Tracking personal data or PII with Matomo

Did you know Matomo Analytics is one of the few platforms that allows you to securely track personal data or personally identifiable information (PII). 

Some organisations need to track it for legitimate reasons. Some don’t track it at all. While others may not know they’re tracking personal data/PII in the first place – which could put them at risk of not complying with privacy laws like GDPR, HIPAA, CCPA, LGPD, and PECR. (If you think you may be tracking personal data unknowingly, we’ll get into this further below.)

How come you can track personal data with Matomo but not Google Analytics?

If your data-sensitive company needs you to, then you’ll need to be aware not all analytics companies allow you to do this. For example, Google Analytics users are at a disadvantage here because you aren’t allowed to track any personal data or personally identifiable information (PII) at all, according to their Terms of Service.

The reason you can use Matomo Cloud or On-Premise (self-hosted) is because Matomo doesn’t track users across sites, and the data tracked isn’t used for “other purposes” – as is the case with Google Analytics. 

Depending on the personal data you’re tracking, you’ll need to configure Matomo to ensure you can track it in a compliant manner. You’ll also need tracking consent in this case.

web analytics cookies

What personal data can you track:

  • User IP addresses
  • User IDs
  • Custom Dimensions
  • Events
  • Page titles and URLs
  • Heatmaps & Session Recordings
  • Order IDs / Ecommerce
  • Site searches
  • Geolocation
  • Read more

You may be unaware you’re actually tracking personal data​

On the flipside, if you’re wanting to be cautious, we’d recommend you double checking if you’re tracking any personal data at all. 

Matomo users have been caught unawares and have unintentionally set their Matomo Analytics to track personal data. This could mean your platform is currently non-GDPR compliant. 

Take for example a Woocommerce shop. Once you purchase an order, the URL of the order confirmation page includes an Order ID, which represents personal data as it can be used to identify an individual. Unknowingly, personal data was tracked. 

Unsure what personal data is? Check this list of personal data examples.