Setups required for a mobile app to be fully compliant with german standards

Privacy
1

Hello all,

i would like to use Piwik as it has received “green” light from german authorities, as documented here: https://www.datenschutzzentrum.de/uploads/projekte/verbraucherdatenschutz/20110315-webanalyse-piwik.pdf

However, I struggle to translate these requirements to use piwik correctly into the setting I have to make in my application/sdk and the front end.

It would be great if you can help me figure our which settings I must activate to be fully compliant.

Thank you very much, and best regards

PS: This answer could also be a good content page for your documentation.

2

Hi. The document you’re linking refers to a product that is currently called Matomo. However, I’m almost certain that Piwik PRO can be configured to meet all the mentioned requirements, since Piwik PRO and Matomo have common roots. Could you list the requirements / settings that you would like to meet / adjust while using Piwik PRO?

3

Thank you for your quick reply. We need to set up the following in our react native environment:

  • shorten IP addresses (e.g. by using Plugin „AnonymizeIP“) → ip_address_mask_length=2
  • Cookie / tracking consent (is enabling/disabling Piwik using PiwikProSdk.setOptOut(true) okay?)
    ** Does Anonymization still work after the opt out?
  • avoid using referrer data (not relevant for mobile app?)
  • set Lifetime of tracking cookie (in an app → identification of one user) to max 7 days

Best regards

4

Sure :slight_smile:

  1. How can I mask visitors IP addresses? | Piwik PRO help center
  2. Cookies are not created when using native mobile SDKs. What I suggest is not tracking data at all or turning on anonymization when there’s no consent.
  3. Most likely not relevant.
  4. I’d have to check with the team since each technology has different approach to the expiration of IDs.
5

Thanks!

  1. great, that was easy!
  2. what is the better way to comply with “no consent”?
    → PiwikProSdk.setAnonymizationState(true);
    vs.
    → PiwikProSdk.setOptOut(true)
  3. okay
  4. okay! :slight_smile:
6

Hey,

PiwikProSdk.setAnonymizationState(true) - will cause the data to be sent, but each time you run the application the visitorID will change. The userID and userMail fields will not be sent.

PiwikProSdk.setOptOut(true) - will disable tracking completely, as if it had never been implemented. Note that this flag must be set each time the app starts up and will default to false.

Additional, the VisitorID is generated automatically when the app is installed and this ID stored on the device. It changes when the user deletes the app and reinstalls it.

If you would like to change the visitorID from time to time, e.g. after 7 days, you would need to implement your solution that would store the date of the last created vistiorID and trigger after a timeout:

await PiwikProSdk.setVisitorId("new-vistior-id");

Which will set a new vistiorID for that device.

7

Thanks! i managed it by assigning unix timestamps (millisecond accuracy) as user/visitor id

on app launch I check if the user id’s timestamp is older than a week. If yes, I generate a new timestamp as user/visitor id

8

I am glad to have been able to help solve your problems.
Your solution for the timestamp as an identifier should be fine, but you need to know that there is a likelihood that two different users will receive the same identifier.