Hi!
I would like to use PIWIK.PRO without the user’s consent and comply with the GDPR.
The last table at Collect data in a privacy-friendly way | Piwik PRO help center shows that the Visitor ID is still used in the “No cookies” mode, so it does not provide is GDPR compliance. I wonder how it is possible since the Visitor ID is stored in a cookie, and “No cookies” mode excludes the use of cookies. Theoretically, this mode uses only session data, not visitor data, so should be GDPR compliant. Am I right?
I kindly ask for help.
You can use the Session ID and disable cookies (as on the screenshot below). We create a Session ID by encrypting device information received in the request and adding a temporary random parameter that is valid for 30 minutes. The Session ID does not allow to track a visitor (the VisitorID will change for every subsequent session of the same visitor) and hence should not be considered as personal data (GDPR will not apply).
Additionally, we introduced a new option that should be released next week, that limits further the information read from the device to create Session ID to improve further privacy protections and ensure compliance with other laws such as TTDSG in Germany:
If enabled, we’ll rely only on the information that is transmitted every time the device requests and loads a website or any other web resource (part of the HTTP protocol).
Note also that you need to make sure that when you collect additional data via custom dimensions, custom events etc. they won’t add any information that will allow you to identify the visitor or an individual.