Privacy compliant

Data collection and tags
1

Hi! My country, Malaysia are enacting a new PDPA amendment (similar to Singapore PDPA and EU GDPR), and would be requiring a DPO for each and all data users.

As my new project doesn’t have any funding (with no plan of actually getting any), we do not plan to collect any personal data, and after looking around for a few days, I discovered this, Piwik Pro, looks promising and have a free quote for Piwik Pro Core is too high for me to ever exceed (and if I exceed, I probably already hv enough money to pay for it lol).

However in order to not become a data user (data controller under GDPR), I wanted to ask on how to I use Piwik Pro Core without collecting any personal data, and what data does Piwik Pro Core collect? My site don’t collect any personal data (I don’t even hv contact form and contact emails, all will be redirected to our Discord server), so for other things non-related to Piwik Pro, I am pretty secure.

I had implemented all of these Piwik Pro Core settings from my site, and I wonder if there is any other data that might be collected from Piwik Pro Core:

Screenshot 2023-09-13 at 5.41.56 PM
Screenshot 2023-09-13 at 5.41.56 PM2046×1082 219 KB

Disabled cookies and session ID

Screenshot 2023-09-13 at 5.44.40 PM
Screenshot 2023-09-13 at 5.44.40 PM1230×736 72.9 KB

Enabled Comply with CNIL guidelines and don’t collect visitor device data

Screenshot 2023-09-13 at 6.27.38 PM
Screenshot 2023-09-13 at 6.27.38 PM1230×380 37.9 KB

Disable collect visitors’ IP addresses

I would like to ask, with all of these methods enabled, what data does Piwik Pro still collect? And which is categorised as personal data?

And with IP disabled, how does Piwik Pro able to know where is my users from?

2

Hi @Jst_Tan,

Welcome to our community!

Here are the most important articles for your case:

  1. Collect data in a privacy-friendly way | Piwik PRO help center
  2. What data does Piwik PRO collect? | Piwik PRO help center
  3. How to make your website compliant with GDPR | Piwik PRO help center

Best,
Oliwer

3

Hi there! I hope you are fine, and thanks you for your quick response.

Instead of complying to GDPR and Malaysia PDPA, I do not want to collect any sorts of personal data, so I would not be subjected to it instead.

During the reading of the page, I read that cookie_id could disclose visitor identity, may I ask with the setup I provided above, i already disabled it right?

Based on what i read and analysis with Preplexity AI, browser information, device information, resolution and operating system is consider as personal data? Any methods to disable all of this from being collected from Piwik Pro?

4

Yes, the setup from above have usage of cookie_id turned off.

This have to be turned on to not collect device data for not consenting visitors:

image
image852×188 16.5 KB

Menu → Administration → Sites & Apps → [site you’re doing setup for] → Privacy → Consent → Don’t collect visitor’s device data

Best,
Oliwer

5

May I ask if the ‘Don’t collect visitor’s device data’, will disable all of the browser info, resolution and operating system?

I already disable it from the photo above, but it still collect all of the info through?

6

This switch should be turned on and on the picture it is turned off.

7

Yes it is, but when I test it myself, it show browser info, resolution and operating system in my analytics, so i want to ask what I am doing wrong.

8

Hi! I would like to make a reply that, after a day had passed, and an attempt was retried, it still failed and all device data, such as browser info, device type, device brand, device model, operating system, browser language, browser type and resolution, I will reset the settings again, and did it again, hopefully it will work fine tmr (since it doesn’t show time, so I hv no idea if it work or not now).

