Simon Coulthard November 12, 2020
In 2020, controversies on the subject of personal data privacy rights reached new heights. It has been a year marked by historical landmarks in terms of court decisions on the matter, by several countries launching or preparing their own data privacy legislation, by the first heavy fines for breaching GDPR, and by an ever-increasing divide between the EU and the US in terms of data privacy.
If you haven’t been up-to-date on the latest developments, you should try to get all the relevant information as soon as possible. As a website owner, you are responsible for how the data of your visitors is collected and used, whether by the site itself or by the third-party services you use. And those third-party services include website analytics services.
You surely use some sort of tracking tool for your website traffic. Google Analytics is the most common tool in that category. But have you checked the data privacy agreement, terms and conditions and cookie policy of the app you are using to collect data about visitors?
In this article, we are going to explore a few privacy-compliant analytics options that are safe to use, but alway double check where the data server is located and where the company is incorporated. Keep in mind that the hosting service and all the other third-party tools you are using for data retention must also be privacy compliant in order to avoid any problems that might end up in lawsuits.
If you are an experienced website owner you probably know by now that the answer is no.
One of the most famous examples, Google Analytics is known to share user data with other third-party organizations such as advertisers. It monitors user activity including personal information and preferences for personalizing ads. Although, nowadays, they are making efforts in this direction, allowing their users to disable certain data collection and opt-out of advertising features. You can read more on this subject in one of our previous articles where we tackle GDPR compliance in analytics.
Google Analytics 4 Drawbacks. Why Should You Not Upgrade to GA4
When it comes to GDPR, analytics tools have several ways of becoming privacy compliant. The main thing to keep in mind is that you should not be able to trace back any personal data to any particular individual. Therefore, data should be treated in an aggregated form wherever possible, and where it is not possible, private data such as the IP must be anonymized. In the event that there is still be some data being collected, all visitors must consent to this prior to visiting the site.
Here is a list of settings and features, in no particular order, that analytics tools should provide for the user in order to be GDPR compliant:
Data anonymization
IP addresses anonymization
Provide DPA
Easy to access in-app GDPR information
Possibility for users to opt-out of tracking
Access the data collected at any time
Possibility to delete visitor data when requested
The data must not be sold/offered to any other third party
The data must be stored on European Union servers (see the Cloud Act)
Cookieless tracking (if the app uses cookies for tracking, consent from visitors must be obtained using a “cookie banner”)
TWIPLA has been a privacy-focused analytics tool ever since it was launched. The fact that it always keeps an eye out for data privacy changes happening globally and actively taking measures to stay up to date, has made it one of the top choices for website owners worldwide.
TWIPLA is a complex, but user-friendly platform that provides website owners with essential statistics. It has session replays, heatmaps, conversion funnels, and feedback features, with the user having full ownership of their website data.
TWIPLA uses an innovative method - cookieless tracking to provide more accurate, but most importantly, safer data.
The consentless tracking mode is another great setting you can enable, allowing the app to run in the background without you having to include it in your cookie banner. This will gather all the essential data excluding personal data (such as IPs and visitor history on your website).
The tool is GDPR, LGPD, and CCPA compliant, with servers in the European Union.
A free version is available with subscriptions going up to $29.04 per month depending on the volume of incoming traffic.
Mixpanel is an elaborate web and mobile analytics meant for experienced users. It has features such as A/B testing, data pipelines, forms, and other behavioral analytics. It works great for websites but its true value is more significant for SaaS owners and teams who want to get to know their customers/app users.
Although it uses cookies to track the use of your websites and mobile applications, this tool is privacy focused, being GDPR, LGPD, CCPA and HIPAA* (Health Insurance Portability and Accountability Act) compliant, and can be a great asset for testing and experimenting with different marketing approaches.
A free version is available, but you will have to contact their sales representatives in order to get an offer depending on your website’s incoming traffic.
*Note: This statement is from the Mixpanel website, but due to the 2018 CLOUD Act, compliance depends on where the the company hosting or storing the data is based. Any data stored or hosted on a server owned by an American company, no matter where the server is located, is no longer privacy compliant. For example, EU data hosted on Google servers or Google Cloud, would not be GDPR compliant, even if the data is hosted in the EU, because Google is an American company, giving US authorities the legal rights to access that data.
Fathom is yet another analytics platform that is GDPR, PECR, and CCPA compliant. If you choose this tool, you don’t need to add a cookie notice to your website, as Fathom doesn’t create a digital inventory and doesn’t keep track of the habits or browsing history of visitors.
Fathom is a tool for beginners who don’t need elaborate website statistics. Because it doesn’t store any personal data, it doesn’t provide any behavioral analytics, just the basic web statistics, and treats each visitor as a unique visitor.
Their team also hosts a weekly podcast about analytics, data, and privacy which you might want to check out.
Pricing starts at $14 and goes up to $74 per month.
Etracker focuses on web analytics and push notifications. It has plugins on some important website builders such as TYPO3, WordPress, Magento, and Shopware.
The Etracker Analytics tool provides basic website data (visitors, conversion rates, bounce rates, referrers) and also form analytics, using cookieless tracking. At first glance, the documentation on their website might seem a bit hard to follow, but all in all this tool is very much privacy focused and learning how to use this tool can be rewarding if you are willing to spend some time exploring it.
The price for Etracker starts at €19 and goes up to €199 per month.
Hotjar is a popular behavioral analytics tool that’s GDPR, CCPA, and LGPD compliant.*
The software provides real-time data and has easy to use visitor recordings, heatmaps, surveys, and feedback modules. It’s a good tool for getting insights about your audience without having to worry if the user data is secure.
All the user data collected by Hotjar is stored on EU servers and the company has its own Data Protection Officer (DPO) that ensures all the data collected respects the general data protection regulations, but keep in mind that the app uses cookies in order to determine the returning visitors.
A free plan is available, while subscriptions can be as pricey as €989 per month.
*Note: This statement is from the Hotjar website, but due to the 2018 CLOUD Act, compliance depends on where the the company hosting or storing the data is based. Any data stored or hosted on a server owned by an American company, no matter where the server is located, is no longer privacy compliant. For example, EU data hosted on Amazon Web Services or Amazon Virtual Cloud, would not be GDPR compliant, even if the data is hosted in the EU, because Amazon is an American company, giving US authorities the legal rights to access that data.
Matomo is one of the top website analytics platforms used worldwide. It is an open-source tool that provides web and mobile analytics along with user behavior features such as heatmaps, session recordings, and form analytics.
Matomo respects data privacy policies and gives its users full data ownership. It provides easy access to in-app documentation and information for website owners to be GDPR compliant in no time.
In the Matomo dashboard settings, you have the possibility to anonymize IPs and geolocation and even delete the data history whenever necessary.
A free version is available and subscriptions go up to €29 per month.
Gain World-Class Insights & Offer Innovative Privacy & Security