[strzibny]

> Fathom, Simple Analytics, and Plausible offer bare-bones pageview- and session statistics. Like Volument, they all focus on privacy so you don't need any cookie banners outside Europe.

I am not sure I follow. Why do you still need one in Europe? And besides I think you don't need one with your competitors [0]

[0] https://nts.strzibny.name/privacy-oriented-alternatives-to-g...

[tipiirai]

It's the local European laws. For example in Finland, where I live all analytics software must display a consent because the data is used for non-essential purposes. Applies to Volument and our competitors. More details on this doc, which is co-authored with a GDPR official:

https://volument.com/learn/data-privacy

[jakelazaroff]

GDPR differentiates between cookies and localStorage? I'm skeptical, but if so that's… a really surprising loophole.

[tipiirai]

It doesn't differentiate. GDPR is about identities and using them for non-essential purposes. It doesn't take a stance on the technologies in use. According to our lawyer GDPR law texts doesn't contain the word "cookie" anywhere.

Storing a user identifying random id to any permanent storage (cookie, localStorage, etag, Flash, you name it...) goes against GDPR.

[jakelazaroff]

Got it — the difference between Volument’s localStorage and GA’s cookie is the “identifying” aspect of the latter.

[tipiirai]

Exactly. GA uses identifying cookie so a consent is needed outside Europe too as per CCPA and others. Moreover you must explicitly ask for permission to identify the visitor and explain why you do it.