As part of privacy legislation worldwide including GDPR and ePrivacy, it is often required to display a cookie banner informing users about cookies, or consent must be obtained before tracking visitors’ data.

However there is a solution available: you can use Matomo Analytics without needing consent and without a cookie banner, by following all the steps below.

Note: this applies if you use Matomo 3.13.6 or newer.

How to avoid cookie consent banner

To avoid the analytics cookie consent banner, activate cookieless analytics by disabling all analytics cookies in your JavaScript tracking code. Learn more about how disabling cookies impacts data accuracy.

You must also 1) easily let users opt-out and 2) mention Matomo in your Privacy Policy (see below).

How to avoid asking user for consent (including cookie consent)

To avoid having to ask your visitors for consent (including the analytics cookie consent banner), then you need to make sure you do not track any personal data at all.

Follow these steps:

  • Make sure you disabled analytics tracking cookies (see section above).
  • Make sure IP addresses are anonymised (2 or 3 bytes) because the full IP address is considered personal data.
  • Make sure your Page URLs and Page titles should not include personal data/PII (such as the visitor’s name).
  • Make sure your Page Referrers URLs do not include personal data (we’ll be soon working on a new feature for this).
  • If you use features like Custom Dimensions, Custom variables, Event tracking, make sure the data you collect does not include personal data/PII.
  • If you use features such as Session Recording or Heatmap, you need to ensure you ignore any personal data in the page so they are tracked (learn more about masking content).
  • If you use features such as Ecommerce tracking or User ID then you will likely need to ask for consent when these features are used. That’s because Ecommerce Order ID can be tied back to the customer, and User ID is often personal data/PII (even when replaced with a pseudonym).
  • Make sure the data collected in Matomo is used only for the audience measurement and evaluation of the website performance and not other purposes.
  • Make sure you are only tracking users on a single site and not tracking the same user across different websites.

All data you collect in Matomo without user consent should be anonymous.

Learn more details in our article about “How not to track personal data”

You must also 1) easily let users opt-out and 2) mention Matomo in your Privacy Policy (see below).

Let users opt-out

You must offer your users an easy way to opt-out from data collection, and include the opt-out iframe in a easy to access and visible page on your website, for example in your Privacy policy.

Mention analytics in your Privacy policy

Learn more about how to mention Matomo Analytics in your Privacy policy.