As part of privacy legislation worldwide including GDPR and ePrivacy, it is often required to display a cookie banner informing users about cookies, or consent must be obtained before tracking visitors’ data.
However there is a solution available: you can use Matomo Analytics without needing consent and without a cookie banner, by following all the steps below.
Note: this applies if you use Matomo 3.13.6 or newer.
How to avoid cookie consent banner
How to avoid asking user for consent (including cookie consent)
To avoid having to ask your visitors for consent (including the analytics cookie consent banner), then you need to make sure you do not track any personal data at all.
Follow these steps:
- Make sure you disabled analytics tracking cookies (see section above).
- Make sure IP addresses are anonymised (2 or 3 bytes) because the full IP address is considered personal data.
- Make sure your Page URLs and Page titles should not include personal data/PII (such as the visitor’s name).
- Make sure your Page Referrers URLs do not include personal data (we’ll be soon working on a new feature for this).
- If you use features like Custom Dimensions, Custom variables, Event tracking, make sure the data you collect does not include personal data/PII.
- If you use features such as Session Recording or Heatmap, you need to ensure you ignore any personal data in the page so they are tracked (learn more about masking content).
- If you use features such as Ecommerce tracking or User ID then you will likely need to ask for consent when these features are used. That’s because Ecommerce Order ID can be tied back to the customer, and User ID is often personal data/PII (even when replaced with a pseudonym).
- Make sure the data collected in Matomo is used only for the audience measurement and evaluation of the website performance and not other purposes.
- Make sure you are only tracking users on a single site and not tracking the same user across different websites.
All data you collect in Matomo without user consent should be anonymous.
Let users opt-out