[GordonS]

> For GDPR purposes you need a legal basis and "your legitimate interest" is one. You need to honestly assess - ideally write down - your determination of how your need to analyse website performance is balanced against the user's right to privacy

Come on, analytics,especially 3rd party analytics, is never considered a "legitimate interest". As if it was needed, this is spelled out explicitly in the ePrivacy directive and official EU opinion documents.

[ratherbefuddled]

Legitimate interest is a GDPR thing and you can indeed choose to share personal information under legitimate interest and you can do so for analytics. There are countless examples of privacy policies all over the web doing exactly that.

The ePrivacy directive is much more proscriptive about consent but applies only very narrowly - to cookies and similar technology.

Conflating GPDR and ePrivacy leads to much confusion, they are to all intents and purposes separate.