GDPR + ePrivacy directive <==> Piwik documentation

Dear Piwik

I’ve just finalised an intensive exercise and conversation with a lawyer and the conclusion is that this is the only configuration that is fully compliant with both GDPR and ePrivacy directive:

I’m quite curious why:

  1. you state that the other configurations are also GDPR compliant?
  2. you don’t mention a word about the ePrivacy directive?

Would be interesting to have your opinion on this matter. :pray:

Hi Rutger,

The configuration you selected is the safest option and does comply with GDPR and ePrivacy directive.

Note that ePrivacy directive has been implemented across various member states inconsistently.

The other methods are solutions that you may elect to use. For instance CNIL allows to track visitors without consent using cookies or other technologies (as long as you comply with other rules they impose). Cookieless option is there to abide with the telco laws by not accessing the end user terminal. We’d calculate a temporary, short lived session ID to stich a couple of events together.

Some companies choose those options regardless of ePrivacy and GDPR. They assess their tracking and the extent of data collection (whether its personal or not). I recommend running a DPIA and then choosing the right option for your business.


Thanks for your view @piotr

1 Like