Require consent in order to use userID feature

matomo-org / matomo

Empowering People Ethically with the leading open source alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. Liberating Web Analytics. Star us on Github? +1. And we love Pull Requests!

https://matomo.org/

GNU General Public License v3.0

19.7k stars 2.62k forks source link

Require consent in order to use userID feature #15431

Open tsteur opened 4 years ago

tsteur commented 4 years ago

In Matomo tracker we already have a method that can be called that a user has given consent to be tracked. We also already attach a tracking URL parameter consent=1 when consent was given.

I think by default, Matomo should record a raw (unhashed) User ID only if a user consented to it.

This is to protect user privacy. And User ID certainly can be considered personal data and therefore we should require by default our users to ask for consent in order to use this feature.

Findus23 commented 4 years ago

I would just keep in mind that for most User ID use cases it doesn't really matter if one stores a hashed or unhashed ID as it can be reversed trivially (e.g. hash e-mail of all registered users)

tsteur commented 4 years ago

Yep true. Probably in all cases it should require consent.

voarsh2 commented 4 years ago

I think by default, Matomo should record a raw (unhashed) User ID only if a user consented to it.

I heavily DISAGREE with this

Findus23 commented 4 years ago

@voarsh2 Why do you think this shouldn't be the default (not suggesting removing this option)? I'm genuinely interesting in hearing other peoples opinion in the new ideas for privacy features in Matomo.