Open SW-Vincent opened 1 year ago
Hi @SW-Vincent . Thank you for taking the time to create this issue. That sounds like an interesting idea for an enhancement. I'll add it to our backlog to be investigated and prioritised.
Thanks for creating this ticket @SW-Vincent . I'm looking into whether we can potentially pick this up in the upcoming few months, and I'm wondering what the appropriate UX flow here is.
Some considerations (mainly for getting my own thoughts straight)
What I'm not 100% sure of:
If that's what you have in mind, my return questions would be:
Hi, to answer your questions :
"This request is only for using heatmaps/recordings in Matomo Tag Manager? (so not for people that use it through the JS code)" -> this request is for both, as heatmaps and session recordings are mostly unrelated to Tag Manager.
"What do you mean with "at the moment, disabling heatmap / session recordings makes it impossible to ask user consent and also erases all historical data for them"?"" -> when disabling heatmaps and session recordings throught parameters, no more data is going to be collected, the matching reports disappear from the interface and you cant re-enable it during the session like you can do for MediaAnalytics
"you're mentioning that this is specifically for Tag Manager. Am I correct that the following is what you want to achieve: Your Tag Manager is always active, also without consent" -> I am referring to Tag Manager because I am a Tag Manager user on all the accounts I manage and if we cant "soft" disable (do not capture by default but can be re-enabled) Heatmaps and Session recordings within the interface there might be an easy option to do so within the configuration variable (a checkbox basically). Doing something similar without the Tag Manager wouldn't be impossible, it just wouldn't be a checkbox. Also, our Tag Manager is indeed always active as it is not collecting data by itself (so GDPR doesn't apply to it as it applies to Matomo, Google Analytics, etc.).
"At the same time, you have a cookie consent banner where the user can give consent for tracking If the user gives consent, then you want to enable heatmaps & session recordings Tag" -> Yes we do, we can easily create custom objectives within any consent manager, so we could use that to send a piece of code that would reactivate and re-evaluate the Heatmaps/Session recordings. I assume this would work similarly as declaring that Matomo requires consent : https://developer.matomo.org/guides/tracking-consent
"wouldn't it be better to implement this on a generic Tag configuration level, so that you have the freedom to turn on any tags before/after consent?" -> I was thinking of the configuration variable for Tag Manager users, just as the "require consent" option
"to enforce GDPR compliance across all users of the Matomo instance, should this consent requirement be located in the website wide configurations rather than inside the heatmap/recordings Tag configuration?" -> Note that the CNIL configuration guide for Matomo includes desactivating Heatmaps / Session recordings, so them being disabled by default would be a good point, although you then would need to have a specific pop-up for when there is no data for a heatmap / SR telling users that they need to check weither they reactivated the option or not. Still, it could be a pain point for users that do not want / do not need to ask for consent.
"if this lives in the website wide Tag configurations, where/how should we inform the user inside the Tag Manager that a Tag is only going to be fired off after having consent?" -> I assume it is unnecessary if the "require consent" option is not set by default, but indeed if it is set by default it becomes a whole topic. I am sorry I have no more ideas on this point.
If the "require consent" option for Heatmaps and Session recordings becomes a native option of Matomo, it would be a good thing to consider updating the CNIL x Matomo configuration guide (although I assume it is no simple task).
Note : at the moment we are trying to set a workaround based on https://developer.matomo.org/guides/heatmap-session-recording/reference. We would sent _paq.push(['HeatmapSessionRecording::disable']); as a fallback and _paq.push(['HeatmapSessionRecording::enable']); on consent, but this solution hasn't been tested yet and not all consent manager solutions have fallbacks (also we expect some issue related to the code not being send at the good timing).
Add a "Require consent for heatmaps and session recordings" checkbox within Tag Manager configuration variable (right under the "Require tracking consent" checkbox).
Summary
As you may know, CNIL configuration guide for a consent exempted use of Matomo requires to disable Heatmaps and Session recordings. Making it easier for Matomo Tag Manager users to ask consent for heatmaps and session recordings would be a great feature !
Note : at the moment, disabling heatmap / session recordings makes it impossible to ask user consent and also erases all historical data for them.
Your Environment