9

Hi @Jst_Tan,

This is how it should look like:

image
image845×191 16.6 KB

How to check if it’s working:
Before turning it on:

image
image1361×708 65.6 KB

After turning it on:
image
image1402×777 74.4 KB

This switch as in description do not collect the resolution and browser plugins from visitor device. In case you still see this data in tracker debugger then you could use this method:

_paq.push(["setSessionIdStrictPrivacyMode", true]);

In case you want to remove any particular parameter from requests that is not covered by our UI you can also use this JS method (setCustomRequestProcessing) API — Piwik PRO Analytics Suite 18.1 documentation which allows you to change/remove/add parameters to the request itself. You can find what are the request parameters here:Tracking HTTP API — Piwik PRO Analytics Suite 18.1 documentation

10

Also this will remove this infromation from collection at the moment of setup, and will not affect the data that was already collected. There is no way to change data that was already collected

11

May I ask on how to access the screen you screenshot, as I am new to Piwik Pro and still learning on how to use this.

12

May I ask on how to add the method you mentioned, inside the JavaScript code provided in Piwik Pro, while not messing it up in the process?

13

Of course:
Menu → Analytics → Settings → Tracker debugger
Here is article on what it is: About the tracker debugger | Piwik PRO help center but in short it shows you real time data send to Piwik PRO.

You can use our Tag Manager and custom code (async) tag. Here is article about it: Custom code (async) tag | Piwik PRO help center

14

Screenshot 2023-09-15 at 8.17.45 PM
Screenshot 2023-09-15 at 8.17.45 PM1256×330 29.9 KB

Hi! After enabling this, it disable the collection of device resolution, however it didn’t disable the collection of device brand, device type, device model, OS, browser language, browser info, which is classed as personal data by the page you linked previously, may I ask on how to disable it? Without needed me to write the code myself?

15

Hi there! It been sometimes since I last checked it, however it still remain the same, I would like to ask, if there is any methods to not collect the device brand, device type, device model, OS, browser language, browser info, which is classed as personal data, and I want to disable it to prevent me being classed as a data controller. Is it possible to not create the tracking code myself (prebuilt or pre-written), or are there any guides that can guide me through each steps, so i know i wouldn’t be doing it wrongly, or mistaken any lines?

16

Hi, this can be handled with the method that would modify a tracking request.
In this case you could use the method called setCustomRequestProcessing (the method which can be set in Piwik PRO Tag Manager and which Oliwer has already mentioned) API — Piwik PRO Analytics Suite 18.1 documentation

The query string element that should be replaced here is called ua= and it can equal null or
undefined.

More on available parameters that can be replaced in the tracking request can be found here:

Unfortunately, there is no other way of doing this and there is no option for that in the UI.

Also, here are our guidelines on how to comply with applicable data protection laws: How can I comply with applicable data protection laws? | Piwik PRO help center

17

Ok I will try it out, thanks for the links. Is it possible for me to work on this during the weekend, and post the code I made here, for you guys to analysis it beforehand, I afraid I might miss some, since I am not good with these API.

18

Hi there! I just written this code with the guide from your page above, however i want to ask if this code will disable collection of any data that is personally identifiable (user_id, cookie_id, visitor_id, browser info, device info, OS info, resolution, location info, IP), or disable any data which is classed as personal data? And may I ask with the code could ran well with Github Pages?

I am not that good in working with API, so I want to apologise if I am being too annoying, I just wanna to be compliant with the privacy laws.

<!-- Piwik -->
<script type="text/javascript">
  var _paq = window._paq || [];
  _paq.push(['setUserIsAnonymous']);
  _paq.push(['disableCookies']);
  _paq.push(['setRequestMethod', 'POST']);
  _paq.push(['setCustomUrl', window.location.href]);
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
_paq.push(["setIpTracking", false]);
  (function() {
    var u="//your-piwik-domain.com/";
    _paq.push(['setTrackerUrl', u+'piwik.php']);
    _paq.push(['setSiteId', 'YOUR_SITE_ID']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<!-- End Piwik Code -->
19

Hello everyone! I hope anyone could help and assist me about this. Thanks.

20

Sorry for the late reply, unfortunately, we are not able to process your request of reviewing your snippet of code because it is out of our scope of action. We provided you with all the important resources to set it up and you could use them to create the setup that would suit your preferences best.

From my side I can only tell you that in your script you missed the setCustomRequestProcessing with the appropriate ua value which is the only method that could be used here to achieve your desired outcome.