data transfers to the USA.
The best part of this solution: As an on-premise (self-hosted) solution, Matomo is completely free to use (Matomo Pricing). Certain features must then be purchased as an annual subscription, but in our view, these are not essential for most companies and can be ignored or added individually as needed.
When using Matomo, a Matomo Tag Manager can also be deployed, which largely offers the same features as the Google Tag Manager. Events for conversions, pixels, and other custom tracking HTMLs can be set up and tracked on the site.
The biggest advantage of Matomo however, lies in the privacy focus that Matomo has built-in. The tool can be used relatively easily without consent in the cookie banner, as long as the right conditions are met. Matomo explains these transparently here:
How to use Matomo without cookie consent.
In this case, Matomo is configured not to set cookies, anonymize IP addresses, and avoid unique ID or customer IDs in URLs. Cross-domain tracking must also be waived.
These points should be easily implemented for most companies, potentially leading to an increase in analysis volume if cookie consent restrictions were previously severe.
Matomo should still be mentioned in the privacy policy, and an opt-out option for Matomo should be provided so that users have the option to object to this as well.
Matomo offers an excellent opportunity for EU companies to regain data that has been lost due to cookie consent and to further evaluate their own site's performance.
Thanks to a plugin store and additional features, Matomo can be expanded to the same functionalities as Google Analytics or even incorporate features that Google Analytics does not offer.
If you are interested in implementing Matomo for your company, we are happy to assist you with consulting and installation of the tool.
%20(1).jpg)
