|
Tracking visits to articles can be done entirely server side, no need for consent there as long as you just increment the counter by one. If you store PII to do it (IP address) you will need consent. You don't need consent to store the IP in your server logs because that serves an undeniable legitimate interest for detecting abuse and diagnosing issues. However, you cannot use that information to generate statistics without consent. As others said, gather as little as possible, for as short as possible, with a simple explanation and you should be golden. Lazy implementations (slapping Matomo on a server and calling it a day) do not comply with "as little as possible", and limitations in your tech stack ("we use cloudflare so we HAVE to use a cloudflare cookie") don't count either; it has to be as little as possible for the functionality to work, not for your developers to be comfortable. Consult a professional for legal advice, but most websites don't strictly need consent popups. The advertisers do, and the marketeers want as much info as possible as well, but on a technical level, there's no need for most reasonable use cases to have a consent form. It all comes down to the bad decisions the website owners make. I think it's disgusting that tracking has become the standard and opting out needs to be something special only some people can choose to do. Your comparison works for self-hosted monitoring (though I doubt a business that loudly proclaims, in text and audio so blind people can enter as well, that it tracks your ever move will get much business). However, most websites use third party trackers, so the comparison becomes closer to your own personal entourage if men in trenchcoats, following you around and occasionally writing something about you down. |